Jump to content

Velshard

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Rural Oregon
  • Interests
    Nothing that falls under the definition of Politically Correct other than reading next to my fire place with a hot cup of mint coco and my ten year old black lab sitting at my feet, while he enjoys a fresh rawhide bone.
  1. Here's the log files Maniac aka Borislav, and thank you in advance for your help and my apologies to the admin for not doing things in the right order. BTW I'm not a saint but I tend to avoid any porn sites because I know that they're a veritable cess pool of potential malware, yet the host files show a bunch of what I assume to be links to porn sites. What are those and what stupid thing did I do to put them there? Oh and sorry for the slow reply, been hectic for me as of late. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014Ran by Matthew (administrator) on VALUTA on 12-11-2014 20:46:49Running from C:\Users\Matthew\DownloadsLoaded Profile: Matthew (Available profiles: Matthew)Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe(AMD) C:\WINDOWS\System32\atiesrxx.exe(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe(AMD) C:\WINDOWS\System32\atieclxx.exe(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe(Microsoft Corporation) C:\WINDOWS\System32\UI0Detect.exe(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe(Microsoft Corporation) C:\WINDOWS\System32\schtasks.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe() C:\Users\Matthew\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe(Apple Inc.) C:\Program Files\iTunes\iTunes.exe(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe(Hewlett-Packard Company) C:\hp\KBD\kbd.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxcrnmh.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)HKLM\...\Run: [sunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)HKLM\...\Run: [] => [X]HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1915616 2014-10-13] (Bitdefender)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-04-03] (soft thinks)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-2231052432-505354547-3902923570-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)HKU\S-1-5-21-2231052432-505354547-3902923570-1000\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)HKU\S-1-5-21-2231052432-505354547-3902923570-1000\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)HKU\S-1-5-21-2231052432-505354547-3902923570-1000\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)HKU\S-1-5-21-2231052432-505354547-3902923570-1000\...\Run: [Amazon Cloud Player] => C:\Users\Matthew\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()HKU\S-1-5-21-2231052432-505354547-3902923570-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)HKU\S-1-5-21-2231052432-505354547-3902923570-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-2231052432-505354547-3902923570-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-10] (NETGEAR Inc.)HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)HKU\S-1-5-18\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)IFEO\apnmcp.exe: [Debugger] tasklist.exeIFEO\AppIntegrator64.exe: [Debugger] tasklist.exeIFEO\brs.exe: [Debugger] tasklist.exeIFEO\bservice.exe: [Debugger] tasklist.exeIFEO\bservice64.exe: [Debugger] tasklist.exeIFEO\cltmng.exe: [Debugger] tasklist.exeIFEO\cltmngui.exe: [Debugger] tasklist.exeIFEO\DatamngrUI.exe: [Debugger] tasklist.exeIFEO\DTUpdate.exe: [Debugger] tasklist.exeIFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exeIFEO\FrameworkEngine.exe: [Debugger] tasklist.exeIFEO\HpUI.exe: [Debugger] tasklist.exeIFEO\IdcLdr.exe: [Debugger] tasklist.exeIFEO\IdcLdr_x64.exe: [Debugger] tasklist.exeIFEO\IMGUpdater.exe: [Debugger] tasklist.exeIFEO\keepmysettingsx.exe: [Debugger] tasklist.exeIFEO\Loader32.exe: [Debugger] tasklist.exeIFEO\Loader64.exe: [Debugger] tasklist.exeIFEO\loggingserver.exe: [Debugger] tasklist.exeIFEO\Lrcnta.exe: [Debugger] tasklist.exeIFEO\PastaLeadsService.exe: [Debugger] tasklist.exeIFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exeIFEO\patch_ff.exe: [Debugger] tasklist.exeIFEO\PluginService.exe: [Debugger] tasklist.exeIFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exeIFEO\SafeFinder.exe: [Debugger] tasklist.exeIFEO\searcharmor.exe: [Debugger] tasklist.exeIFEO\search_protect.exe: [Debugger] tasklist.exeIFEO\smu.exe: [Debugger] tasklist.exeIFEO\spbiu.exe: [Debugger] tasklist.exeIFEO\srptm.exe: [Debugger] tasklist.exeIFEO\srpts.exe: [Debugger] tasklist.exeIFEO\srptsl.exe: [Debugger] tasklist.exeIFEO\SystemkService.exe: [Debugger] tasklist.exeIFEO\SystemSockets.exe: [Debugger] tasklist.exeIFEO\TBNotifier.exe: [Debugger] tasklist.exeIFEO\TNT2User.exe: [Debugger] tasklist.exeIFEO\Toolbar.exe: [Debugger] tasklist.exeIFEO\ToolbarUpdater.exe: [Debugger] tasklist.exeIFEO\vprot.exe: [Debugger] tasklist.exeIFEO\WajamInternetEnhancer.exe: [Debugger] tasklist.exeIFEO\WajamInternetEnhancerService.exe: [Debugger] tasklist.exeIFEO\wb.exe: [Debugger] tasklist.exeIFEO\YTDownloader.exe: [Debugger] tasklist.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnkShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20141107-vr-sshome-ie-df&q={searchTerms}HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear.ch/web/?type=20141107-vr-sshome-ie-df&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20141107-vr-sshome-ie-df&q={searchTerms}URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No FileHKU\S-1-5-21-2231052432-505354547-3902923570-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.safesear.ch/web/?type=20141107-vr-sshome-ie-df&q={searchTerms}SearchScopes: HKLM - TopResultURLFallback http://www.safesear.ch/web/?type=20141018-uz-sshome-ie-df&q={searchTerms}SearchScopes: HKLM - URL http://www.safesear.ch/web/?type=20141018-uz-sshome-ie-df&q={searchTerms}SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.safesear.ch/web/?type=20141107-vr-sshome-ie-df&q={searchTerms}SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.safesear.ch/web/?type=20141107-vr-sshome-ie-df&q={searchTerms}SearchScopes: HKCU - SuggestionsURLFallback https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}SearchScopes: HKCU - SuggestionsURL https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}SearchScopes: HKCU - TopResultURLFallback http://www.safesear.ch/web/?type=20141018-uz-sshome-ie-df&q={searchTerms}SearchScopes: HKCU - URL http://www.safesear.ch/web/?type=20141018-uz-sshome-ie-df&q={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.safesear.ch/web/?type=20141107-vr-sshome-ie-df&q={searchTerms}SearchScopes: HKCU - {4899CEFC-66C2-4F07-96E0-58ECA2E929AF} URL = http://delicious.com/search?p={searchTerms}SearchScopes: HKCU - {F8661794-A7FE-41F5-B47B-5F6AFD12C022} URL = http://www.flickr.com/search/?q={searchTerms}BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cabDPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\4af7nkrk.defaultFF SearchEngineOrder.1: SafeSearchFF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xmlFF Extension: Advanced Cookie Manager - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\4af7nkrk.default\Extensions\cookiemgr@jayapal.com [2014-01-10]FF Extension: 1-Click YouTube Video Downloader - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\4af7nkrk.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-08-02]FF Extension: Easy Youtube Video Downloader Express - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\4af7nkrk.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-08-02]FF Extension: Download Manager Tweak - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\4af7nkrk.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2013-01-03]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-28]FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdmanFF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman [2013-11-27]FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\4af7nkrk.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\4af7nkrk.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbextFF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-11-27]FF Extension: No Name - ffpwdman@bitdefender.com [Not Found] Chrome: =======CHR StartupUrls: Default -> "hxxp://www.bing.com/"CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (Bitdefender Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-11-07]CHR Extension: (Add to Amazon Wish List) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-12-01]CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2013-11-27]CHR StartMenuInternet: Google Chrome - Chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-08-13] (Bitdefender)R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-10-29] (SurfRight B.V.)R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [189440 2014-03-23] (NETGEAR) [File not signed]R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-08-13] (Bitdefender)R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1300224 2014-10-13] (Bitdefender) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1060312 2014-08-13] (BitDefender)R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-08-13] (BitDefender)R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-22] (BitDefender LLC)R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC)S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-11-27] (BitDefender LLC)R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-11-27] (BitDefender LLC)R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-08-12] (CACE Technologies, Inc.)R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [385096 2014-08-13] (BitDefender S.R.L.)S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder PSP Edition\SysInfo.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 SBFWIMCL; system32\DRIVERS\sbfwim.sys [X]S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 20:46 - 2014-11-12 20:47 - 00026242 _____ () C:\Users\Matthew\Downloads\FRST.txt2014-11-12 20:46 - 2014-11-12 20:46 - 00000000 ____D () C:\FRST2014-11-12 20:45 - 2014-11-12 20:45 - 01107968 _____ (Farbar) C:\Users\Matthew\Downloads\FRST.exe2014-11-11 00:06 - 2014-11-11 00:33 - 00000000 ____D () C:\ProgramData\Dumps2014-11-09 02:46 - 2014-11-11 04:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-11-08 19:47 - 2014-11-08 19:47 - 00008704 _____ () C:\Users\Matthew\Documents\Malwarebytes Info.wps2014-11-08 09:11 - 2014-11-08 09:11 - 02145792 _____ () C:\Users\Matthew\Downloads\adwcleaner_4.100.exe2014-11-07 23:07 - 2014-11-11 23:08 - 00000000 ____D () C:\Users\Matthew\AppData\Local\ComponentF2014-10-26 14:17 - 2014-10-26 14:17 - 00000000 ____D () C:\Program Files\Common Files\Java2014-10-26 14:16 - 2014-10-26 14:14 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-10-26 14:15 - 2014-10-26 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-10-26 14:15 - 2014-10-26 14:14 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-10-26 14:15 - 2014-10-26 14:14 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-10-26 14:15 - 2014-10-26 14:14 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-10-19 20:23 - 2014-10-19 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-10-19 20:22 - 2014-11-12 20:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-19 20:22 - 2014-11-12 20:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-19 19:06 - 2014-10-14 03:43 - 01705698 _____ (Thisisu) C:\Users\Matthew\Downloads\JRT_NEW.exe2014-10-18 23:51 - 2014-10-18 23:51 - 00147208 _____ () C:\Windows\Minidump\Mini101914-01.dmp2014-10-18 21:55 - 2014-11-07 23:05 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-10-18 21:55 - 2014-11-07 22:57 - 00000000 ____D () C:\Users\Matthew\AppData\Local\ComponentE2014-10-16 21:56 - 2014-10-16 21:56 - 00147208 _____ () C:\Windows\Minidump\Mini101614-01.dmp2014-10-15 19:52 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-15 19:52 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-15 19:52 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-15 19:50 - 2014-09-27 15:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-15 19:29 - 2014-09-04 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys2014-10-15 19:26 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-15 17:13 - 2014-09-19 14:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-15 17:13 - 2014-09-19 14:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-15 17:13 - 2014-09-19 14:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-15 17:13 - 2014-09-19 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-15 17:13 - 2014-09-19 14:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-15 17:13 - 2014-09-19 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-15 17:13 - 2014-09-19 14:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-10-15 17:13 - 2014-09-19 14:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-15 17:13 - 2014-09-19 14:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-15 17:13 - 2014-09-19 14:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-15 17:13 - 2014-09-19 14:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-10-15 17:13 - 2014-09-19 14:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-15 17:13 - 2014-09-19 14:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-15 17:13 - 2014-09-19 14:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-10-15 17:13 - 2014-09-19 14:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-15 17:13 - 2014-09-19 14:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-15 17:13 - 2014-09-19 14:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-15 17:13 - 2014-09-19 14:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-15 17:13 - 2014-09-19 14:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-10-15 17:13 - 2014-09-19 14:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-10-15 17:13 - 2014-09-19 14:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 20:44 - 2012-04-05 20:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-12 20:43 - 2012-04-05 20:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-11-12 20:43 - 2011-05-18 18:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-11-12 20:38 - 2014-08-31 17:37 - 01569644 _____ () C:\Windows\WindowsUpdate.log2014-11-12 20:37 - 2007-08-04 21:21 - 00000000 ____D () C:\Windows\SMINST2014-11-12 20:30 - 2006-11-02 02:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-12 20:22 - 2011-08-07 19:00 - 00280104 _____ () C:\Windows\system32\spsys.log2014-11-12 20:22 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-12 20:22 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-11-12 20:22 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-11-12 20:20 - 2014-09-11 21:57 - 00005674 _____ () C:\Windows\PFRO.log2014-11-12 20:20 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\PLA2014-11-12 00:36 - 2006-11-02 05:01 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-11-11 23:54 - 2009-11-04 18:12 - 00000000 ____D () C:\Users\Matthew\Downloads\MediaCoder2014-11-11 20:57 - 2009-05-23 15:50 - 00044388 _____ () C:\Users\Matthew\AppData\Roaming\wklnhst.dat2014-11-11 19:58 - 2014-09-29 18:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-11 19:54 - 2014-09-29 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-11 19:54 - 2014-09-29 18:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-11-11 12:19 - 2010-02-09 12:35 - 00000052 _____ () C:\Windows\system32\DOErrors.log2014-11-10 10:53 - 2013-01-03 03:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-11-09 03:03 - 2012-06-09 00:46 - 00009728 _____ () C:\Users\Matthew\Documents\emoticons.wps2014-11-08 20:13 - 2014-01-04 21:54 - 00000000 ____D () C:\Users\Matthew\AppData\Local\NETGEARGenie2014-11-08 11:51 - 2014-09-29 18:10 - 00000000 ____D () C:\AdwCleaner2014-11-07 23:06 - 2014-09-11 21:48 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk2014-11-07 20:53 - 2009-07-28 17:09 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\HpUpdate2014-10-28 05:35 - 2009-10-07 18:21 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-26 14:17 - 2014-04-16 16:31 - 00000000 ____D () C:\ProgramData\Oracle2014-10-26 14:12 - 2007-08-04 21:00 - 00000000 ____D () C:\Program Files\Java2014-10-23 20:40 - 2012-07-30 22:08 - 00008704 _____ () C:\Users\Matthew\Documents\E-bay.wps2014-10-23 18:55 - 2011-09-07 20:55 - 00001356 _____ () C:\Users\Matthew\AppData\Local\d3d9caps.dat2014-10-19 20:23 - 2013-11-25 18:01 - 00000000 ____D () C:\Program Files\Google2014-10-19 20:22 - 2013-11-25 17:59 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Deployment2014-10-19 00:13 - 2013-11-27 21:37 - 00000307 ____H () C:\bdr-cf012014-10-18 23:51 - 2014-09-11 04:15 - 308445055 _____ () C:\Windows\MEMORY.DMP2014-10-18 23:51 - 2011-05-29 00:06 - 00000000 ____D () C:\Windows\Minidump2014-10-18 21:54 - 2014-09-25 21:53 - 00000000 ____D () C:\Users\Matthew\AppData\Local\ComponentD2014-10-18 18:44 - 2014-08-25 02:57 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Adobe2014-10-17 06:44 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET2014-10-16 18:13 - 2014-08-31 17:35 - 00338080 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-15 19:49 - 2013-08-12 05:22 - 00000000 ____D () C:\Windows\system32\MRT2014-10-15 19:29 - 2006-11-02 02:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Files to move or delete:====================C:\ProgramData\ism_0_llatsni.pad Some content of TEMP:====================C:\Users\Matthew\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Matthew\AppData\Local\Temp\Quarantine.exeC:\Users\Matthew\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-12 20:36 ==================== End Of Log ============================ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014Ran by Matthew at 2014-11-12 20:48:13Running from C:\Users\Matthew\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) HiddenAdobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Amazon Add to Wish List IE Extension 1.1 (HKLM\...\Amazon Add to Wish List IE Extension) (Version: 1.1 - Amazon)Amazon MP3 Downloader 1.0.12 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)AMD Catalyst Install Manager (HKLM\...\{3825F8BD-F784-6FBB-A5CD-857559148007}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) HiddenApple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)AusLogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 1.4 - Auslogics Software Pty Ltd)Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.15.0.682 - Bitdefender)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)Elevated Installer (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) HiddenEnhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard)Garmin BaseCamp (HKLM\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)Garmin Express (HKLM\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)Garmin Express (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) HiddenGarmin MapSource (HKLM\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)Google Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenHardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4558.05 - PC-Doctor, Inc.)HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.2.0.2296 - Hewlett-Packard)HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.2.0.2304 - Hewlett-Packard)HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)HP Update (HKLM\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) HiddenInternet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)K-Lite Mega Codec Pack 10.7.1 (HKLM\...\KLiteCodecPack_is1) (Version: 10.7.1 - )LightScribe 1.6.45.1 (Version: 1.6.45.1 - http://www.lightscribe.com) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MechWarrior Online (HKLM\...\{ffbbd184-8eba-469f-bb26-ea4e1f6bfd4c}) (Version: 1.4.1.0 - Piranha Games Inc.)MechWarrior Online (Version: 1.4.1.0 - Piranha Games Inc.) HiddenMediaCoder Audio Edition 0.7.2.4530 (HKLM\...\MediaCoder Audio Edition) (Version: 0.7.2.4530 - Broad Intelligence)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)Mozilla Firefox 33.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)muvee autoProducer 6.0 (HKLM\...\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}) (Version: 6.00.050 - muvee Technologies)My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1804 - WildTangent)NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)Next Generation Visualisations (HKLM\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft)North West USA Topo Map (HKLM\...\NW USA Topo) (Version: - )Northwest Trails (HKLM\...\Northwest Trails) (Version: 1.79 - Switchbacks.com)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )Oregon Wildernesses Map (HKLM\...\Oregon Wildernesses) (Version: - )PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) HiddenPython 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Real Alternative 1.9.0 (HKLM\...\RealAlt_is1) (Version: 1.9.0 - )Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)Rhapsody (HKLM\...\Rhapsody) (Version: - )Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.572 - Roxio)Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )US State and County Borders (HKLM\...\USStatesandCounties) (Version: - )VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) HiddenVideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) HiddenWeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) HiddenWestern Ownership (HKLM\...\Western Ownership) (Version: - )Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)XnView 1.95.4 (HKLM\...\XnView_is1) (Version: 1.95.4 - Gougelet Pierre-e) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 16-10-2014 03:26:17 Windows Update20-10-2014 09:35:41 Scheduled Checkpoint21-10-2014 09:07:34 Windows Update21-10-2014 23:08:17 Scheduled Checkpoint22-10-2014 16:15:03 Scheduled Checkpoint25-10-2014 03:09:08 Windows Update26-10-2014 07:16:18 Scheduled Checkpoint26-10-2014 21:51:59 Installed Java 7 Update 7128-10-2014 07:04:04 Windows Update29-10-2014 23:47:47 Scheduled Checkpoint31-10-2014 06:11:46 Scheduled Checkpoint31-10-2014 08:29:41 Windows Update01-11-2014 04:15:12 Scheduled Checkpoint01-11-2014 19:12:06 Scheduled Checkpoint08-11-2014 05:04:41 Windows Update09-11-2014 09:12:06 Scheduled Checkpoint09-11-2014 21:33:28 Scheduled Checkpoint11-11-2014 10:43:10 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 02:23 - 2010-04-30 20:00 - 00393089 ____R C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 10sek.com127.0.0.1 www.10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 www.123fporn.info127.0.0.1 123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {051F941C-BB4F-4C47-8B1A-6BBCFA22928E} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exeTask: {2A8F7E61-3696-4B34-86F3-FAB19373AFD2} - System32\Tasks\JavaUpdateMatthew => C:\Windows\system32\jusched.exeTask: {2B2F5E6E-040A-4F5E-9E81-B602ACBAE4CE} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exeTask: {3B46E8B6-6B86-496F-9658-8E07781FF465} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {48BBE563-E585-4495-AA6B-D26E76042DE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)Task: {4EC78F0C-A50A-4B27-B251-C73217E48EE2} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()Task: {5A83190A-5A43-408F-85E9-6ED9761EDC99} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)Task: {734E5910-4254-44AC-945E-B3D0475E66BA} - System32\Tasks\Component System\Component => C:\Users\Matthew\AppData\Local\ComponentF\com.exe [2014-10-24] ()Task: {886FB6DC-5779-46D0-A554-CAFD12DEE209} - \NSManager_1410520111 No Task File <==== ATTENTIONTask: {92ED9BE4-05DA-403A-B7EC-C1FAF8FE4655} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation)Task: {93B15ECE-BA8C-45B3-B5C4-6F135CAE5036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {A2E361F2-42E1-4048-BBD9-43267BAAC033} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-04] ()Task: {A40BDF1F-F584-47AF-AA1F-8353D2EB2051} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-05-17] ()Task: {BA5778FC-F35B-4DCE-AD1E-ADAF14C20A4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {DDE6DDF1-A9CA-443B-B3A8-2A47AF89AC3E} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-09 05:57 - 2014-10-13 17:53 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll2013-11-27 21:36 - 2014-08-13 01:13 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui2013-11-27 21:34 - 2011-11-14 19:17 - 00132176 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll2013-11-27 21:36 - 2014-08-13 01:13 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui2014-07-23 23:54 - 2014-07-23 23:54 - 00676568 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00040_018\ashttpbr.mdl2014-07-23 23:54 - 2014-07-23 23:54 - 00490144 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00040_018\ashttpdsp.mdl2014-07-23 23:54 - 2014-07-23 23:54 - 02138096 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00040_018\ashttpph.mdl2014-07-23 23:54 - 2014-07-23 23:54 - 01128744 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00040_018\ashttprbl.mdl2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2013-08-09 05:57 - 2013-11-25 12:53 - 00919136 ____N () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll2012-06-11 08:24 - 2012-12-19 11:30 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll2013-11-27 21:33 - 2014-08-13 01:15 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll2013-11-27 21:33 - 2014-08-13 01:15 - 00159496 _____ () C:\Program Files\Bitdefender\Bitdefender\pwdmandb.dll2013-11-30 22:34 - 2013-11-24 09:56 - 03139072 _____ () C:\Users\Matthew\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe2013-09-28 17:14 - 2013-09-28 17:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll2013-09-28 17:13 - 2013-09-28 17:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll2013-09-28 17:13 - 2013-09-28 17:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll2013-09-28 17:14 - 2013-09-28 17:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll2013-09-28 17:14 - 2013-09-28 17:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll2013-09-28 17:14 - 2013-09-28 17:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll2014-06-10 23:40 - 2014-06-10 23:40 - 00523776 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll2014-06-10 23:09 - 2014-06-10 23:09 - 01554944 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll2014-06-10 23:10 - 2014-06-10 23:10 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll2014-06-10 23:11 - 2014-06-10 23:11 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll2014-06-10 23:59 - 2014-06-10 23:59 - 05992960 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll2014-03-23 19:33 - 2014-03-23 19:33 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll2014-06-10 23:30 - 2014-06-10 23:30 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll2014-03-23 19:33 - 2014-03-23 19:33 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll2014-06-10 23:29 - 2014-06-10 23:29 - 01175552 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll2014-06-10 23:31 - 2014-06-10 23:31 - 10063872 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll2014-06-12 23:39 - 2014-06-12 23:39 - 01361920 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll2014-06-10 23:35 - 2014-06-10 23:35 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll2014-06-10 23:36 - 2014-06-10 23:36 - 00885248 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll2014-06-10 23:38 - 2014-06-10 23:38 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll2013-09-28 17:13 - 2013-09-28 17:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll2013-09-28 17:13 - 2013-09-28 17:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll2013-09-28 17:13 - 2013-09-28 17:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll2013-09-28 17:13 - 2013-09-28 17:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll2014-04-08 00:07 - 2014-04-08 00:07 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll2014-04-08 00:06 - 2014-04-08 00:06 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll2012-11-29 01:56 - 2012-11-29 01:56 - 03332720 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll2014-03-23 19:31 - 2014-03-23 19:31 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll2014-03-23 19:31 - 2014-03-23 19:31 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll2014-03-23 19:31 - 2014-03-23 19:31 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll2014-06-10 23:36 - 2014-06-10 23:36 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll2014-06-10 23:38 - 2014-06-10 23:38 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll2014-03-23 20:08 - 2014-03-23 20:08 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll2014-03-23 19:31 - 2014-03-23 19:31 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll2013-09-28 17:13 - 2013-09-28 17:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll2012-12-19 15:31 - 2012-12-19 15:31 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2014-06-10 23:40 - 2014-06-10 23:40 - 00098816 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe2014-02-12 19:58 - 2014-02-12 19:58 - 00237384 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll2014-10-19 20:23 - 2014-10-09 18:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll2014-10-19 20:23 - 2014-10-09 18:03 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Matthew\Downloads\10-5656-state_county_install.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\247-963-Western Ownership_install.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\adwcleaner_4.100.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\AmazonCloudPlayerInstaller_381.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\BaseCamp_435.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\ccsetup313.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\ccsetup324.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\chromeinstall-7u55.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\Firefox Setup 8.0.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\FRST.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\GarminExpress.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\HitmanPro.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\instsf449.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\MapSource_6163.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\msgr11us.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\orwild_install.exe:BDUAlternateDataStreams: C:\Users\Matthew\Downloads\US_VISTA_X86.exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2231052432-505354547-3902923570-500 - Administrator - Disabled)Guest (S-1-5-21-2231052432-505354547-3902923570-501 - Limited - Disabled)Matthew (S-1-5-21-2231052432-505354547-3902923570-1000 - Administrator - Enabled) => C:\Users\Matthew ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/12/2014 08:39:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 2.1.168.192.in-addr.arpa. PTR Valuta.local. Error: (11/12/2014 08:39:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353 16 2.1.168.192.in-addr.arpa. PTR Valuta-2.local. Error: (11/11/2014 07:24:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 2.1.168.192.in-addr.arpa. PTR Valuta.local. Error: (11/11/2014 07:24:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353 16 2.1.168.192.in-addr.arpa. PTR Valuta-2.local. Error: (11/10/2014 07:13:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 2.1.168.192.in-addr.arpa. PTR Valuta.local. Error: (11/10/2014 07:13:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353 16 2.1.168.192.in-addr.arpa. PTR Valuta-2.local. Error: (11/10/2014 00:16:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application iTunes.exe, version 11.4.0.18, time stamp 0x54045c47, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x3f800000,process id 0x1038, application start time 0xiTunes.exe0. Error: (11/10/2014 11:02:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 2.1.168.192.in-addr.arpa. PTR Valuta.local. Error: (11/10/2014 11:02:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353 16 2.1.168.192.in-addr.arpa. PTR Valuta-2.local. Error: (11/09/2014 06:17:25 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application iTunes.exe, version 11.4.0.18, time stamp 0x54045c47, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x3feca4c0,process id 0x17a8, application start time 0xiTunes.exe0. System errors:=============Error: (11/12/2014 08:30:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: Google Update Service (gupdate)1 Error: (11/12/2014 08:23:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: SBRE Error: (11/12/2014 08:23:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (11/12/2014 08:23:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: NVIDIA Display Driver Servicenvlddmkm%%1058 Error: (11/12/2014 08:23:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: Bitdefender Virus Shield Error: (11/11/2014 07:22:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: SBRE Error: (11/11/2014 07:22:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (11/11/2014 07:22:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: NVIDIA Display Driver Servicenvlddmkm%%1058 Error: (11/11/2014 07:22:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: Bitdefender Virus Shield Error: (11/10/2014 07:10:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: SBRE Microsoft Office Sessions:=========================Error: (11/12/2014 08:39:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 2.1.168.192.in-addr.arpa. PTR Valuta.local. Error: (11/12/2014 08:39:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353 16 2.1.168.192.in-addr.arpa. PTR Valuta-2.local. Error: (11/11/2014 07:24:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 2.1.168.192.in-addr.arpa. PTR Valuta.local. Error: (11/11/2014 07:24:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353 16 2.1.168.192.in-addr.arpa. PTR Valuta-2.local. Error: (11/10/2014 07:13:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 2.1.168.192.in-addr.arpa. PTR Valuta.local. Error: (11/10/2014 07:13:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353 16 2.1.168.192.in-addr.arpa. PTR Valuta-2.local. Error: (11/10/2014 00:16:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iTunes.exe11.4.0.1854045c47unknown0.0.0.000000000c00000053f800000103801cffd18e85f1ff0 Error: (11/10/2014 11:02:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 2.1.168.192.in-addr.arpa. PTR Valuta.local. Error: (11/10/2014 11:02:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353 16 2.1.168.192.in-addr.arpa. PTR Valuta-2.local. Error: (11/09/2014 06:17:25 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iTunes.exe11.4.0.1854045c47unknown0.0.0.000000000c00000053feca4c017a801cffc54fa87f56a CodeIntegrity Errors:=================================== Date: 2014-11-11 22:36:29.134 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-11 22:36:28.779 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-11 22:36:28.415 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-11 22:36:27.936 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-11 22:36:27.540 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-11 22:36:27.168 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-11 22:31:42.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-11 22:31:42.576 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-11 22:31:42.223 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-11 22:31:41.859 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Athlon 64 X2 Dual Core Processor 5600+Percentage of memory in use: 81%Total physical RAM: 3069.82 MBAvailable physical RAM: 573.09 MBTotal Pagefile: 6355.65 MBAvailable Pagefile: 2796.88 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1882 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:372.61 GB) (Free:158.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: (Lexar) (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32Drive i: (My Book) (Fixed) (Total:931.28 GB) (Free:397.06 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 372.6 GB) (Disk ID: B2F83C98)Partition 1: (Active) - (Size=372.6 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)Partition 1: (Active) - (Size=7.5 GB) - (Type=0C) ========================================================Disk: 2 (Size: 931.5 GB) (Disk ID: E8900690)Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C) ==================== End Of Log ============================
  2. Hello to anyone who may be able to help me with this massively irritating problem I not so politely refer to as that [bleep] [bleep] [bleep] SafeSearch [bleep] virus. SafeSearch appears to be a browser hijacker that may or may not be related to the Search Protect Malware which has repeatedly appeared in my programs list and beeen promptly removed. All of my attempts to totally remove it on my own and via online guides have failed since it first appeared on my PC around mid September. Occasionally I thought I was rid of it only to have it suddenly reappear. Assuming this was the result of something I downloaded from that time period I tried uninstalling a few things and then running Bitdefender(default), Malwarebytes, HitmanPro, Adwcleaner and various other malware and virus removal tools to root this [bleep] out. Sadly, none of my repeated attempts truly solved the problem. I started to really lose my lid though when SafeSearch somehow locked itself into Google Chrome with administrative privileges as my default search provider and home page, which takes me to these addresses every [bleep] [bleep] time: http://www.safesear.ch/?type=20141107-vr-ie http://www.safesear.ch/?type=20141107-vr-ch-tr The address seems to vary based on which browser I'm using, the former being IE and the latter being Google Chrome. Basically I'm at my wits end and need help since I no longer know what to do or try within my limited sphere of knowledge regarding computers. Please help, as a person with OCD, this is driving me Futs Nuckin.
  3. Like an itch you can't scratch...

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.