viruscrunch16

Here it is... Running combofix scared me to death btw... ComboFix 14-10-29.01 - Win 7 10/30/2014 8:40.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1013.357 [GMT 8:00] Running from: c:\users\Win 7\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js c:\users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mkmknlenppbnjpbfjghjjmdjddadomhk_0.localstorage c:\users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ppmpjjklcmpaealfmgmcpdbhadejpcom_0.localstorage c:\users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Preferences . . ((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-30 ))))))))))))))))))))))))))))))) . . 2014-10-30 01:00 . 2014-10-30 01:01 -------- d-----w- c:\users\Win 7\AppData\Local\temp 2014-10-30 01:00 . 2014-10-30 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-10-27 12:15 . 2014-10-27 12:15 -------- d-----w- c:\program files\Skype 2014-10-27 03:24 . 2014-10-29 09:46 -------- d-----w- C:\FRST 2014-10-26 19:35 . 2014-10-27 18:33 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8A4E143-82F9-4AB5-867B-00C637E27B76}\offreg.dll 2014-10-26 09:01 . 2014-10-26 09:01 -------- d-----w- c:\users\Win 7\AppData\Local\ElevatedDiagnostics 2014-10-26 08:47 . 2014-10-30 00:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-10-26 08:46 . 2014-10-01 03:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-10-26 08:46 . 2014-10-01 03:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-10-26 08:46 . 2014-10-01 03:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-10-26 08:46 . 2014-10-26 08:46 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-10-26 08:46 . 2014-10-26 08:46 -------- d-----w- c:\programdata\Malwarebytes 2014-10-26 07:24 . 2014-10-26 07:24 -------- d-----w- c:\users\Win 7\.idlerc 2014-10-26 05:35 . 2014-10-26 05:35 -------- d-----w- c:\users\Win 7\AppData\Local\Skype 2014-10-26 05:34 . 2014-10-27 12:26 -------- d-----w- c:\users\Win 7\AppData\Roaming\Skype 2014-10-26 05:34 . 2014-10-26 05:34 -------- d-----w- c:\program files\Common Files\Skype 2014-10-25 12:08 . 2014-10-25 12:09 348160 ----a-w- c:\windows\system32\msvcr71.dll 2014-10-24 12:34 . 2014-10-24 12:34 -------- d-----w- c:\program files\Common Files\Steam 2014-10-23 08:55 . 2014-10-23 08:55 291352 ----a-w- c:\windows\system32\aswBoot.exe 2014-10-23 08:55 . 2014-10-23 08:55 43152 ----a-w- c:\windows\avastSS.scr 2014-10-11 14:46 . 2014-10-11 15:06 -------- d-----w- c:\users\Win 7\AppData\Roaming\WordWeb 2014-10-11 14:43 . 2014-09-14 00:50 2935936 ------w- c:\windows\wweb32.dll 2014-10-11 14:43 . 2014-10-11 15:04 -------- d-----w- c:\program files\WordWeb 2014-10-11 14:05 . 2014-10-11 14:11 -------- d-----w- C:\Python34 2014-10-09 14:30 . 2014-10-09 14:30 63920 ----a-w- c:\windows\system32\drivers\vmx_svga.sys 2014-10-09 14:30 . 2014-10-09 14:30 11696 ----a-w- c:\windows\system32\drivers\vmmouse.sys 2014-10-09 14:30 . 2014-10-09 14:30 117552 ----a-w- c:\windows\system32\drivers\vmhgfs.sys 2014-10-09 14:29 . 2014-10-09 14:30 19504 ----a-w- c:\windows\system32\drivers\vmdebug.sys 2014-10-09 14:29 . 2014-10-09 14:29 54960 ----a-w- c:\windows\system32\drivers\vmci.sys 2014-10-09 14:29 . 2014-10-09 14:29 25008 ----a-w- c:\windows\system32\drivers\vmaudio.sys 2014-10-09 14:29 . 2014-10-09 14:29 118784 ----a-w- c:\windows\system32\drivers\E1G60I32.sys 2014-10-09 14:28 . 2014-10-09 14:29 368749 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TPWinPrn.dll 2014-10-09 14:21 . 2014-10-09 14:21 16432 ----a-w- c:\windows\system32\vmx_mode.dll 2014-10-09 14:21 . 2014-10-09 14:21 173232 ----a-w- c:\windows\system32\vmx_fb.dll 2014-10-09 14:21 . 2014-10-09 14:21 35888 ----a-w- c:\windows\system32\vmhgfs.dll 2014-10-09 14:21 . 2014-10-09 14:21 111856 ----a-w- c:\windows\system32\TPVMW32.dll 2014-10-09 14:21 . 2014-10-09 14:21 9104 ----a-w- c:\windows\system32\TPVMMonUIjpn.dll 2014-10-09 14:20 . 2014-10-09 14:21 9104 ----a-w- c:\windows\system32\TPVMMonUIdeu.dll 2014-10-09 14:20 . 2014-10-09 14:20 79208 ----a-w- c:\windows\system32\TPVMMonUI.dll 2014-10-09 14:20 . 2014-10-09 14:20 9632 ----a-w- c:\windows\system32\TPVMMonjpn.dll 2014-10-09 14:20 . 2014-10-09 14:20 23960 ----a-w- c:\windows\system32\TPVMMondeu.dll 2014-10-09 14:20 . 2014-10-09 14:20 284016 ----a-w- c:\windows\system32\TPVMMon.dll 2014-10-09 14:19 . 2014-10-09 14:20 423208 ----a-w- c:\windows\system32\TPSvc.dll 2014-10-09 14:01 . 2014-10-09 14:01 -------- d-----w- c:\programdata\Weskysoft 2014-10-09 13:57 . 2014-10-09 13:57 -------- d-----w- c:\program files\DLLSuite 2014-10-09 13:15 . 2014-10-09 13:15 -------- d-----w- c:\programdata\Logs 2014-10-09 13:15 . 2013-04-11 08:12 17344 ----a-w- c:\windows\system32\roboot.exe 2014-10-08 12:51 . 2014-10-23 07:26 -------- d-----w- c:\program files\CCleaner 2014-10-08 05:06 . 2014-10-23 08:55 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys 2014-10-08 05:06 . 2014-10-23 08:55 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-10-08 05:06 . 2014-10-23 08:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-10-08 05:06 . 2014-10-23 08:55 422760 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-10-08 05:06 . 2014-10-23 08:55 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-10-08 05:06 . 2014-10-23 08:55 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-10-08 05:06 . 2014-10-23 08:54 787800 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-10-08 05:06 . 2014-10-23 08:54 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-10-08 05:02 . 2014-10-08 05:04 -------- d-----w- c:\programdata\AVAST Software 2014-10-07 14:43 . 2014-10-07 14:43 -------- d-----w- c:\users\Win 7\AppData\Roaming\Dropbox 2014-10-07 13:53 . 2014-10-07 13:53 1187697 ----a-w- c:\windows\unins000.exe 2014-10-07 13:36 . 2014-10-07 14:43 -------- d-----w- c:\windows\onhax-temp 2014-10-06 13:43 . 2014-10-26 07:17 -------- d-----w- c:\program files\RAR Password Unlocker 2014-10-05 13:22 . 2014-10-05 13:27 -------- d-----w- c:\users\Win 7\Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-23 09:02 . 2014-02-14 03:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-10-23 09:02 . 2014-02-14 03:35 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-10-23 08:55 . 2014-04-27 09:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-08-16 12:57 . 2014-08-26 03:53 24224 ----a-w- c:\program files\Sony.vshost.exe 2014-08-15 03:06 . 2014-08-26 03:53 32768 ----a-w- c:\program files\Chrome Update.exe 2014-08-15 03:02 . 2014-08-26 03:53 33792 ----a-w- c:\program files\Sony.exe 2014-08-11 23:11 . 2014-08-26 03:53 251392 ----a-w- c:\program files\Survey Killer.exe 2010-08-28 14:36 . 2014-08-26 03:53 96256 ----a-w- c:\program files\WebKitBrowser.dll 2010-08-28 14:36 . 2014-08-26 03:53 131072 ----a-w- c:\program files\WebKit.Interop.dll 2010-08-28 07:41 . 2014-08-26 03:53 8002048 ----a-w- c:\program files\WebKit.dll 2010-08-28 06:29 . 2014-08-26 03:53 1059328 ----a-w- c:\program files\JavaScriptCore.dll 2009-12-11 02:19 . 2014-08-26 03:53 862208 ----a-w- c:\program files\CFLite.dll 2009-12-11 02:16 . 2014-08-26 03:53 121344 ----a-w- c:\program files\objc.dll 2009-12-11 01:58 . 2014-08-26 03:53 13911552 ----a-w- c:\program files\icudt40.dll 2009-12-11 01:56 . 2014-08-26 03:53 1245184 ----a-w- c:\program files\icuin40.dll 2009-12-11 01:55 . 2014-08-26 03:53 1079296 ----a-w- c:\program files\icuuc40.dll 2009-12-11 01:40 . 2014-08-26 03:53 49664 ----a-w- c:\program files\pthreadVC2.dll 2009-12-11 01:34 . 2014-08-26 03:53 225280 ----a-w- c:\program files\libcurl.dll 2009-12-11 01:25 . 2014-08-26 03:53 200704 ----a-w- c:\program files\ssleay32.dll 2009-12-11 01:25 . 2014-08-26 03:53 1017344 ----a-w- c:\program files\libeay32.dll 2009-12-10 08:53 . 2014-08-26 03:53 61952 ----a-w- c:\program files\libexslt.dll 2009-12-10 08:52 . 2014-08-26 03:53 170496 ----a-w- c:\program files\libxslt.dll 2009-12-10 08:43 . 2014-08-26 03:53 1919488 ----a-w- c:\program files\libxml2.dll 2009-12-10 01:48 . 2014-08-26 03:53 412160 ----a-w- c:\program files\SQLite3.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-10-23 08:55 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] "WordWeb"="c:\program files\WordWeb\wweb32.exe" [2014-07-05 80000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-23 5223016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . c:\users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-27 98632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 08:36 958576 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2010-10-01 15:43 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2010-10-01 15:43 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-06-16 14:55 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2010-10-01 15:43 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2010-03-11 01:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-23 91496] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-01 51928] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-21 194664] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-10-23 26136] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-10-23 787800] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-10-23 422760] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-23 24184] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-23 70384] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-01 23256] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-30 114904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-07 322664] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-10-18 999016] S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-10-29 10:07 1087304 ----a-w- c:\program files\Google\Chrome\Application\40.0.2202.3\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-14 09:02] . 2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-10-08 13:57] . 2014-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-10-08 13:57] . . ------- Supplementary Scan ------- . uStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl mStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl mSearch Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}\3535A424F514355535: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}\A616E65647F5F6361626: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\ FF - prefs.js: browser.search.defaulturl - hxxps://ph.search.yahoo.com/yhs/search FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast) FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl FF - prefs.js: keyword.URL - hxxps://ph.search.yahoo.com/yhs/search . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) MSConfigStartUp-RtHDVBg - c:\program files\Realtek\Audio\HDA\RtHDVBg.exe MSConfigStartUp-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-10-30 09:05:28 ComboFix-quarantined-files.txt 2014-10-30 01:05 . Pre-Run: 81,033,146,368 bytes free Post-Run: 80,869,654,528 bytes free . - - End Of File - - 47E79FB51C3513904B7F3621B47CAB6A A36C5E4F47E84449FF07ED3517B43A31

Hi this is the fixlog.txt content Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014 Ran by Win 7 at 2014-10-29 17:34:48 Run:1 Running from C:\Users\Win 7\Downloads Loaded Profile: Win 7 (Available profiles: Win 7) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms} SearchScopes: HKCU - {38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA} URL = http://start.mysearc...=1364401586&ir= SearchScopes: HKCU - {808CBB34-480E-4919-ADB6-C0EF9B3003CA} URL = http://start.mysearc...=1073193372&ir= SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms} SearchScopes: HKCU - {B2DF85AF-97B1-48FB-93D9-FC43B6CD6057} URL = http://start.mysearc...=1073193372&ir= SearchScopes: HKCU - {E9D6D35D-B34D-4370-8681-14D0E296E86E} URL = http://start.mysearc...=1073193372&ir= CHR dev: Chrome dev build detected! <======= ATTENTION 2014-10-23 14:52 - 2014-03-27 17:12 - 00000000 ____D () C:\ProgramData\saafeeweeb Task: {A6C121AC-EA8C-4175-83BB-5B29F18078C9} - \SaveSense No Task File <==== ATTENTION Task: C:\Windows\Tasks\SaveSense.job => C:\Users\WIN7~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION c:\program files\settings manager C:\Program Files\Settings Manager End ***************** "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA}" => Key deleted successfully. "HKCR\CLSID\{38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{808CBB34-480E-4919-ADB6-C0EF9B3003CA}" => Key deleted successfully. "HKCR\CLSID\{808CBB34-480E-4919-ADB6-C0EF9B3003CA}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2DF85AF-97B1-48FB-93D9-FC43B6CD6057}" => Key deleted successfully. "HKCR\CLSID\{B2DF85AF-97B1-48FB-93D9-FC43B6CD6057}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9D6D35D-B34D-4370-8681-14D0E296E86E}" => Key deleted successfully. "HKCR\CLSID\{E9D6D35D-B34D-4370-8681-14D0E296E86E}" => Key not found. CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry. C:\ProgramData\saafeeweeb => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6C121AC-EA8C-4175-83BB-5B29F18078C9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6C121AC-EA8C-4175-83BB-5B29F18078C9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense" => Key deleted successfully. C:\Windows\Tasks\SaveSense.job => Moved successfully. c:\program files\settings manager => Moved successfully. "C:\Program Files\Settings Manager" => File/Directory not found. The system needed a reboot. ==== End of Fixlog ====

oops i forgot my malwarebytes log scan here it is.. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/27/2014Scan Time: 11:17:22 AMLogfile: aaa.txtAdministrator: No Version: 2.00.3.1025Malware Database: v2014.10.26.08Rootkit Database: v2014.10.22.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7CPU: x86File System: NTFSUser: Win 7 Scan Type: Hyper ScanResult: CompletedObjects Scanned: 284402Time Elapsed: 19 min, 5 sec Memory: EnabledStartup: EnabledFilesystem: DisabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 32PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "irmsd0202ch"), Replaced,[7c4527f06a122a0cfe19ec77cc390ff1]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (s to this file while the application is runn application exits. *out:config */), Replaced,[e8d918ffde9e3ff776a14a19f31202fe]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (lication is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.u), Replaced,[378a8a8dbac2d85e7f98164d1de814ec]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (.update.lastUpdateTime.addon-background-update-ti), Replaced,[536e2beccfad9e98c6519ac942c332ce]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (e changes to this file while the application is runn a), Replaced,[2899af68b1cbca6c9b7c570ca461f10f]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (nges to this file while the application is runn a), Replaced,[7051d4434e2e48eecc4b342f9273de22]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (e changes to this file while the application is runn), Replaced,[9e233add4c308bab1700e182d33232ce]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn ), Replaced,[17aaa3746f0dbd794ccb194aaf567090]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( changes to this file while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-background-update-timer", 1405167050);user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails",h-engine-update-timer", 1405166689);user_pref("app.update.migrated.updateDir", true);user_pref("browser.bookmarks.restore_default_bookmarks", false);user_pref("browser.cache.disk.capacity", 358400);user_pref("browser.cache.disk.smart_size.first_run", false);user_pref("brows), Replaced,[4a777b9caece84b28c8bf76cb35251af]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (k.smart_size.first_run", false);user_pref("browser.cach), Replaced,[d0f12ee926569d9920f7ec77778e9a66]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (s to this file while the application is runn applica), Replaced,[962b18ff4b3146f01601d2918e77dc24]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn application exits. *out:con), Replaced,[645d5bbcf983df57f126e97a5ea738c8]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (e application is runn application exits. *out), Replaced,[edd47b9ce795bc7a1ef94f1461a4c13f]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.), Replaced,[645db5623b4133030413085b72938080]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ref("app.update.lasf("app.update.lastUpdateTime.blocklist-background-update-timer", 1405167050);user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails",h-engine-update-timer", 1405166689);user_pref("app.update.migrated.updateDir", true);user_pref("browser.bookmarks.restore_default_bookmarks", false);user_pref("browser.cache.disk.capacity", 358400);user_pref("browser.cache.disk.smart_size.first_run", fals), Replaced,[ad1473a45a22a98dbc5b243fb2534fb1]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (6689);user_pref("app.update.migrated.updateDir", true);u), Replaced,[2b9641d6ec90af87be59b2b10500b947]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (o this file while the application is runn application e), Replaced,[4c751cfb463665d18f88bda66a9b639d]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ges to this file while the application is runn app), Replaced,[af1254c398e454e2a1766df6eb1a8d73]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( changes to this file while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.), Replaced,[dbe6d83f0a729a9c0d0a80e3c04536ca]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-backgrou), Replaced,[b011be59116bcd696bac43207293da26]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ile while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-background-u), Replaced,[a61b140395e7a690f81ff56e31d48b75]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (f("app.update.lasf("app.update.lastUpdateTime.blocklist-bac), Replaced,[566b4acd1f5ddf5730e7c0a350b56e92]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (to this file while the application is runn application exits.), Replaced,[8839fb1cc8b40234d54298cbe12412ee]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( this file while the application is runn applica), Replaced,[754c4acdb0cc2c0a958243205fa6c33d]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is runn applicati), Replaced,[0cb5cb4c710bd0666aada2c11de88e72]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (his file while the application is runn application e), Replaced,[517062b53943bc7a37e0b0b35ea77a86]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-b), Replaced,[3190fe19730934025abd0e5551b4e818]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (p.update.lasf("app.update.lastUpdateTime.blocklist-bac), Replaced,[c3feb6610775a78fd74001628b7ac13f]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (nges to this file while the application is runn applica), Replaced,[a31e33e4eb91f83ee23585de9570fc04]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( changes to this file while the application is runn a), Replaced,[3d848c8b83f98da948cfe97a2fd6e51b]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (anges to this file while the application is runn applic), Replaced,[5d64987f87f576c043d4e97a8a7b1ee2]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ges to this file while the application is runn application exits.), Replaced,[cef38f8865173204d93eafb49273de22] Physical Sectors: 0(No malicious items detected) (end)

HI I was done downloading the FRST.exe and the scan here are the results.... ___FRST.txt log_____ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014Ran by Win 7 (administrator) on WIN7-PC on 27-10-2014 11:24:43Running from C:\Users\Win 7\DownloadsLoaded Profiles: Win 7 & (Available profiles: Win 7)Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)Internet Explorer Version 8Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-23] (AVAST Software)HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKU\S-1-5-21-4157116677-2462151510-724841161-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)HKU\S-1-5-21-4157116677-2462151510-724841161-1000\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)HKU\S-1-5-21-4157116677-2462151510-724841161-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)HKU\S-1-5-21-4157116677-2462151510-724841161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)HKU\S-1-5-21-4157116677-2462151510-724841161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)HKU\S-1-5-21-4157116677-2462151510-724841161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)IFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\jumpflip: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\searchinstaller.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\searchsettings.exe: [Debugger] tasklist.exeIFEO\searchsettings64.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\umbrella.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeStartup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dllHKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dllShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbclHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x956F53A3E9FDCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbclHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbclHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbclStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=104&itype=a&ver=13337&tm=327&src=ds&p={searchTerms}SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKCU - {38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyD0F0FtB0EzztAtCtB0BtN0D0Tzu0SzzyDtAtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtCtB0B0CzzyC0EtGyEzyyDzztGtCtD0C0EtGtByB0EzztGtB0FtC0B0BtAyE0CyC0C0C0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAtC0D0C0CzzyBtGzztBzyyDtGyByBtCyEtGzzyBtA0DtGtAzzyCyDtDyEyDyDtDyD0C0A2Q&cr=1364401586&ir=SearchScopes: HKCU - {808CBB34-480E-4919-ADB6-C0EF9B3003CA} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyD0F0FtB0EzztAtCtB0BtN0D0Tzu0SyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1073193372&ir=SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=104&itype=a&ver=13337&tm=327&src=ds&p={searchTerms}SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKCU - {B2DF85AF-97B1-48FB-93D9-FC43B6CD6057} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyD0F0FtB0EzztAtCtB0BtN0D0Tzu0SyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1073193372&ir=SearchScopes: HKCU - {D87EC373-43E6-4BB7-93BB-617243B31EC2} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}SearchScopes: HKCU - {E9D6D35D-B34D-4370-8681-14D0E296E86E} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyD0F0FtB0EzztAtCtB0BtN0D0Tzu0SyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1073193372&ir=BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}: [NameServer] 8.8.8.8,8.8.4.4 FireFox:========FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.defaultFF DefaultSearchEngine: Yahoo! (Avast)FF DefaultSearchUrl: https://ph.search.yahoo.com/yhs/searchFF SearchEngineOrder.1: Yahoo! (Avast)FF SelectedSearchEngine: Yahoo! (Avast)FF Homepage: https://www.yahoo.com?fr=hp-avast&type=avastbclFF Keyword.URL: https://ph.search.yahoo.com/yhs/searchFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\searchplugins\yahoo-avast.xmlFF SearchPlugin: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\searchplugins\yahoo_ff.xmlFF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-08] Chrome: =======CHR dev: Chrome dev build detected! <======= ATTENTIONCHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-08]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-08]CHR Extension: (Google Search) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-08]CHR Extension: (Avast Online Security) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-07]CHR Extension: (Google Wallet) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-08]CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-08]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-23] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-10-23] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-23] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-23] (AVAST Software)R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-23] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-10-23] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-10-23] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-10-23] (AVAST Software)R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-10-23] ()S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-19] (LogMeIn, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-27] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [999016 2010-10-19] (Realtek Semiconductor Corporation )S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-27 11:24 - 2014-10-27 11:26 - 00015746 _____ () C:\Users\Win 7\Downloads\FRST.txt2014-10-27 11:24 - 2014-10-27 11:24 - 00000000 ____D () C:\FRST2014-10-27 11:20 - 2014-10-27 11:23 - 01104896 _____ (Farbar) C:\Users\Win 7\Downloads\FRST.exe2014-10-27 00:46 - 2014-10-27 01:53 - 422105353 _____ () C:\Users\Win 7\Downloads\Warm Bodies (2013) Full Movie - HD 1080p BluRay.flv2014-10-26 23:20 - 2014-10-27 00:46 - 527801708 _____ () C:\Users\Win 7\Downloads\Lucy (2014) Full Movie - HD 720p.flv2014-10-26 16:47 - 2014-10-27 11:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-26 16:46 - 2014-10-26 16:46 - 00001026 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-26 16:46 - 2014-10-26 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-26 16:46 - 2014-10-26 16:46 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-10-26 16:46 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-26 16:46 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-26 16:46 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-10-26 15:34 - 2014-10-26 16:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Win 7\Downloads\mbam-setup-2.0.3.1025.exe2014-10-26 15:24 - 2014-10-26 15:24 - 00000000 ____D () C:\Users\Win 7\.idlerc2014-10-26 13:35 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Win 7\AppData\Local\Skype2014-10-26 13:34 - 2014-10-27 11:11 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Skype2014-10-26 13:34 - 2014-10-26 13:34 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk2014-10-26 13:34 - 2014-10-26 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-10-26 13:34 - 2014-10-26 13:34 - 00000000 ____D () C:\Program Files\Common Files\Skype2014-10-26 09:21 - 2014-10-26 10:04 - 26222592 _____ () C:\Users\Win 7\Downloads\SkypeSetup_6.16.0.105.msi2014-10-26 09:20 - 2014-10-26 09:20 - 00000000 ____D () C:\Windows\system32\appmgmt2014-10-25 20:08 - 2014-10-25 20:09 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll2014-10-24 20:34 - 2014-10-24 20:34 - 00000000 ____D () C:\Program Files\Common Files\Steam2014-10-24 20:17 - 2014-10-24 20:22 - 01142392 _____ () C:\Users\Win 7\Downloads\SteamSetup.exe2014-10-23 16:57 - 2014-10-27 11:08 - 00090354 _____ () C:\Windows\PFRO.log2014-10-23 16:56 - 2014-10-23 16:56 - 00002069 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk2014-10-23 16:56 - 2014-10-23 16:56 - 00002009 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk2014-10-23 16:56 - 2014-10-23 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2014-10-23 16:55 - 2014-10-23 16:55 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-10-23 16:55 - 2014-10-23 16:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-10-15 19:15 - 2014-10-15 19:16 - 00000682 _____ () C:\Users\Win 7\Documents\cc_20141015_191546.reg2014-10-11 22:46 - 2014-10-11 23:06 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\WordWeb2014-10-11 22:44 - 2014-10-11 23:04 - 00001860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordWeb.lnk2014-10-11 22:43 - 2014-10-11 23:04 - 00000000 ____D () C:\Program Files\WordWeb2014-10-11 22:43 - 2014-09-14 08:50 - 02935936 ____N (WordWeb Software) C:\Windows\wweb32.dll2014-10-11 22:36 - 2014-10-11 22:41 - 21947320 _____ () C:\Users\Win 7\Downloads\wordweb7.exe2014-10-11 22:17 - 2014-10-11 22:17 - 00049216 _____ () C:\Users\Win 7\Downloads\file crack-oald8.7z2014-10-11 22:12 - 2014-10-11 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.42014-10-11 22:05 - 2014-10-11 22:11 - 00000000 ____D () C:\Python342014-10-11 21:33 - 2014-10-11 21:41 - 24408064 _____ () C:\Users\Win 7\Downloads\python-3.4.1.msi2014-10-11 19:28 - 2014-10-11 19:28 - 00009792 _____ () C:\Users\Win 7\Documents\cc_20141011_192755.reg2014-10-11 19:16 - 2014-10-27 11:09 - 00004985 _____ () C:\Windows\setupact.log2014-10-11 19:16 - 2014-10-11 19:16 - 00000000 _____ () C:\Windows\setuperr.log2014-10-09 22:30 - 2014-10-09 22:30 - 00117552 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmhgfs.sys2014-10-09 22:30 - 2014-10-09 22:30 - 00063920 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx_svga.sys2014-10-09 22:30 - 2014-10-09 22:30 - 00011696 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmmouse.sys2014-10-09 22:29 - 2014-10-09 22:30 - 00019504 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmdebug.sys2014-10-09 22:29 - 2014-10-09 22:29 - 00118784 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G60I32.sys2014-10-09 22:29 - 2014-10-09 22:29 - 00054960 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys2014-10-09 22:29 - 2014-10-09 22:29 - 00025008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmaudio.sys2014-10-09 22:21 - 2014-10-09 22:21 - 00173232 _____ (VMware, Inc.) C:\Windows\system32\vmx_fb.dll2014-10-09 22:21 - 2014-10-09 22:21 - 00111856 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMW32.dll2014-10-09 22:21 - 2014-10-09 22:21 - 00035888 _____ (VMware, Inc.) C:\Windows\system32\vmhgfs.dll2014-10-09 22:21 - 2014-10-09 22:21 - 00016432 _____ (VMware, Inc.) C:\Windows\system32\vmx_mode.dll2014-10-09 22:21 - 2014-10-09 22:21 - 00009104 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonUIjpn.dll2014-10-09 22:20 - 2014-10-09 22:21 - 00009104 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonUIdeu.dll2014-10-09 22:20 - 2014-10-09 22:20 - 00284016 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMon.dll2014-10-09 22:20 - 2014-10-09 22:20 - 00079208 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonUI.dll2014-10-09 22:20 - 2014-10-09 22:20 - 00023960 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMondeu.dll2014-10-09 22:20 - 2014-10-09 22:20 - 00009632 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonjpn.dll2014-10-09 22:19 - 2014-10-09 22:20 - 00423208 _____ (ThinPrint GmbH) C:\Windows\system32\TPSvc.dll2014-10-09 22:01 - 2014-10-09 22:01 - 00000000 ____D () C:\ProgramData\Weskysoft2014-10-09 21:57 - 2014-10-09 21:57 - 00001030 _____ () C:\Users\Win 7\Desktop\DllSuite.lnk2014-10-09 21:57 - 2014-10-09 21:57 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 20142014-10-09 21:57 - 2014-10-09 21:57 - 00000000 ____D () C:\Program Files\DLLSuite2014-10-09 21:50 - 2014-10-09 21:56 - 16578402 _____ ( ) C:\Users\Win 7\Downloads\DLLSuite_Setup.exe2014-10-09 21:15 - 2013-04-11 16:12 - 00017344 _____ (Dll-Files.com) C:\Windows\system32\roboot.exe2014-10-08 22:14 - 2014-10-08 22:15 - 00004672 _____ () C:\Users\Win 7\Documents\cc_20141008_221441.reg2014-10-08 22:05 - 2014-10-26 15:16 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-08 22:05 - 2014-10-08 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-10-08 21:57 - 2014-10-27 11:09 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-08 21:57 - 2014-10-27 07:02 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-08 21:56 - 2014-10-08 21:56 - 00895120 _____ (Google Inc.) C:\Users\Win 7\Downloads\ChromeSetup.exe2014-10-08 21:41 - 2014-10-08 21:42 - 00244136 _____ () C:\Users\Win 7\Downloads\Firefox Setup Stub 32.0.3.exe2014-10-08 21:34 - 2014-10-08 21:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk2014-10-08 21:34 - 2014-10-08 21:36 - 00001950 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk2014-10-08 21:33 - 2014-10-08 21:33 - 00000000 ____D () C:\Program Files\Adobe2014-10-08 21:18 - 2014-10-26 17:10 - 00000000 ____D () C:\Users\Win 7\Documents\Janet Ocab2014-10-08 21:12 - 2014-10-08 21:12 - 00001314 _____ () C:\Users\Win 7\Documents\cc_20141008_211207.reg2014-10-08 21:10 - 2014-10-08 21:10 - 00069648 _____ () C:\Users\Win 7\Documents\cc_20141008_211010.reg2014-10-08 20:52 - 2014-10-08 20:52 - 00000931 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-10-08 20:52 - 2014-10-08 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-10-08 20:51 - 2014-10-23 15:26 - 00000000 ____D () C:\Program Files\CCleaner2014-10-08 20:44 - 2014-10-08 20:49 - 04945978 _____ () C:\Users\Win 7\Downloads\CCleaner 4.07.4369 Busi_Pro (ChezzyB0x).zip2014-10-08 13:06 - 2014-10-23 16:55 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-10-08 13:06 - 2014-10-23 16:54 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-10-08 13:06 - 2014-10-23 16:54 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-10-08 13:02 - 2014-10-08 13:04 - 00000000 ____D () C:\ProgramData\AVAST Software2014-10-07 22:43 - 2014-10-07 22:43 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Dropbox2014-10-07 21:53 - 2014-10-07 21:53 - 01187697 _____ () C:\Windows\unins000.exe2014-10-07 21:53 - 2014-10-07 21:53 - 00001231 _____ () C:\Windows\unins000.dat2014-10-07 21:36 - 2014-10-07 22:43 - 00000000 ____D () C:\Windows\onhax-temp2014-10-06 21:43 - 2014-10-26 15:17 - 00000000 ____D () C:\Program Files\RAR Password Unlocker2014-10-06 21:23 - 2014-10-06 21:25 - 03220905 _____ () C:\Users\Win 7\Downloads\RAR Password Unlocker.rar2014-10-05 21:22 - 2014-10-05 21:27 - 00000000 ____D () C:\Users\Win 7\Games2014-10-05 21:21 - 2014-10-05 21:21 - 00000000 ____D () C:\Users\Win 7\Documents\Book PDFs ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-27 11:15 - 2009-07-14 12:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-27 11:15 - 2009-07-14 12:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-27 11:12 - 2013-10-06 04:09 - 01376486 _____ () C:\Windows\WindowsUpdate.log2014-10-27 11:09 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-27 07:48 - 2013-10-06 04:28 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\vlc2014-10-27 07:46 - 2014-02-14 11:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-27 07:42 - 2014-04-24 22:35 - 00000000 ____D () C:\Program Files\Settings Manager2014-10-26 23:21 - 2014-07-12 07:46 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Settings Manager2014-10-26 23:20 - 2014-03-01 21:51 - 00000000 ____D () C:\Program Files\Websave2014-10-26 22:43 - 2014-07-30 20:13 - 00000000 ____D () C:\Users\Win 7\Documents\Adrian Ocab2014-10-26 19:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding2014-10-26 17:11 - 2013-10-06 04:16 - 00000000 ____D () C:\Users\Win 72014-10-26 15:21 - 2013-10-06 04:53 - 00000000 ____D () C:\Windows\system32\RTCOM2014-10-26 15:16 - 2014-02-14 10:18 - 00001083 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2014-10-26 15:16 - 2014-02-14 10:18 - 00001071 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2014-10-26 15:16 - 2013-10-06 04:17 - 00001413 _____ () C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-10-26 14:12 - 2014-03-01 22:12 - 00000294 _____ () C:\Windows\Tasks\SaveSense.job2014-10-26 13:34 - 2013-10-06 05:10 - 00000000 ___RD () C:\Program Files\Skype2014-10-26 13:34 - 2013-10-06 05:10 - 00000000 ____D () C:\ProgramData\Skype2014-10-26 13:07 - 2013-10-06 04:20 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-26 01:59 - 2014-03-01 22:07 - 00000166 _____ () C:\Users\Win 7\AppData\Roaming\WB.CFG2014-10-23 17:02 - 2014-02-14 11:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-10-23 17:02 - 2014-02-14 11:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-10-23 16:55 - 2014-04-27 17:35 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-10-23 14:52 - 2014-03-27 17:12 - 00000000 ____D () C:\ProgramData\saafeeweeb2014-10-11 21:45 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-10-09 22:26 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI2014-10-08 22:20 - 2014-02-14 10:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-10-08 22:20 - 2013-10-06 04:28 - 00000000 ____D () C:\Program Files\WinRAR2014-10-08 22:17 - 2013-10-06 04:28 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-10-08 22:17 - 2013-10-06 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2014-10-08 22:10 - 2013-10-06 04:26 - 00000000 ____D () C:\Users\Win 7\AppData\Local\Google2014-10-08 22:04 - 2013-10-06 05:11 - 00000000 ____D () C:\Program Files\Google2014-10-08 21:51 - 2014-07-12 21:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-10-08 21:39 - 2013-10-06 04:28 - 00000990 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-10-08 21:39 - 2013-10-06 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2014-10-08 21:34 - 2013-10-06 04:26 - 00000000 ____D () C:\ProgramData\Adobe2014-10-08 21:34 - 2013-10-06 04:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-10-08 21:33 - 2013-10-06 04:29 - 00000000 ____D () C:\Users\Win 7\AppData\Local\Adobe2014-10-08 21:16 - 2014-09-20 19:10 - 00000396 __RSH () C:\ProgramData\ntuser.pol2014-10-08 21:06 - 2014-04-16 12:50 - 00000000 ____D () C:\Windows\Minidump2014-10-08 21:06 - 2013-10-06 05:06 - 00000000 ____D () C:\Windows\Panther2014-10-08 13:07 - 2014-03-09 18:19 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\AVAST Software2014-10-08 13:04 - 2013-10-06 04:20 - 00000000 ____D () C:\Program Files\AVAST Software2014-10-08 12:59 - 2009-07-14 10:04 - 00002577 _____ () C:\Windows\system32\config.nt2014-10-05 21:49 - 2013-10-29 04:31 - 00000000 ____D () C:\Users\Win 7\Downloads\Vanguard2014-10-05 17:09 - 2009-07-14 12:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP:====================C:\Users\Win 7\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 00:48 ==================== End Of Log ============================ _____ADDITION.txt log____ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014Ran by Win 7 at 2014-10-27 11:27:39Running from C:\Users\Win 7\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)Avast License by ZeNiX [2012-06-29] (HKLM\...\Avast_2050_ZeNiX [2012-06-29]_is1) (Version: - )Avast Pro Antivirus (HKLM\...\Avast) (Version: 10.0.2206 - AVAST Software)CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.8013 - Skype Technologies S.A.)DLL Suite 2013 (HKLM\...\{885843E7-6CAC-4791-B7BF-1CD516017954}_is1) (Version: - )Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.13 - Google Inc.)Google Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)Python 3.4.1 (HKLM\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)WordWeb (HKLM\...\WordWeb) (Version: 7 - WordWeb Software)Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-10-2014 11:01:43 Windows Backup23-10-2014 07:36:51 avast! antivirus system restore point26-10-2014 01:18:32 Removed Skype™ 5.526-10-2014 05:33:07 Installed Skype™ 6.1626-10-2014 11:03:24 Windows Backup ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {512DF5DE-C2AF-4642-95B1-BC2CE4809513} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {6DD5CAB8-07A7-42CE-AEB2-DD4EBA25FDC3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-23] (AVAST Software)Task: {7352BBCD-1A25-41D7-9E1E-AFD10A4280A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-08] (Google Inc.)Task: {94FA5128-A5CD-475D-9447-5DF7F04BAC78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-08] (Google Inc.)Task: {A6C121AC-EA8C-4175-83BB-5B29F18078C9} - \SaveSense No Task File <==== ATTENTIONTask: {C212E93C-5146-48C1-8B4A-1F48DCEB01C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)Task: {D173A1C9-5D1E-4B1F-8FC2-3F12B8785737} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SaveSense.job => C:\Users\WIN7~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-10-23 15:21 - 2014-10-07 23:49 - 00217600 _____ () C:\Program Files\AVAST Software\Avast\USERENV.dll2014-10-27 07:45 - 2014-10-27 07:45 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102601\algo.dll2014-10-23 16:55 - 2014-10-23 16:55 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-10-08 22:04 - 2014-10-07 12:22 - 09008456 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.13\pdf.dll2014-10-08 22:04 - 2014-10-07 12:22 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.13\ffmpegsumo.dll2014-10-09 20:00 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-10-09 20:00 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:538DC028 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: msiserver => 3MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietMSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -sMSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ========================= Accounts: ========================== Administrator (S-1-5-21-4157116677-2462151510-724841161-500 - Administrator - Disabled)Guest (S-1-5-21-4157116677-2462151510-724841161-501 - Limited - Disabled)Win 7 (S-1-5-21-4157116677-2462151510-724841161-1000 - Administrator - Enabled) => C:\Users\Win 7 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/27/2014 00:05:27 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=39.0.2171.13;lang=;guid=F13992ECA1624D3A8566CB3062895A98;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\fd97d04c-f56a-4ce3-ba7d-dd4c72d762a5.dmp Error: (10/26/2014 07:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Updater.exe, version: 6.8.0.112, time stamp: 0x533db3abFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x006f00c4Faulting process id: 0x240Faulting application start time: 0xUpdater.exe0Faulting application path: Updater.exe1Faulting module path: Updater.exe2Report Id: Updater.exe3 Error: (10/23/2014 05:50:50 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=39.0.2171.13;lang=;guid=F13992ECA1624D3A8566CB3062895A98;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\abbad8e7-8306-4202-ae3d-2583726dd803.dmp Error: (10/23/2014 05:26:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (10/23/2014 05:09:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (10/23/2014 04:59:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (10/23/2014 03:36:47 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {fd52f1f1-e546-4a7b-b27a-5d590ec055ea} Error: (10/23/2014 03:14:20 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )Description: Update Windows license and product key tokens failed with 0x80070005. Error: (10/23/2014 03:13:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Win7-PC)Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (10/23/2014 03:13:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Win7-PC)Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. System errors:=============Error: (10/27/2014 11:09:25 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_NUM Error: (10/27/2014 11:09:25 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_COMPLETE Error: (10/27/2014 11:09:23 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_REQUEST Error: (10/27/2014 11:09:01 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: RT_INIT_OK Error: (10/27/2014 07:57:43 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_NUM Error: (10/27/2014 07:57:43 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_COMPLETE Error: (10/27/2014 07:57:42 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_REQUEST Error: (10/27/2014 07:42:49 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_NUM Error: (10/27/2014 07:42:49 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_COMPLETE Error: (10/27/2014 07:42:48 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_REQUEST Microsoft Office Sessions:========================= ==================== Memory info =========================== Processor: Intel® Atom CPU N455 @ 1.66GHzPercentage of memory in use: 87%Total physical RAM: 1013.42 MBAvailable physical RAM: 129.9 MBTotal Pagefile: 2037.42 MBAvailable Pagefile: 548.29 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1905.42 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:98.02 GB) (Free:78.11 GB) NTFSDrive d: (Storage Area) (Fixed) (Total:134.76 GB) (Free:37.58 GB) NTFSDrive f: (ADRIAN) (Fixed) (Total:3.73 GB) (Free:2.56 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A884B3F9)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=134.8 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 3.7 GB) (Disk ID: FC00FEC8)Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B) ==================== End Of Log ============================ i hope I get the reply soon... Thanks

hi i can't reply much often because our internet is not that fast, how long til i get bumped for not replying in this thread?

thanks you for the fast reply sir, and yes im referring to a complete scan, does mBAM removal process 2x a free version or a trial or i need to purchase it right away? um.. and where can i find these diagnostic logs sir..?

Good Day , i am really desperate now that i had force shutdown my laptop 5 times because of the freeze/lag my laptop gets when scanning not only MBAM but also my antivirus ( Avast ). Mostly they lag in these files: msvcrt.dll( only MBAM causes this), mvcp60.dll(both), mvcp100.dll(both), there are many more programs that they lag when scanning. First I tried hiding msvcrt.dll and it worked, then it lagged(as in i hardly can move my mouse cursor) again in mvcp60.dll so i deleted it, but in the next scan it lagged in mvcp100.dll, deleted it too, then there was this other program, that i cant remember, it lagged there too.... Can anyone help me with this problem, and pls. be patient with me cuz i am not expert in this. Thanks in advance .

Good Day , i am really desperate now that i had force shutdown my laptop 5 times because of the freeze/lag my laptop gets when scanning not only MBAM but also my antivirus ( Avast ). Mostly they lag in these files: msvcrt.dll( only MBAM causes this), mvcp60.dll(both), mvcp100.dll(both), there are many more programs that they lag when scanning. First I tried hiding msvcrt.dll and it worked, then it lagged(as in i hardly can move my mouse cursor) again in mvcp60.dll so i deleted it, but in the next scan it lagged in mvcp100.dll, deleted it too, then there was this other program, that i cant remember, it lagged there too.... Can anyone help me with this problem, and pls. be patient with me cuz i am not expert in this.