Jump to content

explosivevenus

Honorary Members
  • Posts

    48
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I'm not sure, but is this the log you're referring to? RogueKiller V10.7.0.0 [May 25 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Tram [Administrator]Started from : C:\Users\Tram\Downloads\RogueKiller.exeMode : Delete -- Date : 05/31/2015 05:44:10 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 28 ¤¤¤[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll) -> Not selected[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> Not selected[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll) -> Not selected[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Not selected[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Not selected[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {95B7759C-8C7F-4BF1-B163-73684A933233} : -> Not selected[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [7] -> Not selected[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Windows\CurrentVersion\Run | ROC_ROC_APR2013_AV : C:\Users\Tram\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [-][x][x][x][x][x][x][x][x][x][x] -> Not selected[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Windows\CurrentVersion\Run | findutil : C:\Users\Tram\AppData\Local\Temp\cleafpmp.exe [x] -> Not selected[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Windows\CurrentVersion\Run | ROC_ROC_APR2013_AV : C:\Users\Tram\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [-][x][x][x][x][x][x][x][x][x][x] -> Not selected[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Windows\CurrentVersion\Run | findutil : C:\Users\Tram\AppData\Local\Temp\cleafpmp.exe [x] -> Not selected[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.5.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe) -> Not selected[suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\Tram\AppData\Local\Temp\aswMBR.sys) -> Not selected[suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Tram\AppData\Local\Temp\aswVmm.sys) -> Not selected[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.5.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe) -> Not selected[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\Tram\AppData\Local\Temp\aswMBR.sys) -> Not selected[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Tram\AppData\Local\Temp\aswVmm.sys) -> Not selected[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.5.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe) -> Not selected[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=1114tb&pr=fr&d=2014-02-1420:40:34&v=18.5.0.909&pid=safeguard&sg=0&sap=hp -> Not selected [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=1114tb&pr=fr&d=2014-02-1420:40:34&v=18.5.0.909&pid=safeguard&sg=0&sap=hp -> Not selected [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected ¤¤¤ Tasks : 4 ¤¤¤[suspicious.Path] 1214tbUpdateInfo.job -- C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exe ( /SETINFO /CMPID=1214tb /INFORETRY=3) -> Not selected[suspicious.Path] ROC_REG_JAN_DELETE.job -- C:\ProgramData\AVG January 2013 Campaign\ROC.exe (/DELETE_FROM_SYSTEM=1) -> Not selected[suspicious.Path] \\1214tbUpdateInfo -- C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exe (/SETINFO /CMPID=1214tb /INFORETRY=3) -> Not selected[suspicious.Path] \\ROC_REG_JAN_DELETE -- C:\ProgramData\AVG January 2013 Campaign\ROC.exe (/DELETE_FROM_SYSTEM=1) -> Not selected ¤¤¤ Files : 6 ¤¤¤[ZeroAccess][File] @ -- C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\@ -> Deleted[ZeroAccess][Folder] L -- C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\L -> Deleted[ZeroAccess][Folder] U -- C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U -> Deleted[ZeroAccess][File] 00000001.@ -- C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U\00000001.@ -> Deleted[ZeroAccess][File] 00000002.@ -- C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U\00000002.@ -> Deleted[ZeroAccess][File] @ -- C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\@ -> Deleted[ZeroAccess][Folder] L -- C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\L -> Deleted[ZeroAccess][Folder] U -- C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U -> Deleted ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤[PUP][FIREFX:Addon] zr57sjdz.default : AVG SafeGuard toolbar [avg@toolbar] -> Not selected ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST3750528AS ATA Device +++++--- User ---[MBR] 4488036e1ff2fae6506ec9cb73052816[bSP] a30e87312d9c00bf87853951eb50c640 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 715402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Multiple Flash Reader USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) ============================================RKreport_SCN_05302015_093541.log - RKreport_SCN_05312015_053002.log
  2. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015 Ran by Tram (administrator) on TRAM-PC on 31-05-2015 05:47:04 Running from C:\Users\Tram\Desktop Loaded Profiles: Tram (Available Profiles: Tram & MYOB_SERVICE & Safety & Safe Account) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files\Webroot\WRSA.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Spotify Ltd) C:\Users\Tram\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe (Dropbox, Inc.) C:\Users\Tram\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-13] () HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-14] (Webroot) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2011-01-05] (AOL Inc.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [spotify Web Helper] => C:\Users\Tram\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-21] (Spotify Ltd) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-09-10] (Apple Inc.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59280 2012-09-05] (Apple Inc.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [0CE1844678CFAEA274A5E51B50744957A3304F78._service_run] => C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Tram\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters). HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [Google Update] => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [findutil] => C:\Users\Tram\AppData\Local\Temp\cleafpmp.exe <===== ATTENTION HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [spotify] => C:\Users\Tram\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-21] (Spotify Ltd) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-05-03] (Adobe Systems Incorporated) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\MountPoints2: {3640f7ea-9a72-11e1-8cb9-00262d133777} - G:\LaunchU3.exe -a HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 Startup: C:\Users\Tram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-06-01] ShortcutTarget: Dropbox.lnk -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=1114tb&pr=fr&d=2014-02-1420:40:34&v=18.5.0.909&pid=safeguard&sg=0&sap=hp SearchScopes: HKU\S-1-5-21-1794019613-805196587-2382130379-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1794019613-805196587-2382130379-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-1420:40:34&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms} BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2012-10-15] (AVG Technologies CZ, s.r.o.) BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [2012-10-15] (AVG Technologies CZ, s.r.o.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-02-26] (Webroot) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated) BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2012-10-15] (AVG Technologies CZ, s.r.o.) BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [2012-10-15] (AVG Technologies CZ, s.r.o.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll [2015-05-13] (AVG Secure Search) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-02-26] (Webroot) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-03-09] (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll [2015-05-13] (AVG Secure Search) DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll [2012-03-27] (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll [2012-03-27] (AVG Technologies CZ, s.r.o.) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-13] (AVG Secure Search) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Tram\AppData\Roaming\Mozilla\Firefox\Profiles\zr57sjdz.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-03] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-03] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-03-09] (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File FF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.) FF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.) FF Extension: Greasemonkey - C:\Users\Tram\AppData\Roaming\Mozilla\Firefox\Profiles\zr57sjdz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-05-26] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-05-13] FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-14] FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-05-13] FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-07-27] Chrome: ======= CHR Profile: C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bookmark Manager) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-22] CHR Extension: (Webroot Filtering Extension) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-12-21] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-22] CHR Extension: (Google Wallet) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21] CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26] CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.32.crx [2014-07-27] CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20] CHR HKLM-x32\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\Tram\AppData\Local\Temp\ccex.crx [Not Found] StartMenuInternet: Google Chrome - C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321520 2012-03-23] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG) S2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-13] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-14] (Webroot) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.) R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.) R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2014-11-04] (AVG Technologies CZ, s.r.o.) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-31] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-14] (Webroot) S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-02-26] (Webroot) U3 aswMBR; C:\Users\Tram\AppData\Local\Temp\aswMBR.sys [62728 2015-05-30] () [] U0 SR; No ImagePath U2 srservice; No ImagePath U3 aswVmm; \??\C:\Users\Tram\AppData\Local\Temp\aswVmm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-31 05:30 - 2015-05-31 05:30 - 00000000 ____D () C:\Users\Tram\AppData\Local\Macromedia 2015-05-30 10:53 - 2015-05-30 10:53 - 00002008 _____ () C:\Users\Tram\Desktop\aswMBR.txt 2015-05-30 10:53 - 2015-05-30 10:53 - 00000512 _____ () C:\Users\Tram\Desktop\MBR.dat 2015-05-30 10:21 - 2015-05-30 10:21 - 05200384 _____ (AVAST Software) C:\Users\Tram\Downloads\aswmbr (1).exe 2015-05-30 10:20 - 2015-05-30 10:20 - 05200384 _____ (AVAST Software) C:\Users\Tram\Downloads\aswmbr.exe 2015-05-30 08:57 - 2015-05-31 04:49 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-05-30 08:57 - 2015-05-30 10:27 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-05-30 08:57 - 2015-05-30 08:57 - 17023576 _____ () C:\Users\Tram\Downloads\RogueKiller.exe 2015-05-30 08:56 - 2015-05-30 08:56 - 00001077 _____ () C:\Users\Tram\Desktop\2015-05-30 MBAM Scan.txt 2015-05-30 08:43 - 2015-05-30 08:43 - 00001090 _____ () C:\Users\Tram\Desktop\Malware Bytes Threat Scan Results.txt 2015-05-30 06:58 - 2015-05-30 08:54 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-30 06:57 - 2015-05-30 08:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-30 06:57 - 2015-05-30 06:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-30 06:57 - 2015-05-30 06:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-30 06:57 - 2015-05-30 06:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-30 06:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-30 06:57 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-30 06:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-30 06:56 - 2015-05-30 06:56 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tram\Downloads\mbam-setup-2.1.6.1022 (1).exe 2015-05-30 05:48 - 2015-05-30 05:48 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Tram\Downloads\mbam-clean-2.1.1.1001.exe 2015-05-30 05:42 - 2015-05-30 05:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tram\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-30 05:37 - 2015-05-30 05:37 - 00013772 _____ () C:\FixitRegBackup.reg 2015-05-30 05:23 - 2015-05-30 05:23 - 00806400 _____ () C:\Users\Tram\Downloads\MicrosoftFixit50692.msi 2015-05-26 12:25 - 2015-05-26 12:25 - 00000000 ____D () C:\Windows\Microsoft Antimalware 2015-05-26 04:48 - 2015-05-26 04:49 - 00038032 _____ () C:\Users\Tram\Desktop\Addition.txt 2015-05-26 04:46 - 2015-05-31 05:48 - 00032295 _____ () C:\Users\Tram\Desktop\FRST.txt 2015-05-26 04:45 - 2015-05-26 04:45 - 02108928 _____ (Farbar) C:\Users\Tram\Downloads\FRST64.exe 2015-05-26 04:45 - 2015-05-26 04:45 - 02108928 _____ (Farbar) C:\Users\Tram\Desktop\FRST64.exe 2015-05-26 01:33 - 2015-05-26 01:33 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Mozilla 2015-05-26 01:33 - 2015-05-26 01:33 - 00000000 ____D () C:\Users\Tram\AppData\Local\Mozilla 2015-05-26 01:32 - 2015-05-26 01:32 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-26 01:32 - 2015-05-26 01:32 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-26 01:32 - 2015-05-26 01:32 - 00000000 ____D () C:\ProgramData\Mozilla 2015-05-26 01:32 - 2015-05-26 01:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-26 01:32 - 2015-05-26 01:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-25 22:14 - 2015-05-25 22:15 - 00243344 _____ () C:\Users\Tram\Downloads\Firefox Setup Stub 38.0.1.exe 2015-05-25 20:38 - 2015-05-25 20:38 - 00017913 _____ () C:\Users\Tram\Downloads\Zaynab Adyro and 94 others (1).vcf 2015-05-25 20:37 - 2015-05-25 20:37 - 00017913 _____ () C:\Users\Tram\Downloads\Zaynab Adyro and 94 others.vcf 2015-05-25 00:14 - 2015-05-25 00:17 - 00000000 ____D () C:\Users\Tram\Desktop\Picture test 2015-05-24 20:39 - 2015-05-24 20:39 - 00001070 _____ () C:\Users\Tram\Desktop\Pictures - Shortcut.lnk 2015-05-24 17:35 - 2015-05-24 17:35 - 00001686 _____ () C:\Users\Tram\Desktop\Backup - Shortcut.lnk 2015-05-23 00:11 - 2015-05-23 00:12 - 00000000 ____D () C:\Users\Tram\Desktop\Career 2015-05-22 23:06 - 2015-05-22 23:06 - 00001334 _____ () C:\Users\Public\Desktop\iBackupBot for iTunes.lnk 2015-05-22 23:06 - 2015-05-22 23:06 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\VOWSoft 2015-05-22 23:06 - 2015-05-22 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOWSoft iPod Software 2015-05-22 23:06 - 2015-05-22 23:06 - 00000000 ____D () C:\Program Files (x86)\VOWSoft iPod Software 2015-05-22 22:23 - 2015-05-23 00:31 - 00000000 ____D () C:\Users\Tram\Desktop\School 2015-05-22 21:55 - 2015-05-23 00:31 - 00000000 ____D () C:\Users\Tram\Desktop\resumes 2015-05-22 21:32 - 2015-05-23 00:37 - 00000000 ____D () C:\Users\Tram\Desktop\Temporary Holding Place 2015-05-22 21:26 - 2015-05-22 21:26 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-05-22 21:26 - 2015-05-22 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-05-22 21:24 - 2015-05-22 21:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-05-22 21:24 - 2015-05-22 21:26 - 00000000 ____D () C:\Program Files\iTunes 2015-05-22 21:24 - 2015-05-22 21:24 - 00000000 ____D () C:\Program Files\iPod 2015-05-22 21:24 - 2015-05-22 21:24 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-05-22 21:19 - 2015-05-22 21:19 - 00000066 _____ () C:\Users\Tram\AppData\Roaming\mbam.context.scan 2015-05-22 21:15 - 2015-05-22 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-05-22 21:14 - 2015-05-22 21:15 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-05-15 17:05 - 2015-05-15 17:20 - 00000000 ____D () C:\Users\Safe Account\AppData\Local\Microsoft Games 2015-05-03 23:47 - 2015-05-03 23:47 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-31 05:47 - 2015-02-18 01:34 - 00000000 ____D () C:\FRST 2015-05-31 05:44 - 2012-01-11 21:49 - 00000000 __SHD () C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66} 2015-05-31 05:29 - 2012-05-31 15:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-31 05:21 - 2014-11-13 03:06 - 00061546 _____ () C:\Windows\WindowsUpdate.log 2015-05-31 01:49 - 2014-07-27 22:48 - 00000000 ____D () C:\ProgramData\WRData 2015-05-31 00:20 - 2011-01-21 10:31 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core.job 2015-05-30 08:54 - 2009-07-14 00:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-30 08:54 - 2009-07-14 00:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-30 08:49 - 2013-05-09 14:38 - 00000000 ___RD () C:\Users\Tram\Dropbox 2015-05-30 08:49 - 2013-05-09 14:29 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Dropbox 2015-05-30 08:49 - 2012-06-27 11:35 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Spotify 2015-05-30 08:46 - 2014-07-27 23:14 - 00174668 _____ () C:\Windows\PFRO.log 2015-05-30 08:46 - 2014-07-27 23:14 - 00003380 _____ () C:\Windows\setupact.log 2015-05-30 08:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-30 08:42 - 2014-11-11 09:21 - 00000000 ____D () C:\ProgramData\APN 2015-05-30 05:21 - 2009-01-21 10:19 - 00000000 ____D () C:\Windows\system32\Drivers\AVG 2015-05-30 05:17 - 2011-01-21 16:29 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0A3BEFE-7294-45F6-826D-B47E57244E79} 2015-05-30 01:14 - 2009-01-21 10:15 - 00000000 ____D () C:\ProgramData\MFAData 2015-05-26 06:23 - 2011-01-28 13:14 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\uTorrent 2015-05-23 00:31 - 2012-09-18 09:23 - 00000000 ____D () C:\Users\Tram\Documents\Outlook Files 2015-05-23 00:18 - 2012-11-10 20:44 - 00000000 ____D () C:\Users\Tram\AppData\Local\97F8B183-8009-42A4-ADC5-F7E9AB1DB17F.aplzod 2015-05-22 23:15 - 2011-01-28 13:07 - 00000000 ____D () C:\Users\Tram\AppData\Local\Apple Computer 2015-05-22 23:08 - 2012-03-16 08:49 - 00000000 ____D () C:\Program Files (x86)\Conduit 2015-05-22 22:24 - 2011-04-10 16:19 - 00000000 ____D () C:\ProgramData\TEMP 2015-05-22 21:24 - 2015-02-27 07:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2015-05-22 21:24 - 2011-01-28 13:05 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-05-22 21:08 - 2011-01-21 10:31 - 00000000 ____D () C:\Users\Tram\AppData\Local\Google 2015-05-22 21:01 - 2012-05-31 15:03 - 00000000 ____D () C:\Program Files (x86)\DivX 2015-05-22 20:59 - 2012-05-31 15:04 - 00000000 ____D () C:\Program Files\DivX 2015-05-22 20:59 - 2012-05-31 13:12 - 00000000 ____D () C:\ProgramData\DivX 2015-05-22 20:32 - 2009-07-14 01:13 - 00782632 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-22 20:26 - 2011-04-18 01:24 - 00000000 ____D () C:\Program Files (x86)\RealArcade 2015-05-22 20:13 - 2013-05-09 14:38 - 00001017 _____ () C:\Users\Tram\Desktop\Dropbox.lnk 2015-05-22 20:13 - 2013-05-09 14:34 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-22 20:12 - 2011-01-21 10:31 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA 2015-05-22 20:12 - 2011-01-21 10:31 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core 2015-05-22 20:12 - 2011-01-21 10:31 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA.job 2015-05-22 20:07 - 2015-02-23 22:42 - 00000000 ____D () C:\Users\Safety.Tram-PC\AppData\Roaming\Apple Computer 2015-05-15 17:07 - 2011-11-18 05:28 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk 2015-05-14 23:42 - 2014-07-27 22:48 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2015-05-14 23:42 - 2014-07-27 22:48 - 00116224 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2015-05-14 23:42 - 2014-07-27 22:48 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll 2015-05-13 23:48 - 2014-11-11 08:43 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar 2015-05-03 23:48 - 2012-05-31 15:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-03 23:48 - 2012-05-31 15:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-03 23:48 - 2012-03-25 07:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-03 21:02 - 2014-07-27 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere 2015-05-03 21:02 - 2014-07-27 22:48 - 00000000 ____D () C:\Program Files\Webroot 2015-05-03 21:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration 2015-05-03 17:15 - 2015-02-23 22:41 - 00000000 ____D () C:\Users\Safety.Tram-PC 2015-05-03 17:15 - 2015-01-03 07:21 - 00000000 ____D () C:\Users\Safe Account 2015-05-03 17:15 - 2011-12-05 03:58 - 00000000 ____D () C:\Users\MYOB_SERVICE 2015-05-03 17:15 - 2009-01-21 10:10 - 00000000 ____D () C:\Users\Tram ==================== Files in the root of some directories ======= 2015-05-22 21:19 - 2015-05-22 21:19 - 0000066 _____ () C:\Users\Tram\AppData\Roaming\mbam.context.scan Some files in TEMP: ==================== C:\Users\Tram\AppData\Local\Temp\dllnt_dump.dll C:\Users\Tram\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkq8id.dll C:\Users\Tram\AppData\Local\Temp\utt1076.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-30 11:41 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015 Ran by Tram at 2015-05-31 05:49:07 Running from C:\Users\Tram\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1794019613-805196587-2382130379-500 - Administrator - Disabled) Guest (S-1-5-21-1794019613-805196587-2382130379-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1794019613-805196587-2382130379-1002 - Limited - Enabled) MYOB_SERVICE (S-1-5-21-1794019613-805196587-2382130379-1003 - Administrator - Enabled) => C:\Users\MYOB_SERVICE Safe Account (S-1-5-21-1794019613-805196587-2382130379-1005 - Limited - Enabled) => C:\Users\Safe Account Safety (S-1-5-21-1794019613-805196587-2382130379-1004 - Administrator - Enabled) => C:\Users\Safety.Tram-PC Tram (S-1-5-21-1794019613-805196587-2382130379-1000 - Administrator - Enabled) => C:\Users\Tram ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109} AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Microsoft Security Essentials (Disabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Disabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B} FW: AVG Internet Security 2012 (Disabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.) AIM 7 (HKLM-x32\...\AIM_7) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2250 - AVG Technologies) AVG 2012 (Version: 12.0.2171 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2176 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2178 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2180 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2193 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2195 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.4311 - AVG Technologies) Hidden AVG 2012 (Version: 12.1.2238 - AVG Technologies) Hidden AVG 2012 (Version: 12.1.2240 - AVG Technologies) Hidden AVG 2012 (Version: 12.1.2241 - AVG Technologies) Hidden AVG 2012 (Version: 12.1.2242 - AVG Technologies) Hidden AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden AVG 2012 (Version: 12.1.2249 - AVG Technologies) Hidden AVG 2012 (Version: 12.1.2250 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 12.0.4000.108 - AVG Technologies) AVG PC TuneUp (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.5.0.909 - AVG Technologies) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION Dropbox (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) Google Chrome (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) iBackupBot 5.2.9 (HKLM-x32\...\iBackupBot) (Version: 5.2.9 - VOWSoft, Ltd.) iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Java 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation) Microsoft Sync Framework 2.1 Database Providers (x86) ENU (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Soap Opera Dash (HKLM-x32\...\am-soapoperadashtm) (Version: - ) Spotify (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.8.88 - Webroot) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 13-03-2015 16:19:22 Scheduled Checkpoint 30-03-2015 01:15:59 Scheduled Checkpoint 22-05-2015 20:24:32 Removed Sophos Virus Removal Tool. 22-05-2015 21:06:45 Removed Google Talk Plugin 22-05-2015 23:07:28 Software Removal Tool 30-05-2015 05:24:28 Installed Microsoft Fix it 50692 ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {066BC962-0245-4505-827D-998E976AAFF5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2012-09-05] () Task: {14AD62C8-DA11-4A44-BFFA-E7F44AE02CE9} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe Task: {280B3525-CF16-46A5-9229-1979EF3708DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {2D27ECB1-4363-4426-89A8-1FC2407FDFF9} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2012-08-23] (AVG) Task: {387B5FB2-D72F-4503-BDD3-00E16C309A50} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exe [2015-02-10] () Task: {475D6A7A-AF78-498C-99D2-0269E2BC539D} - System32\Tasks\{EE5CE790-E59E-439B-80C8-F3CE7334F185} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C53917E5-789F-4BF0-91EE-F5BF29560122}\setup.exe" -c -runfromtemp -l0x0409 -removeonly Task: {4FCED888-7D9C-49F5-97D2-1C25C58E4D46} - System32\Tasks\{BB0CAD62-C215-4845-86E9-AB365D132A55} => pcalua.exe -a "C:\Users\Tram\Downloads\Shockwave_Installer_Slim (1).exe" -d C:\Users\Tram\Downloads Task: {538D5536-A14D-4692-B05A-6935746B36AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7F6F2757-3EB8-4381-9F4C-FA376A1A27B9} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29] (Sun Microsystems, Inc.) Task: {82BA4197-1C79-4272-97A8-78556E7EA30D} - System32\Tasks\Google Updater and Installer => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {97DAAABD-FA5A-4BE4-89CB-D067622107CA} - System32\Tasks\{5782725F-5E45-47E6-BCEB-D2C23B1444DE} => pcalua.exe -a "C:\Users\Tram\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HEDHQDG\ChromeSetup[1].exe" -d C:\Users\Tram\Desktop Task: {A0B9338E-8F93-4999-9199-CA34070A1299} - System32\Tasks\Open Chrome => Chrome.exe --new-window Task: {C324DA00-33C6-4FEC-ABF9-7AAF297C725E} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {CE30A808-53E4-400F-82D5-19ECBFCB36C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {D6C83F1D-3037-4311-934F-C61885169F63} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10] (Adobe Systems Incorporated) Task: {DA7C7B74-6A4E-4D1C-BE74-CAB1E36159F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-03] (Adobe Systems Incorporated) Task: {E3CBC4AB-80B8-4B19-82C7-AC49DDE5189F} - System32\Tasks\{22BCF16A-1CC3-4655-874F-8425AA9993EE} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -c "C:\Program Files (x86)\RealArcade\Installer\installerMain.clf" "C:\Program Files (x86)\RealArcade\Installer\uninstall\am-soapoperadashtm.rguninst" "AddRemove" Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core.job => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA.job => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Open Chrome.job => C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe--new-window%Tram Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe 2014-11-11 08:43 - 2015-05-13 23:48 - 02510784 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe 2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe 2009-04-09 19:04 - 2009-04-09 19:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll 2009-03-03 18:17 - 2009-03-03 18:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll 2009-04-22 17:53 - 2009-04-22 17:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll 2009-03-03 18:17 - 2009-03-03 18:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll 2009-03-03 18:17 - 2009-03-03 18:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll 2009-03-03 18:17 - 2009-03-03 18:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll 2011-01-12 21:55 - 2011-01-12 21:55 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll 2009-03-03 18:17 - 2009-03-03 18:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll 2009-03-03 18:17 - 2009-03-03 18:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll 2011-01-12 21:57 - 2011-01-12 21:57 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll 2009-03-03 18:18 - 2009-03-03 18:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll 2009-03-03 18:18 - 2009-03-03 18:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll 2009-03-03 18:18 - 2009-03-03 18:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll 2015-05-30 08:48 - 2015-05-30 08:48 - 00043008 _____ () c:\users\tram\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkq8id.dll 2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-05-13 23:49 - 2015-05-13 23:48 - 00526784 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\log4cplusU.dll 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2015-05-25 17:25 - 2015-05-22 16:22 - 01281864 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-05-25 17:25 - 2015-05-22 16:22 - 00080712 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\43.0.2357.81\libegl.dll 2015-05-25 17:25 - 2015-05-22 16:22 - 14982472 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:31A07C00 AlternateDataStreams: C:\ProgramData\TEMP:3AE22B1A AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION! ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\100sexlinks.com -> 100sexlinks.com There are 4929 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tram\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{ED369085-D436-42E7-9625-0A9C14553C04}C:\program files (x86)\logitech\vid hd\vid.exe] => (Block) C:\program files (x86)\logitech\vid hd\vid.exe FirewallRules: [uDP Query User{A497BACF-0739-42AB-AA7C-DC36DFCB443F}C:\program files (x86)\logitech\vid hd\vid.exe] => (Block) C:\program files (x86)\logitech\vid hd\vid.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (05/30/2015 04:12:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 17925 Error: (05/30/2015 04:12:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 17925 Error: (05/30/2015 04:12:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/30/2015 04:12:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 16926 Error: (05/30/2015 04:12:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 16926 Error: (05/30/2015 04:12:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/30/2015 04:12:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15928 Error: (05/30/2015 04:12:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15928 Error: (05/30/2015 04:12:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/30/2015 04:12:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14914 System errors: ============= Error: (05/31/2015 05:20:51 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/31/2015 04:50:52 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/31/2015 04:49:45 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (05/31/2015 04:20:51 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/31/2015 03:50:51 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/31/2015 03:20:56 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/31/2015 02:50:49 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/31/2015 02:20:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/31/2015 01:50:50 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/31/2015 01:20:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Microsoft Office: ========================= Error: (05/30/2015 04:12:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 17925 Error: (05/30/2015 04:12:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 17925 Error: (05/30/2015 04:12:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/30/2015 04:12:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 16926 Error: (05/30/2015 04:12:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 16926 Error: (05/30/2015 04:12:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/30/2015 04:12:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15928 Error: (05/30/2015 04:12:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15928 Error: (05/30/2015 04:12:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/30/2015 04:12:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14914 CodeIntegrity Errors: =================================== Date: 2015-05-30 08:46:58.099 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 08:46:58.053 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 08:45:53.825 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 08:45:53.778 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 05:51:01.169 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 05:51:01.107 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 05:50:08.140 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 05:50:08.078 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 00:38:21.299 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 00:38:21.253 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz Percentage of memory in use: 87% Total physical RAM: 4029.18 MB Available physical RAM: 487.37 MB Total Pagefile: 8056.54 MB Available Pagefile: 3971.62 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:698.64 GB) (Free:402.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (WDO_Media64) (CDROM) (Total:0.32 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CB5BD2B2) Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== End of log ============================
  3. OK. Here are the logs! Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 5/30/2015Scan Time: 6:58:13 AMLogfile: 2015-05-30 MBAM Scan.txtAdministrator: Yes Version: 2.01.6.1022Malware Database: v2015.05.30.01Rootkit Database: v2015.05.24.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Tram Scan Type: Threat ScanResult: CompletedObjects Scanned: 595905Time Elapsed: 1 hr, 30 min, 1 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) RogueKiller V10.7.0.0 [May 25 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Tram [Administrator]Started from : C:\Users\Tram\Downloads\RogueKiller.exeMode : Scan -- Date : 05/30/2015 09:35:41 ¤¤¤ Processes : 1 ¤¤¤[PUP] (SVC) vToolbarUpdater18.5.0 -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe[7] -> Stopped ¤¤¤ Registry : 24 ¤¤¤[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll) -> Found[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll) -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {95B7759C-8C7F-4BF1-B163-73684A933233} : -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [7] -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Windows\CurrentVersion\Run | ROC_ROC_APR2013_AV : C:\Users\Tram\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [-][x][x][x][x][x][x][x][x][x][x] -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Windows\CurrentVersion\Run | findutil : C:\Users\Tram\AppData\Local\Temp\cleafpmp.exe [x] -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Windows\CurrentVersion\Run | ROC_ROC_APR2013_AV : C:\Users\Tram\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [-][x][x][x][x][x][x][x][x][x][x] -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Windows\CurrentVersion\Run | findutil : C:\Users\Tram\AppData\Local\Temp\cleafpmp.exe [x] -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.5.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.5.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.5.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe) -> Found[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=1114tb&pr=fr&d=2014-02-1420:40:34&v=18.5.0.909&pid=safeguard&sg=0&sap=hp -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=1114tb&pr=fr&d=2014-02-1420:40:34&v=18.5.0.909&pid=safeguard&sg=0&sap=hp -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 4 ¤¤¤[suspicious.Path] 1214tbUpdateInfo.job -- C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exe ( /SETINFO /CMPID=1214tb /INFORETRY=3) -> Found[suspicious.Path] ROC_REG_JAN_DELETE.job -- C:\ProgramData\AVG January 2013 Campaign\ROC.exe (/DELETE_FROM_SYSTEM=1) -> Found[suspicious.Path] \\1214tbUpdateInfo -- C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exe (/SETINFO /CMPID=1214tb /INFORETRY=3) -> Found[suspicious.Path] \\ROC_REG_JAN_DELETE -- C:\ProgramData\AVG January 2013 Campaign\ROC.exe (/DELETE_FROM_SYSTEM=1) -> Found ¤¤¤ Files : 6 ¤¤¤[ZeroAccess][File] @ -- C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\@ -> Found[ZeroAccess][Folder] L -- C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\L -> Found[ZeroAccess][Folder] U -- C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U -> Found[ZeroAccess][File] @ -- C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\@ -> Found[ZeroAccess][Folder] L -- C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\L -> Found[ZeroAccess][Folder] U -- C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U -> Found ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ aswMBR version 1.0.1.2290 Copyright© 2014 AVAST SoftwareRun date: 2015-05-30 10:21:28-----------------------------10:21:28.611 OS Version: Windows x64 6.1.7601 Service Pack 110:21:28.611 Number of processors: 4 586 0x170A10:21:28.612 ComputerName: TRAM-PC UserName: Tram10:21:31.897 Initialize success10:21:32.265 VM: initialized successfully10:21:32.267 VM: Intel CPU supported 10:22:03.031 VM: supported disk I/O ataport.SYS10:23:30.363 AVAST engine defs: 1505300010:24:01.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-310:24:01.363 Disk 0 Vendor: Size: 0MB BusType: 010:24:01.366 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007410:24:01.370 Disk 1 Vendor: Size: 0MB BusType: 010:24:01.374 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007510:24:01.377 Disk 2 Vendor: Size: 0MB BusType: 010:24:01.488 VM: Disk 0 MBR read successfully10:24:01.493 Disk 0 MBR scan10:24:01.500 Disk 0 Windows 7 default MBR code10:24:01.504 Disk 0 MBR hidden10:24:01.510 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 6310:24:01.519 Disk 0 default boot code10:24:01.551 Disk 0 scanning C:\Windows\system32\drivers10:24:15.216 Service scanning10:24:43.644 Modules scanning10:24:43.646 Disk 0 trace - called modules:10:24:43.686 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 10:24:43.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004da5060]10:24:43.697 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004b39060]10:24:43.703 AVAST engine scan 10:24:43.709 Disk 0 statistics 92924/0/14 @ 5.85 MB/s10:24:43.714 Scan finished successfully10:53:51.008 Disk 0 MBR has been saved successfully to "C:\Users\Tram\Desktop\MBR.dat"10:53:51.015 The log file has been saved successfully to "C:\Users\Tram\Desktop\aswMBR.txt"
  4. Hi Kevin, I was going to reply back with logs this time....The Windows Defender scan resumed after 8 hours a few days ago, and I just let it continue scanning. I thought I would be able to post logs by tomorrow, but someone came into my room, and I think bumped into the power plug, and caused the computer to restart, and all the progress made with the scan to be gone. I'm not sure if it was this, or if the computer restarted itself. At this point the scan seemed to be about 80% done. Sorry for this headache, but would you prefer I just rerun the scan now I know scan will actually run to completion, or go ahead with the second set of instructions you gave me? I also read somewhere that I could speed up the scan by defragmenting my disk first, and removing the antivirus programs. if that helps....
  5. No it didn't. But there is a message on the bottom of the full scan screen, that says this, "Preliminary scan results show that malicious or potentially unwanted software might exist on your system. You can review detected items when the scan has completed." I decided to run the scans from scratch all over again, but disconnected the internet before I had the machine boot up again. The full scan seems to stall in the same place, in the middle, although it got a tiny bit farther by scanning about 40 more files before stalling. I attached a screenshot. I'm not sure if that helps and I'll leave the computer like this for a few more hours.
  6. The scan seems to have stalled halfway, is this normal? I think it's been at the same point for an hour.
  7. Hi Kevin, Thanks for getting back so quickly. I used my laptop to create a CD with the Windows Defender Offline tool files. My laptop, as far as I know, should not be infected, but maybe that's something we can make sure of later? A full scan is now running on the desktop. I think it will another 3-4 hours, and will post the logs up as soon as I can. Thanks again.
  8. I started to get help on fixing my computer a few months ago, but had to stop short because of a problem with getting the desktop to bootup from the flash drive. I'd like to try again to try and clean up what's possible, and in the end reassess if I should get rid of the computer altogether down the line. Here was the original post. "Hi, Please help if you can. I have a computer that's been in my family for a few years now, but hasn't been used a lot lately since it seems infected with a few different viruses, and a reoccurring trojan that pops up after the anti-malware and antivirus applications are ran. The computer is a bit slow. If this computer can be saved, please let me know, and I'd also appreciate knowing how severe any viruses are that may have popped up. " Newer logs have been attached since they were a bit too long for this post. Thanks for taking the time to help me sort through this. FRST.txt Addition.txt
  9. Hi Adam, Could you give me another day or two? I'm still having trouble with the scan, and need a little more time to check on a couple things regarding the desktop. Thanks!
  10. I seem to be getting only incomplete logs that look like this: Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01 Ran by Tram at 2015-02-19 18:10:24 Running from C:\Users\Tram\Desktop Boot Mode: Normal ================== Search Files: "services.exe" =============
  11. Hi Adam, If it's okay with you, then I'd like to clean the machine first, and rethink things later. And you can call me Alex . I've been running the Frst64.exe, but was wondering if the scan is supposed to take so long? It's been a few hours...
  12. Hi, It might take me some time to weigh my options. I was wondering if in the end, I decide to re-install, is it worth backing up my data, or is there a chance files and programs have been infected also? Would I just have to let everything go? Thank you.
  13. Hi, Please help if you can. I have a computer that's been in my family for a few years now, but hasn't been used a lot lately since it seems infected with a few different viruses, and a reoccuring trojan that pops up after the anti-malware and antivirus applications are ran. The computer is a bit slow. If this computer can be saved, please let me know, and I'd also appreciate knowing how severe any viruses are that may have popped up. Thank you! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015Ran by Tram (administrator) on TRAM-PC on 18-02-2015 00:35:37Running from C:\Users\Tram\DownloadsLoaded Profiles: Tram & MYOB_SERVICE & Safe Account (Available profiles: Tram & MYOB_SERVICE & Safety & Safe Account)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe(AMD) C:\Windows\System32\atiesrxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Webroot) C:\Program Files\Webroot\WRSA.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(AMD) C:\Windows\System32\atieclxx.exe(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe(Webroot) C:\Program Files\Webroot\WRSA.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe(Spotify Ltd) C:\Users\Tram\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe(Dropbox, Inc.) C:\Users\Tram\AppData\Roaming\Dropbox\bin\Dropbox.exe() C:\Users\Tram\AppData\Local\Google\Update\Install\{C7E5920E-4300-435B-BE4F-4E400CA36ED5}\40.0.2214.111_39.0.2171.95_chrome_updater.exe(Google Inc.) C:\Users\Tram\AppData\Local\Temp\CR_F3243.tmp\setup.exe(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\Tram\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] ()HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-11-14] ()HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [798544 2015-02-07] (Webroot)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoViewOnDrive] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKLM\...\Policies\Explorer: [NoViewContextMenu] 0HKLM\...\Policies\Explorer: [NoShellSearchButton] 0HKLM\...\Policies\Explorer: [NoFind] 0HKLM\...\Policies\Explorer: [NoFile] 0HKLM\...\Policies\Explorer: [HideClock] 0HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKLM\...\Policies\Explorer: [NoSetFolders] 0HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0HKLM\...\Policies\Explorer: [NoSetTaskbar] 0HKLM\...\Policies\Explorer: [NoDeletePrinter] 0HKLM\...\Policies\Explorer: [NoDFSTab] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0HKLM\...\Policies\Explorer: [NoLogoff] 0HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 0HKLM\...\Policies\Explorer: [NoSaveSettings] 0HKLM\...\Policies\Explorer: [NoHardwareTab] 0HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKLM\...\Policies\Explorer: [NoDesktop] 0HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2011-01-05] (AOL Inc.)HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [spotify Web Helper] => C:\Users\Tram\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-21] (Spotify Ltd)HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-09-10] (Apple Inc.)HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59280 2012-09-05] (Apple Inc.)HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [0CE1844678CFAEA274A5E51B50744957A3304F78._service_run] => C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Tram\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [Google Update] => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [findutil] => C:\Users\Tram\AppData\Local\Temp\cleafpmp.exe <===== ATTENTIONHKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [spotify] => C:\Users\Tram\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-21] (Spotify Ltd)HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [DisableCMD] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\MountPoints2: {3640f7ea-9a72-11e1-8cb9-00262d133777} - G:\LaunchU3.exe -aHKU\S-1-5-21-1794019613-805196587-2382130379-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\n. ATTENTION! ====> ZeroAccess/Alureon?HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\system: [DisableCMD] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0Startup: C:\Users\Tram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKU\S-1-5-21-1794019613-805196587-2382130379-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpSearchScopes: HKU\S-1-5-21-1794019613-805196587-2382130379-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1794019613-805196587-2382130379-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-1420:40:34&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1794019613-805196587-2382130379-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)Toolbar: HKU\S-1-5-21-1794019613-805196587-2382130379-1000 -> No Name - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No FileToolbar: HKU\S-1-5-21-1794019613-805196587-2382130379-1005 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)Hosts: Hosts file not detected in the default directoryTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No FileFF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No FileFF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tram\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @talk.google.com/O1DPlugin -> C:\Users\Tram\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Tram\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Tram\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-05-13]FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-31]FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-14]FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrackFF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-05-13] Chrome: =======CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-14 20:40:34&v=17.3.1.204&pid=safeguard&sg=0&sap=hpCHR StartupUrls: Default -> "hxxp://reddit.com/"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Tram\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]CHR Extension: (Webroot Filtering Extension) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-12-21]CHR Extension: (Google Wallet) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-05-31]CHR Extension: (Default Extension) - C:\Users\Tram\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagedfdbdjddgbdjgcdigfdcdegfgcdh [2012-05-12]CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.32.crx [2014-07-27]CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]CHR HKLM-x32\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\Tram\AppData\Local\Temp\ccex.crx [Not Found]StartMenuInternet: Google Chrome - C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321520 2012-03-23] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] () [File not signed]R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-11-11] (AVG Secure Search)R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [798544 2015-02-07] (Webroot) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2014-11-04] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-11] (AVG Technologies)R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2015-02-07] (Webroot)U0 SR; No ImagePathU2 srservice; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 00:35 - 2015-02-18 00:46 - 00036813 _____ () C:\Users\Tram\Downloads\FRST.txt2015-02-18 00:34 - 2015-02-18 00:36 - 00000000 ____D () C:\FRST2015-02-18 00:33 - 2015-02-18 00:33 - 02085888 _____ (Farbar) C:\Users\Tram\Downloads\FRST64 (2).exe2015-02-18 00:31 - 2015-02-18 00:32 - 02085888 _____ (Farbar) C:\Users\Tram\Downloads\FRST64 (1).exe2015-02-17 23:00 - 2015-02-17 23:00 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Mozilla2015-02-17 22:16 - 2015-02-17 22:16 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\Adobe2015-02-17 22:15 - 2015-02-17 22:15 - 00000000 ____D () C:\Users\Safety\AppData\Local\AVG SafeGuard toolbar2015-02-17 22:14 - 2015-02-17 22:14 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\AVG20122015-02-17 22:14 - 2015-02-17 22:14 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\Apple Computer2015-02-17 22:12 - 2015-02-17 22:12 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\AVG2015-02-17 22:10 - 2015-02-17 22:10 - 00001447 _____ () C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-02-17 22:10 - 2015-02-17 22:10 - 00001413 _____ () C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2015-02-17 22:06 - 2015-02-17 22:12 - 00000000 ____D () C:\Users\Safety\AppData\Local\VirtualStore2015-02-17 22:04 - 2015-02-17 22:08 - 00000000 ____D () C:\Users\Safety2015-02-17 22:04 - 2015-02-17 22:04 - 00000020 ___SH () C:\Users\Safety\ntuser.ini2015-02-17 22:04 - 2013-01-31 08:25 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\TuneUp Software2015-02-17 22:04 - 2011-10-18 02:02 - 00000000 ____D () C:\Users\Safety\AppData\Local\Microsoft Help2015-02-17 22:04 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-02-17 22:04 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-02-10 04:25 - 2015-02-10 04:25 - 00002480 _____ () C:\Windows\System32\Tasks\1214tbUpdateInfo2015-02-10 04:25 - 2015-02-10 04:25 - 00000348 _____ () C:\Windows\Tasks\1214tbUpdateInfo.job2015-02-10 04:25 - 2015-02-10 04:25 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 00:34 - 2014-07-27 21:48 - 00000000 ____D () C:\ProgramData\WRData2015-02-18 00:33 - 2009-07-13 23:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-18 00:33 - 2009-07-13 23:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-18 00:30 - 2012-05-31 14:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-18 00:28 - 2011-01-21 09:31 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA.job2015-02-17 22:33 - 2014-11-14 03:49 - 00001729 _____ () C:\Users\Tram\Desktop\Green Tweed Mod Dress - Shortcut.lnk2015-02-17 22:28 - 2011-01-21 09:31 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core.job2015-02-17 22:27 - 2013-05-09 13:38 - 00000000 ___RD () C:\Users\Tram\Dropbox2015-02-17 22:27 - 2013-05-09 13:29 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Dropbox2015-02-17 22:25 - 2013-05-09 13:38 - 00001017 _____ () C:\Users\Tram\Desktop\Dropbox.lnk2015-02-17 22:25 - 2013-05-09 13:34 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-02-17 22:23 - 2011-01-21 09:31 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA2015-02-17 22:23 - 2011-01-21 09:31 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core2015-02-17 22:17 - 2012-06-27 10:35 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Spotify2015-02-17 16:09 - 2009-01-21 09:19 - 00000000 ____D () C:\Windows\system32\Drivers\AVG2015-02-07 15:52 - 2014-07-27 21:48 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll2015-02-07 15:52 - 2014-07-27 21:48 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys2015-02-07 15:52 - 2014-07-27 21:48 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll2015-02-07 15:49 - 2011-12-05 02:58 - 00000000 ____D () C:\Users\MYOB_SERVICE2015-02-07 15:49 - 2009-01-21 09:10 - 00000000 ____D () C:\Users\Tram2015-02-06 15:08 - 2009-07-14 00:13 - 00782632 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-06 15:04 - 2014-07-27 22:14 - 00091646 _____ () C:\Windows\PFRO.log2015-02-06 15:04 - 2014-07-27 22:14 - 00001410 _____ () C:\Windows\setupact.log2015-02-06 15:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-05 17:29 - 2012-05-31 14:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-02-05 17:29 - 2012-05-31 14:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-02-05 17:29 - 2012-03-25 06:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ZeroAccess:C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\@C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\oC:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U\00000001.@C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U\00000002.@ ZeroAccess:C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\@ Some content of TEMP:====================C:\Users\Tram\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpidkdz7.dllC:\Users\Tram\AppData\Local\Temp\utt1076.tmp.exeC:\Users\Tram\AppData\Local\Temp\utt7B8B.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.C:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client LastRegBack: 2015-02-17 16:03 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015Ran by Tram at 2015-02-18 00:48:07Running from C:\Users\Tram\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Internet Security 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}AV: Microsoft Security Essentials (Disabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}AS: AVG Internet Security 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Disabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}FW: AVG Internet Security 2012 (Disabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)AIM 7 (HKLM-x32\...\AIM_7) (Version: - )Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2249 - AVG Technologies)AVG 2012 (Version: 12.0.2171 - AVG Technologies) HiddenAVG 2012 (Version: 12.0.2176 - AVG Technologies) HiddenAVG 2012 (Version: 12.0.2178 - AVG Technologies) HiddenAVG 2012 (Version: 12.0.2180 - AVG Technologies) HiddenAVG 2012 (Version: 12.0.2193 - AVG Technologies) HiddenAVG 2012 (Version: 12.0.2195 - AVG Technologies) HiddenAVG 2012 (Version: 12.0.2197 - AVG Technologies) HiddenAVG 2012 (Version: 12.0.2221 - AVG Technologies) HiddenAVG 2012 (Version: 12.0.4257 - AVG Technologies) HiddenAVG 2012 (Version: 12.1.2238 - AVG Technologies) HiddenAVG 2012 (Version: 12.1.2240 - AVG Technologies) HiddenAVG 2012 (Version: 12.1.2241 - AVG Technologies) HiddenAVG 2012 (Version: 12.1.2242 - AVG Technologies) HiddenAVG 2012 (Version: 12.1.2247 - AVG Technologies) HiddenAVG 2012 (Version: 12.1.2249 - AVG Technologies) HiddenAVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 12.0.4000.108 - AVG Technologies)AVG PC TuneUp (x32 Version: 12.0.4000.108 - AVG Technologies) HiddenAVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) HiddenAVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTIONDropbox (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)Google Chrome (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)Malwarebytes Anti-Malware version 1.65.1.1000 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)Microsoft Sync Framework 2.1 Database Providers (x86) ENU (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)Soap Opera Dash (HKLM-x32\...\am-soapoperadashtm) (Version: - )Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.3 - Sophos Limited)Spotify (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenVC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenWebroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.7.26 - Webroot)Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\n. No FileCustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 09-01-2015 18:33:33 Scheduled Checkpoint18-01-2015 22:14:24 Scheduled Checkpoint29-01-2015 01:30:31 Scheduled Checkpoint07-02-2015 15:50:04 Scheduled Checkpoint17-02-2015 16:03:47 Scheduled Checkpoint ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {066BC962-0245-4505-827D-998E976AAFF5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2012-09-05] ()Task: {06BA8C0D-B513-4146-BAD4-FC47D5F9CFA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)Task: {14AD62C8-DA11-4A44-BFFA-E7F44AE02CE9} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28] ()Task: {280B3525-CF16-46A5-9229-1979EF3708DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)Task: {2D27ECB1-4363-4426-89A8-1FC2407FDFF9} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2012-08-23] (AVG)Task: {387B5FB2-D72F-4503-BDD3-00E16C309A50} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exe [2015-02-10] ()Task: {475D6A7A-AF78-498C-99D2-0269E2BC539D} - System32\Tasks\{EE5CE790-E59E-439B-80C8-F3CE7334F185} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C53917E5-789F-4BF0-91EE-F5BF29560122}\setup.exe" -c -runfromtemp -l0x0409 -removeonlyTask: {4FCED888-7D9C-49F5-97D2-1C25C58E4D46} - System32\Tasks\{BB0CAD62-C215-4845-86E9-AB365D132A55} => pcalua.exe -a "C:\Users\Tram\Downloads\Shockwave_Installer_Slim (1).exe" -d C:\Users\Tram\DownloadsTask: {538D5536-A14D-4692-B05A-6935746B36AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {7F6F2757-3EB8-4381-9F4C-FA376A1A27B9} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29] (Sun Microsystems, Inc.)Task: {82BA4197-1C79-4272-97A8-78556E7EA30D} - System32\Tasks\Google Updater and Installer => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)Task: {97DAAABD-FA5A-4BE4-89CB-D067622107CA} - System32\Tasks\{5782725F-5E45-47E6-BCEB-D2C23B1444DE} => pcalua.exe -a "C:\Users\Tram\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HEDHQDG\ChromeSetup[1].exe" -d C:\Users\Tram\DesktopTask: {A0B9338E-8F93-4999-9199-CA34070A1299} - System32\Tasks\Open Chrome => Chrome.exe --new-windowTask: {C324DA00-33C6-4FEC-ABF9-7AAF297C725E} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()Task: {D6C83F1D-3037-4311-934F-C61885169F63} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10] (Adobe Systems Incorporated)Task: {DA7C7B74-6A4E-4D1C-BE74-CAB1E36159F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)Task: {E3CBC4AB-80B8-4B19-82C7-AC49DDE5189F} - System32\Tasks\{22BCF16A-1CC3-4655-874F-8425AA9993EE} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -c "C:\Program Files (x86)\RealArcade\Installer\installerMain.clf" "C:\Program Files (x86)\RealArcade\Installer\uninstall\am-soapoperadashtm.rguninst" "AddRemove"Task: {F2060500-4248-4E16-B5C8-5279ABB1D866} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core.job => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA.job => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\Open Chrome.job => C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exeTask: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-11 07:43 - 2014-11-11 07:42 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe2014-11-11 07:43 - 2014-11-14 03:05 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe2015-02-17 22:29 - 2015-02-17 22:29 - 07460944 _____ () C:\Users\Tram\AppData\Local\Google\Update\Install\{C7E5920E-4300-435B-BE4F-4E400CA36ED5}\40.0.2214.111_39.0.2171.95_chrome_updater.exe2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-11-11 07:43 - 2014-11-11 07:42 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll2011-01-05 12:06 - 2011-01-05 12:06 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll2009-04-09 18:04 - 2009-04-09 18:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll2009-03-03 17:17 - 2009-03-03 17:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll2009-04-22 16:53 - 2009-04-22 16:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll2009-03-03 17:17 - 2009-03-03 17:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll2009-03-03 17:17 - 2009-03-03 17:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll2009-03-03 17:17 - 2009-03-03 17:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll2011-01-12 20:55 - 2011-01-12 20:55 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll2009-03-03 17:17 - 2009-03-03 17:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll2009-03-03 17:17 - 2009-03-03 17:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll2011-01-12 20:57 - 2011-01-12 20:57 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll2009-03-03 17:18 - 2009-03-03 17:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll2009-03-03 17:18 - 2009-03-03 17:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll2009-03-03 17:18 - 2009-03-03 17:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-12-21 20:17 - 2014-12-05 20:50 - 01077064 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll2014-12-21 20:17 - 2014-12-05 20:50 - 00211272 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\libGLESv2.dll2015-02-17 22:26 - 2015-02-17 22:26 - 00043008 _____ () c:\users\tram\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpidkdz7.dll2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\libEGL.dll2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll2014-12-21 20:17 - 2014-12-05 20:50 - 09009480 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll2014-12-21 20:17 - 2014-12-05 20:50 - 01677128 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll2014-12-21 20:17 - 2014-12-05 20:50 - 14913352 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:31A07C00AlternateDataStreams: C:\ProgramData\TEMP:3AE22B1AAlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-21-1794019613-805196587-2382130379-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-21-1794019613-805196587-2382130379-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION! ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tram\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgHKU\S-1-5-21-1794019613-805196587-2382130379-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Safe Account\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1794019613-805196587-2382130379-500 - Administrator - Disabled)Guest (S-1-5-21-1794019613-805196587-2382130379-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1794019613-805196587-2382130379-1002 - Limited - Enabled)MYOB_SERVICE (S-1-5-21-1794019613-805196587-2382130379-1003 - Administrator - Enabled) => C:\Users\MYOB_SERVICESafe Account (S-1-5-21-1794019613-805196587-2382130379-1005 - Limited - Enabled) => C:\Users\Safe AccountSafety (S-1-5-21-1794019613-805196587-2382130379-1004 - Administrator - Enabled) => C:\Users\SafetyTram (S-1-5-21-1794019613-805196587-2382130379-1000 - Administrator - Enabled) => C:\Users\Tram ==================== Faulty Device Manager Devices ============= Name: VIA 1394 OHCI Compliant Host ControllerDescription: VIA 1394 OHCI Compliant Host ControllerClass Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}Manufacturer: VIAService: 1394ohciProblem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Microsoft PS/2 MouseDescription: Microsoft PS/2 MouseClass Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8143 Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8143 Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7145 Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 7145 Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6131 Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6131 Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/17/2015 04:22:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5132 System errors:=============Error: (02/18/2015 00:34:19 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (02/18/2015 00:05:03 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (02/17/2015 11:34:20 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (02/17/2015 11:04:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (02/17/2015 10:37:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (02/17/2015 10:04:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (02/17/2015 10:04:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (02/17/2015 10:04:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (02/17/2015 10:04:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (02/17/2015 10:03:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Microsoft Office Sessions:=========================Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8143 Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8143 Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7145 Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 7145 Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6131 Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6131 Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/17/2015 04:22:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5132 CodeIntegrity Errors:=================================== Date: 2015-02-06 15:04:50.552 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-06 15:04:50.490 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-06 15:03:47.725 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-06 15:03:47.663 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-28 07:18:09.552 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-28 07:18:09.505 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-28 07:16:57.371 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-28 07:16:57.293 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-28 07:13:56.893 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-28 07:13:56.808 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHzPercentage of memory in use: 77%Total physical RAM: 4029.18 MBAvailable physical RAM: 891.43 MBTotal Pagefile: 8056.54 MBAvailable Pagefile: 2644.8 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:698.64 GB) (Free:411.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CB5BD2B2)Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  14. Everything is running smoothly! One last thing: I was just wondering, after all these scans, was there anything in the logs?
  15. Everything seems to be running smoothly. I included the advCleaner log, but not the ESET log, since no threats were found, and the option to export to a text file didn't show up. # AdwCleaner v4.101 - Report created 21/11/2014 at 11:08:41 # Updated 09/11/2014 by Xplode # Database : 2014-11-16.1 [Live] # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Owner - OWNER-PC # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v33.1 (x86 en-US) -\\ Google Chrome v39.0.2171.65 [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} *************************
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.