Jump to content

Malwarebytes Free shows clean but problems persist


Recommended Posts

Unable to upload Addition.txt and FRST.txt so I'm pasting them here instead.

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Home Student at 2014-07-22 09:46:22
Running from C:\Users\Home Student\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Snap.Do Engine (HKCU\...\{82ed311f-d293-4230-9933-f6db8933fa89}) (Version: 1.138.1.12259 - ReSoft Ltd.) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

==================== Restore Points  =========================

07-07-2014 02:00:31 Windows Backup
09-07-2014 01:24:22 Windows Update
09-07-2014 10:00:13 Windows Update
13-07-2014 20:37:36 Windows Update
14-07-2014 02:00:05 Windows Backup
17-07-2014 08:50:47 Windows Update
20-07-2014 21:45:13 Windows Update
21-07-2014 02:00:05 Windows Backup

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {111D74D5-F559-45EA-826E-09F0CA5FDA2A} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION
Task: {1AA6952A-B366-471A-B142-E7E77C2DC51A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {23DB3EB0-EB42-430C-89B6-165AB46D56C4} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {2EC705CB-C48F-4594-B0B3-FC2BD0A95DA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26] (Google Inc.)
Task: {393ED98C-4178-4337-ABA7-E86A3128C0C5} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {472AE0C0-8904-4786-8610-DCB4A7489E16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {47B065EC-0469-474D-B02E-D59A22C1207C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-05-23] (AnyProtect by CMI)
Task: {5C48AA8C-E159-4979-9AED-F53E218586E9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {6847C982-6546-442E-8DF0-1BF856ED9793} - \Dealply No Task File <==== ATTENTION
Task: {6DC46033-0BFC-4B12-899F-C40A3574B14E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {70E596A8-4C28-41B3-8CD2-C4254ECA2CB2} - System32\Tasks\VisualBeeRecovery => C:\Users\Home
Task: {82C1EA32-4277-42C8-8907-03EA4538DFED} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {89FD8940-F3CA-4206-9C6A-FD2EC6FC1D66} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9A359443-DFF0-4E36-B5A4-7D507D051995} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-05-23] (AnyProtect by CMI)
Task: {9E35BCA6-0528-4E3E-959B-63E0EA9DD180} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {ACCDE9E4-FD89-48D2-9AAC-DFA9F04CE2C7} - System32\Tasks\FF Watcher {9AEAC859-EC4A-4E03-8EAB-59DC062C90CF} => C:\Program Files\V-bates\PrefHelper.exe
Task: {C399FE2B-1D3F-4F17-88D7-21C806B0BA5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D3736723-989C-476C-BE40-289333C07E6C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-05-23] (AnyProtect by CMI)
Task: {E9F13BE9-3810-44A7-955D-DBC7E48E00FE} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {FCDE22C6-AE68-490C-B3A8-4CDBB2932593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\HOMEST~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FF Watcher {9AEAC859-EC4A-4E03-8EAB-59DC062C90CF}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-13 13:59 - 2014-05-20 09:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-04-04 19:46 - 2012-04-04 19:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-18 06:27 - 2012-10-18 06:27 - 04386816 _____ () C:\Program Files (x86)\OtShot\otshot.exe
2013-05-28 00:37 - 2009-07-02 14:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2014-04-11 14:01 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-16 14:23 - 2010-07-12 14:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-566\ANIWConnService.exe
2013-07-16 14:23 - 2013-07-16 14:23 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-566\ANPDApi.dll
2013-07-16 14:23 - 2010-05-13 10:58 - 00294912 _____ () C:\Program Files (x86)\D-Link\DWA-566\WlanApp.dll
2014-06-21 16:42 - 2014-06-21 16:42 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: F06DEFF2-5B9C-490D-910F-35D3A91196222
Description: F06DEFF2-5B9C-490D-910F-35D3A91196222
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: F06DEFF2-5B9C-490D-910F-35D3A91196222
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl70512449
Description: MpKsl70512449
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl70512449
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2014 09:22:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\DealPlyLiveHelper.msi

Error: (07/22/2014 09:15:56 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\DealPlyLiveHelper.msi

Error: (07/22/2014 09:13:21 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.ServiceProcess.ServiceController.GetDataBaseHandleWithAccess(System.String, Int32)
   at System.ServiceProcess.ServiceController.GetDataBaseHandleWithConnectAccess()
   at System.ServiceProcess.ServiceController.GenerateNames()
   at System.ServiceProcess.ServiceController.get_ServiceName()
   at System.ServiceProcess.ServiceController.GenerateStatus()
   at System.ServiceProcess.ServiceController.get_Status()
   at Avira.OE.WinCore.Utility.WmiWrapper.IsWmiServicePaused()
   at Avira.OE.WinCore.Utility.WmiWrapper.RunWqlStatement(System.String)
   at Avira.OE.WinCore.Utility.WmiWrapper.CountEntries(System.String)
   at Avira.OE.WinCore.Utility.HardwareDeviceInfo.get_NumberOfBatteries()
   at Avira.OE.WinCore.DeviceInformation.get_DeviceType()
   at Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
   at Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
   at Avira.OE.ServiceHost.ServiceHost+<>c__DisplayClass2.<Initialize>b__0(System.Object, System.EventArgs)
   at System.EventHandler`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Invoke(System.Object, System.__Canon)
   at Avira.OE.ServiceHost.ServiceStatusProviderContainer.DeviceStatusProvider_DeviceStatusChanged(System.Object, System.EventArgs)
   at Avira.OE.AvConnector.AvConnector.FireDeviceStatusChanged()
   at Avira.OE.AvConnector.AvConnector.RefreshDeviceState()
   at Avira.OE.AvConnector.AvConnector.OnEventDatabaseFileChanged(System.Object, System.EventArgs)
   at Avira.OE.AvConnector.AvFileMonitor.FileWatcher_Changed(System.Object, System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.OnChanged(System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
   at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (07/22/2014 09:11:15 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\DealPlyLiveHelper.msi

Error: (07/21/2014 11:10:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8377

Error: (07/21/2014 11:10:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8377

Error: (07/21/2014 11:10:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/21/2014 11:10:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7379

Error: (07/21/2014 11:10:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7379

Error: (07/21/2014 11:10:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/22/2014 09:15:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
F06DEFF2-5B9C-490D-910F-35D3A91196222

Error: (07/22/2014 09:14:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Supporter service to connect.

Error: (07/21/2014 09:55:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
F06DEFF2-5B9C-490D-910F-35D3A91196222

Error: (07/21/2014 09:55:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Supporter service to connect.

Error: (07/20/2014 02:35:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
F06DEFF2-5B9C-490D-910F-35D3A91196222

Error: (07/20/2014 02:34:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Supporter service to connect.

Error: (07/20/2014 02:19:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.179.420.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/20/2014 02:09:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
F06DEFF2-5B9C-490D-910F-35D3A91196222

Error: (07/20/2014 02:09:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Supporter service to connect.

Error: (07/20/2014 01:25:16 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.179.420.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (07/22/2014 09:22:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/22/2014 09:15:56 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/22/2014 09:13:21 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.ServiceProcess.ServiceController.GetDataBaseHandleWithAccess(System.String, Int32)
   at System.ServiceProcess.ServiceController.GetDataBaseHandleWithConnectAccess()
   at System.ServiceProcess.ServiceController.GenerateNames()
   at System.ServiceProcess.ServiceController.get_ServiceName()
   at System.ServiceProcess.ServiceController.GenerateStatus()
   at System.ServiceProcess.ServiceController.get_Status()
   at Avira.OE.WinCore.Utility.WmiWrapper.IsWmiServicePaused()
   at Avira.OE.WinCore.Utility.WmiWrapper.RunWqlStatement(System.String)
   at Avira.OE.WinCore.Utility.WmiWrapper.CountEntries(System.String)
   at Avira.OE.WinCore.Utility.HardwareDeviceInfo.get_NumberOfBatteries()
   at Avira.OE.WinCore.DeviceInformation.get_DeviceType()
   at Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
   at Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
   at Avira.OE.ServiceHost.ServiceHost+<>c__DisplayClass2.<Initialize>b__0(System.Object, System.EventArgs)
   at System.EventHandler`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Invoke(System.Object, System.__Canon)
   at Avira.OE.ServiceHost.ServiceStatusProviderContainer.DeviceStatusProvider_DeviceStatusChanged(System.Object, System.EventArgs)
   at Avira.OE.AvConnector.AvConnector.FireDeviceStatusChanged()
   at Avira.OE.AvConnector.AvConnector.RefreshDeviceState()
   at Avira.OE.AvConnector.AvConnector.OnEventDatabaseFileChanged(System.Object, System.EventArgs)
   at Avira.OE.AvConnector.AvFileMonitor.FileWatcher_Changed(System.Object, System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.OnChanged(System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
   at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (07/22/2014 09:11:15 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/21/2014 11:10:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8377

Error: (07/21/2014 11:10:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8377

Error: (07/21/2014 11:10:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/21/2014 11:10:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7379

Error: (07/21/2014 11:10:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7379

Error: (07/21/2014 11:10:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3979.05 MB
Available physical RAM: 2153.71 MB
Total Pagefile: 7956.29 MB
Available Pagefile: 6092.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.02 GB) (Free:344.09 GB) NTFS
Drive d: (Duncan) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
Drive e: (HP_RECOVERY) (Fixed) (Total:14.54 GB) (Free:1.72 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5DD72B12)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=101 MB) - (Type=27)

==================== End Of Log ============================

 

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Home Student (administrator) on HOMESTUDENT-HP on 22-07-2014 09:45:13
Running from C:\Users\Home Student\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-566\AirNCFG.exe
() C:\Program Files (x86)\OtShot\otshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\D-Link\DWA-566\ANIWConnService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-10-15] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [D-Link D-Link DWA-566] => C:\Program Files (x86)\D-Link\DWA-566\AirNCFG.exe [1074496 2011-08-12] (D-Link Corp.)
HKLM-x32\...\Run: [OtShot] => C:\Program Files (x86)\OtShot\otshot.exe [4386816 2012-10-18] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3402564657-2907318571-1118940796-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3402564657-2907318571-1118940796-1000\...\Run: [backgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Home Student\AppData\Local\Conduit\BackgroundContainer\ (the data entry has 32 more characters).
HKU\S-1-5-21-3402564657-2907318571-1118940796-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-07-20] (Electronic Arts)
HKU\S-1-5-21-3402564657-2907318571-1118940796-1000\...\MountPoints2: {1bf1f5ce-d46a-11e2-a5d6-806e6f6e6963} - D:\autorun.exe duncan.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14005
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0ByE0ByDtB0F0D0DtBtDtA0ByCtByEyDtN0D0Tzu0SzzyByEtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StB0C0AzzyD0E0EtAtGzz0E0A0EtG0D0EyBzytGtA0CyE0CtGyDyE0F0BtCyC0FtC0DtDzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCzyzyyE0F0AyEtGyByEyC0EtGyCtCtD0FtGtDyC0FyBtGyB0BzyyE0A0EtBtBtAzyzytB2Q&cr=1554120751&ir=
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a13277-209&apn_uid=1595476653224055&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM - {5721852B-E4F9-4BF2-8B83-428DFEA2AF23} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-111074-26712-7/4?satitle={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a13277-209&apn_uid=1595476653224055&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {5721852B-E4F9-4BF2-8B83-428DFEA2AF23} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-111074-26712-7/4?satitle={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0ByE0ByDtB0F0D0DtBtDtA0ByCtByEyDtN0D0Tzu0SzzyByEtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StB0C0AzzyD0E0EtAtGzz0E0A0EtG0D0EyBzytGtA0CyE0CtGyDyE0F0BtCyC0FtC0DtDzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCzyzyyE0F0AyEtGyByEyC0EtGyCtCtD0FtGtDyC0FyBtGyB0BzyyE0A0EtBtBtAzyzytB2Q&cr=1554120751&ir=
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a13277-209&apn_uid=1595476653224055&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {5721852B-E4F9-4BF2-8B83-428DFEA2AF23} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {CD82D201-71AA-44EE-ACC4-ADE7B5C62EB2} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=c68562450000000000009094e4092ab4&affilt=3&r=530
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-111074-26712-7/4?satitle={searchTerms}
SearchScopes: HKCU - {D97F8A7A-8C19-4FC1-8A09-59FCBEF68B41} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN21884755432154293&UM=2
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - google.com - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: v9
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files (x86)\Roblox\Versions\version-c04585a2d58a4f29\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Home Student\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\user.js
FF SearchPlugin: C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: Widget context - C:\Users\Home Student\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-05-17]
FF Extension: Avira Browser Safety - C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\Extensions\abs@avira.com [2014-07-06]
FF Extension: Adblock Plus - C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-02]
FF HKCU\...\Firefox\Extensions: [{E61F2DCC-2098-D117-3282-8ED1DCE320DD}] - C:\Program Files (x86)\SuperLyrics-soft\161.xpi

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a13277-209&t=4"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://dts.search.ask.com/sr?src=crb&gct=ds&appid=102&systemid=473&v=a13277-209&apn_uid=1595476653224055&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Magnifier for Facebook) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf [2014-06-11]
CHR Extension: (Google Docs) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-26]
CHR Extension: (Google Drive) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-26]
CHR Extension: (Music Maker) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdblcahgpgoandbbidibfjnlfkmpccaf [2014-06-09]
CHR Extension: (YouTube) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-26]
CHR Extension: (No Name) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnljggfbhlncogjicmndickihfnjkknk [2014-04-29]
CHR Extension: (Google Search) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-26]
CHR Extension: (DealExpRess) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfidlmhcfcfbkpkemcejcakgfdpciaof [2014-04-27]
CHR Extension: (HTmlCHecker) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\imelcnblmfenapnjepdpdledgekgdkad [2014-05-17]
CHR Extension: (AollCCheApPricE) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgikkbchdjfeomdejhgmdnbmogokfhlc [2014-05-21]
CHR Extension: (VK Switcher) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfojgmgodcgmjoiokklgmailddgolmda [2014-06-10]
CHR Extension: (SaveClicker) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmhdhmcgjkmgiebmejiidlhfgjhhakf [2014-04-19]
CHR Extension: (Google Wallet) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Widget context) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-05-17]
CHR Extension: (Gmail) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05]
CHR Extension: (FuoN2SAve) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmaijdkcpplmbkodhlcdnjkcbmhlfgfp [2014-05-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [190104 2013-06-21] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-11-23] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 D_Link_DWA-566_WPS; C:\Program Files (x86)\D-Link\DWA-566\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1135136 2012-10-15] (PDF Complete Inc)
R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R3 athr; C:\Windows\System32\DRIVERS\Dathrx.sys [2750464 2011-05-24] (Atheros Communications, Inc.)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-11] (BitRaider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc2.cfg [X]
S1 MpKsl70512449; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0266C58D-5C7E-47CC-8A7E-8AC1CC19DDB6}\MpKsl70512449.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 09:45 - 2014-07-22 09:45 - 00021551 _____ () C:\Users\Home Student\Downloads\FRST.txt
2014-07-22 09:45 - 2014-07-22 09:45 - 00000000 ____D () C:\FRST
2014-07-22 09:43 - 2014-07-22 09:43 - 02090496 _____ (Farbar) C:\Users\Home Student\Downloads\FRST64.exe
2014-07-22 09:19 - 2014-07-22 09:19 - 00000000 ____D () C:\OETemp
2014-07-22 09:18 - 2014-07-22 09:18 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-07-21 10:08 - 2014-07-21 10:08 - 00002732 _____ () C:\Users\Home Student\Desktop\fusebundle.log
2014-07-21 10:08 - 2014-07-21 10:08 - 00000000 ____D () C:\Users\Home Student\Desktop\temp
2014-07-20 20:11 - 2014-07-21 22:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-20 20:11 - 2014-07-20 20:11 - 01141680 _____ () C:\Users\Home Student\Downloads\SteamSetup.exe
2014-07-20 20:11 - 2014-07-20 20:11 - 00000969 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-07-20 20:11 - 2014-07-20 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-20 19:54 - 2014-07-20 19:54 - 00000000 ____D () C:\Users\Home Student\AppData\Local\Origin
2014-07-20 19:53 - 2014-07-22 09:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-20 19:53 - 2014-07-20 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-20 19:51 - 2014-07-20 19:52 - 17089296 _____ (Electronic Arts, Inc.) C:\Users\Home Student\Downloads\OriginThinSetup(3).exe
2014-07-20 19:50 - 2014-07-20 19:50 - 17089296 _____ (Electronic Arts, Inc.) C:\Users\Home Student\Downloads\OriginThinSetup(2).exe
2014-07-13 14:42 - 2014-07-13 14:42 - 00000000 ____D () C:\Users\Home Student\AppData\Local\next car game free technology demo
2014-07-13 14:40 - 2014-07-13 14:41 - 122688622 _____ (Bugbear Entertainment) C:\Users\Home Student\Downloads\Next_Car_Game_Free_Technology_Demo.exe
2014-07-08 20:58 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 20:58 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 20:58 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 20:58 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 20:58 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 20:58 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 20:58 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 20:58 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 20:58 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 20:58 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 20:58 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 20:58 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 20:58 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 20:58 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 20:58 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 20:58 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 20:58 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 20:58 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 20:58 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 20:58 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 20:58 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 20:58 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 20:58 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 20:58 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 20:58 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 20:58 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 20:58 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 20:58 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 20:58 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 20:58 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 20:58 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 20:58 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 20:58 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 20:58 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 20:58 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 20:58 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 20:58 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 20:58 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 20:58 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 20:58 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 20:58 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 20:58 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 20:58 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 20:58 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 20:58 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 20:58 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 20:58 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 20:58 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 20:58 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 20:58 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 20:58 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 20:58 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 20:58 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 20:58 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 20:58 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 20:58 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 20:58 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 20:58 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 20:58 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 20:58 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 20:58 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 20:58 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 20:58 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 20:58 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 20:58 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 20:58 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 20:58 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 20:58 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 20:58 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 20:58 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 20:58 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 20:58 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 20:58 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 20:58 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 20:58 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 20:58 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 20:58 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 20:58 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 20:56 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 20:56 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 20:56 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 19:21 - 2014-07-22 09:19 - 00000000 ____D () C:\ProgramData\Avira
2014-07-06 19:21 - 2014-07-22 09:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-06 19:19 - 2014-07-06 19:21 - 04342264 _____ (Avira Operations GmbH & Co. KG) C:\Users\Home Student\Downloads\avira_en_av_4077273263__ws.exe
2014-07-06 19:14 - 2014-07-06 19:14 - 00284224 _____ (Mozilla) C:\Users\Home Student\Downloads\Firefox Setup Stub 30.0(1).exe
2014-07-06 19:13 - 2014-07-06 19:13 - 00284224 _____ (Mozilla) C:\Users\Home Student\Downloads\Firefox Setup Stub 30.0.exe
2014-07-06 18:14 - 2014-07-06 18:14 - 00000000 ____D () C:\Program Files (x86)\MinuimUamPrice
2014-07-05 21:30 - 2014-07-05 21:30 - 00003194 _____ () C:\Windows\System32\Tasks\{A5D4B7C7-C700-400C-8F01-49C98CC2E6CA}
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\Program Files (x86)\PddfMakera
2014-07-05 21:24 - 2014-07-05 21:24 - 00000000 ____D () C:\Program Files (x86)\WowuCooupon
2014-07-05 21:24 - 2014-07-05 21:24 - 00000000 ____D () C:\Program Files (x86)\HTmlCHecker
2014-07-05 21:23 - 2014-07-05 21:23 - 00000000 ____D () C:\Program Files (x86)\seaeveitkEep
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\DaealExpresiS
2014-07-05 21:12 - 2014-07-05 21:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-05 21:11 - 2014-07-21 22:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 21:11 - 2014-07-05 21:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 21:11 - 2014-07-05 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-05 21:11 - 2014-07-05 21:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-05 21:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 21:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 21:11 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-05 16:40 - 2014-07-05 16:40 - 00000000 ____D () C:\Program Files (x86)\Tbccint
2014-07-05 16:39 - 2014-07-05 16:39 - 00000000 __SHD () C:\Users\Home Student\AppData\Local\EmieUserList
2014-07-05 16:39 - 2014-07-05 16:39 - 00000000 __SHD () C:\Users\Home Student\AppData\Local\EmieSiteList
2014-07-04 12:24 - 2014-07-05 21:43 - 00000000 ____D () C:\ProgramData\DaealExpresiS
2014-07-04 11:46 - 2014-07-04 11:46 - 00000000 ____D () C:\Users\Home Student\AppData\Roaming\Movies Toolbar
2014-06-23 18:08 - 2014-07-21 10:08 - 01601992 _____ (Avira Operations GmbH & Co. KG) C:\Users\Home Student\Desktop\fusebundle.exe
2014-06-23 16:13 - 2014-07-21 10:08 - 00005620 _____ () C:\Users\Home Student\Desktop\fusebundle_msg.avr

==================== One Month Modified Files and Folders =======

2014-07-22 09:45 - 2014-07-22 09:45 - 00021551 _____ () C:\Users\Home Student\Downloads\FRST.txt
2014-07-22 09:45 - 2014-07-22 09:45 - 00000000 ____D () C:\FRST
2014-07-22 09:43 - 2014-07-22 09:43 - 02090496 _____ (Farbar) C:\Users\Home Student\Downloads\FRST64.exe
2014-07-22 09:40 - 2013-07-16 16:40 - 00000310 _____ () C:\Windows\Tasks\Dealply.job
2014-07-22 09:31 - 2014-04-19 19:31 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {9AEAC859-EC4A-4E03-8EAB-59DC062C90CF}.job
2014-07-22 09:26 - 2013-06-13 12:17 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E78E6E46-B653-4E40-AAD0-EC593231CADB}
2014-07-22 09:25 - 2013-06-13 12:06 - 01072939 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 09:22 - 2009-07-13 21:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 09:22 - 2009-07-13 21:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 09:19 - 2014-07-22 09:19 - 00000000 ____D () C:\OETemp
2014-07-22 09:19 - 2014-07-06 19:21 - 00000000 ____D () C:\ProgramData\Avira
2014-07-22 09:19 - 2014-07-06 19:21 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-22 09:19 - 2013-05-28 00:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-22 09:18 - 2014-07-22 09:18 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-07-22 09:17 - 2013-09-06 10:04 - 00000000 ____D () C:\ProgramData\Origin
2014-07-22 09:15 - 2013-05-28 00:45 - 00000000 ____D () C:\ProgramData\PDFC
2014-07-22 09:14 - 2014-07-20 19:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-22 09:14 - 2013-08-26 14:42 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-22 09:14 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 09:14 - 2009-07-13 21:51 - 00091667 _____ () C:\Windows\setupact.log
2014-07-22 09:13 - 2010-11-20 20:47 - 01888646 _____ () C:\Windows\PFRO.log
2014-07-22 09:11 - 2013-08-26 14:42 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-22 09:11 - 2013-05-28 00:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 22:35 - 2014-07-05 21:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 22:33 - 2014-07-20 20:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-21 20:14 - 2013-07-16 16:35 - 00000000 ____D () C:\Users\Home Student\AppData\Roaming\.minecraft
2014-07-21 10:08 - 2014-07-21 10:08 - 00002732 _____ () C:\Users\Home Student\Desktop\fusebundle.log
2014-07-21 10:08 - 2014-07-21 10:08 - 00000000 ____D () C:\Users\Home Student\Desktop\temp
2014-07-21 10:08 - 2014-06-23 18:08 - 01601992 _____ (Avira Operations GmbH & Co. KG) C:\Users\Home Student\Desktop\fusebundle.exe
2014-07-21 10:08 - 2014-06-23 16:13 - 00005620 _____ () C:\Users\Home Student\Desktop\fusebundle_msg.avr
2014-07-21 10:08 - 2013-03-13 11:45 - 00001337 _____ () C:\Users\Home Student\Desktop\fusebundle.conf
2014-07-21 09:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
2014-07-20 20:11 - 2014-07-20 20:11 - 01141680 _____ () C:\Users\Home Student\Downloads\SteamSetup.exe
2014-07-20 20:11 - 2014-07-20 20:11 - 00000969 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-07-20 20:11 - 2014-07-20 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-20 19:54 - 2014-07-20 19:54 - 00000000 ____D () C:\Users\Home Student\AppData\Local\Origin
2014-07-20 19:53 - 2014-07-20 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-20 19:53 - 2013-08-18 10:40 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-20 19:52 - 2014-07-20 19:51 - 17089296 _____ (Electronic Arts, Inc.) C:\Users\Home Student\Downloads\OriginThinSetup(3).exe
2014-07-20 19:51 - 2013-09-06 10:05 - 00000000 ____D () C:\Users\Home Student\AppData\Roaming\Origin
2014-07-20 19:50 - 2014-07-20 19:50 - 17089296 _____ (Electronic Arts, Inc.) C:\Users\Home Student\Downloads\OriginThinSetup(2).exe
2014-07-20 14:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-13 14:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-07-13 14:42 - 2014-07-13 14:42 - 00000000 ____D () C:\Users\Home Student\AppData\Local\next car game free technology demo
2014-07-13 14:41 - 2014-07-13 14:40 - 122688622 _____ (Bugbear Entertainment) C:\Users\Home Student\Downloads\Next_Car_Game_Free_Technology_Demo.exe
2014-07-13 14:00 - 2013-07-02 16:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-12 21:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 03:21 - 2014-06-11 10:54 - 00000000 ____D () C:\ProgramData\MinuimUamPrice
2014-07-09 03:21 - 2009-07-13 21:45 - 00331392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:20 - 2014-05-08 03:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 03:20 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 03:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 03:03 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:02 - 2013-06-13 13:00 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 21:08 - 2013-05-28 00:44 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:08 - 2013-05-28 00:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 21:08 - 2013-05-28 00:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-06 20:29 - 2013-07-16 16:31 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-07-06 19:21 - 2014-07-06 19:19 - 04342264 _____ (Avira Operations GmbH & Co. KG) C:\Users\Home Student\Downloads\avira_en_av_4077273263__ws.exe
2014-07-06 19:14 - 2014-07-06 19:14 - 00284224 _____ (Mozilla) C:\Users\Home Student\Downloads\Firefox Setup Stub 30.0(1).exe
2014-07-06 19:13 - 2014-07-06 19:13 - 00284224 _____ (Mozilla) C:\Users\Home Student\Downloads\Firefox Setup Stub 30.0.exe
2014-07-06 18:14 - 2014-07-06 18:14 - 00000000 ____D () C:\Program Files (x86)\MinuimUamPrice
2014-07-06 18:14 - 2013-12-23 00:19 - 00000000 ____D () C:\ProgramData\2c55e4447181ea31
2014-07-06 04:09 - 2014-04-19 19:32 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-07-05 21:43 - 2014-07-04 12:24 - 00000000 ____D () C:\ProgramData\DaealExpresiS
2014-07-05 21:43 - 2014-05-21 06:59 - 00000000 ____D () C:\ProgramData\CheeaPME
2014-07-05 21:43 - 2014-05-21 03:19 - 00000000 ____D () C:\ProgramData\FunDeaels
2014-07-05 21:43 - 2014-04-27 12:34 - 00000000 ____D () C:\ProgramData\FuonDeaals
2014-07-05 21:43 - 2014-04-19 19:32 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-05 21:43 - 2014-04-19 19:31 - 00000000 ____D () C:\Users\Home Student\AppData\Roaming\systweak
2014-07-05 21:43 - 2014-04-16 15:41 - 00000000 ____D () C:\ProgramData\PddfMakera
2014-07-05 21:43 - 2014-04-09 00:39 - 00000000 ____D () C:\ProgramData\WowuCooupon
2014-07-05 21:43 - 2014-01-31 05:12 - 00000000 ____D () C:\ProgramData\HTmlCHecker
2014-07-05 21:43 - 2013-12-26 20:53 - 00000000 ____D () C:\ProgramData\Wincert
2014-07-05 21:43 - 2013-12-23 00:20 - 00000000 ____D () C:\ProgramData\seaeveitkEep
2014-07-05 21:43 - 2013-12-23 00:19 - 00000000 ____D () C:\ProgramData\saVeittKeep
2014-07-05 21:43 - 2013-09-04 16:24 - 00000000 ____D () C:\Program Files (x86)\Unitech LLC
2014-07-05 21:43 - 2009-07-13 19:34 - 00000532 _____ () C:\Windows\win.ini
2014-07-05 21:30 - 2014-07-05 21:30 - 00003194 _____ () C:\Windows\System32\Tasks\{A5D4B7C7-C700-400C-8F01-49C98CC2E6CA}
2014-07-05 21:27 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\Program Files (x86)\PddfMakera
2014-07-05 21:26 - 2013-05-28 00:46 - 00000000 ____D () C:\ProgramData\Norton
2014-07-05 21:24 - 2014-07-05 21:24 - 00000000 ____D () C:\Program Files (x86)\WowuCooupon
2014-07-05 21:24 - 2014-07-05 21:24 - 00000000 ____D () C:\Program Files (x86)\HTmlCHecker
2014-07-05 21:23 - 2014-07-05 21:23 - 00000000 ____D () C:\Program Files (x86)\seaeveitkEep
2014-07-05 21:23 - 2013-05-28 00:34 - 00000000 ____D () C:\ProgramData\Temp
2014-07-05 21:21 - 2014-04-19 19:31 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-05 21:21 - 2014-04-19 19:31 - 00000000 ____D () C:\Program Files (x86)\Registry Dr
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\DaealExpresiS
2014-07-05 21:12 - 2014-07-05 21:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-05 21:12 - 2014-07-05 21:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 21:12 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 21:11 - 2014-07-05 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-05 21:11 - 2014-07-05 21:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-05 21:08 - 2013-10-29 19:00 - 00000284 _____ () C:\Windows\SysWOW64\AppLog.log
2014-07-05 16:40 - 2014-07-05 16:40 - 00000000 ____D () C:\Program Files (x86)\Tbccint
2014-07-05 16:40 - 2013-07-16 16:33 - 00000000 ____D () C:\Users\Home Student\AppData\Local\Conduit
2014-07-05 16:39 - 2014-07-05 16:39 - 00000000 __SHD () C:\Users\Home Student\AppData\Local\EmieUserList
2014-07-05 16:39 - 2014-07-05 16:39 - 00000000 __SHD () C:\Users\Home Student\AppData\Local\EmieSiteList
2014-07-05 16:39 - 2014-06-21 15:47 - 00000000 ____D () C:\Users\Home Student\AppData\Roaming\SupTab
2014-07-05 16:37 - 2013-12-20 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-05 16:05 - 2014-04-19 19:32 - 00000000 ____D () C:\Users\Home Student\Documents\RegistryDr
2014-07-05 16:04 - 2014-04-19 19:37 - 00003476 _____ () C:\Windows\System32\Tasks\RegistryDr_Popup
2014-07-05 16:01 - 2014-04-19 19:33 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-07-04 11:46 - 2014-07-04 11:46 - 00000000 ____D () C:\Users\Home Student\AppData\Roaming\Movies Toolbar
2014-06-29 19:09 - 2014-07-08 20:58 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 19:04 - 2014-07-08 20:58 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-23 19:38 - 2014-06-21 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Home Student\jagex_cl_runescape_LIVE.dat
C:\Users\Home Student\random.dat


Some content of TEMP:
====================
C:\Users\Home Student\AppData\Local\Temp\7z920.exe
C:\Users\Home Student\AppData\Local\Temp\airBBDF.exe
C:\Users\Home Student\AppData\Local\Temp\airDECE.exe
C:\Users\Home Student\AppData\Local\Temp\airFA28.exe
C:\Users\Home Student\AppData\Local\Temp\ANPDApi.dll
C:\Users\Home Student\AppData\Local\Temp\APNSetup.exe
C:\Users\Home Student\AppData\Local\Temp\avgnt.exe
C:\Users\Home Student\AppData\Local\Temp\BackupSetup.exe
C:\Users\Home Student\AppData\Local\Temp\component_634-0FAC.exe
C:\Users\Home Student\AppData\Local\Temp\Delta.exe
C:\Users\Home Student\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Home Student\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe
C:\Users\Home Student\AppData\Local\Temp\instloffer.exe
C:\Users\Home Student\AppData\Local\Temp\Java.exe
C:\Users\Home Student\AppData\Local\Temp\mssinstaller.exe
C:\Users\Home Student\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Home Student\AppData\Local\Temp\SendMsg.dll
C:\Users\Home Student\AppData\Local\Temp\Setup-D2502DD2B71B5-0F40.exe
C:\Users\Home Student\AppData\Local\Temp\setup_137.exe
C:\Users\Home Student\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Home Student\AppData\Local\Temp\tbKeyB.dll
C:\Users\Home Student\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 00:16

==================== End Of Log ============================

 

Thank you for the help!!

Link to post
Share on other sites

Hello,

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):

- Java 7 Update 25 (64-bit)

- Snap.Do engine

You can find latest Java at: https://www.java.com/en/

FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Here's the Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Home Student at 2014-07-22 12:06:05 Run:1
Running from C:\Users\Home Student\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {111D74D5-F559-45EA-826E-09F0CA5FDA2A} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION
Task: {23DB3EB0-EB42-430C-89B6-165AB46D56C4} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {393ED98C-4178-4337-ABA7-E86A3128C0C5} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {6847C982-6546-442E-8DF0-1BF856ED9793} - \Dealply No Task File <==== ATTENTION
Task: {82C1EA32-4277-42C8-8907-03EA4538DFED} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {9A359443-DFF0-4E36-B5A4-7D507D051995} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-05-23] (AnyProtect by CMI)
Task: {ACCDE9E4-FD89-48D2-9AAC-DFA9F04CE2C7} - System32\Tasks\FF Watcher {9AEAC859-EC4A-4E03-8EAB-59DC062C90CF} => C:\Program Files\V-bates\PrefHelper.exe
Task: {D3736723-989C-476C-BE40-289333C07E6C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-05-23] (AnyProtect by CMI)
Task: {E9F13BE9-3810-44A7-955D-DBC7E48E00FE} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\HOMEST~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FF Watcher {9AEAC859-EC4A-4E03-8EAB-59DC062C90CF}.job => C:\Program Files\V-bates\PrefHelper.exe
C:\Program Files (x86)\Registry Dr
C:\Program Files (x86)\Desk 365
C:\Program Files (x86)\Advanced System Protector
C:\Program Files (x86)\AnyProtectEx
C:\Program Files\V-bates
C:\Program Files (x86)\RegClean Pro
C:\Users\HOMEST~1\AppData\Roaming\Dealply
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
() C:\Program Files (x86)\OtShot\otshot.exe
C:\Program Files (x86)\OtShot
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
C:\Program Files (x86)\Tbccint
HKLM-x32\...\Run: [OtShot] => C:\Program Files (x86)\OtShot\otshot.exe [4386816 2012-10-18] ()
HKU\S-1-5-21-3402564657-2907318571-1118940796-1000\...\Run: [backgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Home Student\AppData\Local\Conduit\BackgroundContainer\ (the data entry has 32 more characters).
C:\Users\Home Student\AppData\Local\Conduit
HKU\S-1-5-21-3402564657-2907318571-1118940796-1000\...\MountPoints2: {1bf1f5ce-d46a-11e2-a5d6-806e6f6e6963} - D:\autorun.exe duncan.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
reg: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM - {5721852B-E4F9-4BF2-8B83-428DFEA2AF23} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...e={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - {5721852B-E4F9-4BF2-8B83-428DFEA2AF23} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...e={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKCU - {5721852B-E4F9-4BF2-8B83-428DFEA2AF23} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKCU - {CD82D201-71AA-44EE-ACC4-ADE7B5C62EB2} URL = http://search.ividi....&affilt=3&r=530
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...e={searchTerms}
SearchScopes: HKCU - {D97F8A7A-8C19-4FC1-8A09-59FCBEF68B41} URL = http://search.condui...5432154293&UM=2
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: v9
FF NetworkProxy: "type", 0
FF SearchPlugin: C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
CHR Extension: (No Name) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnljggfbhlncogjicmndickihfnjkknk [2014-04-29]
CHR Extension: (DealExpRess) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfidlmhcfcfbkpkemcejcakgfdpciaof [2014-04-27]
CHR Extension: (HTmlCHecker) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\imelcnblmfenapnjepdpdledgekgdkad [2014-05-17]
CHR Extension: (AollCCheApPricE) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgikkbchdjfeomdejhgmdnbmogokfhlc [2014-05-21]
CHR Extension: (SaveClicker) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmhdhmcgjkmgiebmejiidlhfgjhhakf [2014-04-19]
CHR Extension: (FuoN2SAve) - C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmaijdkcpplmbkodhlcdnjkcbmhlfgfp [2014-05-21]
S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [190104 2013-06-21] ()
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
c:\Program Files (x86)\Optimizer Pro
c:\progra~2\suppor~1
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc2.cfg [X]
S1 MpKsl70512449; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0266C58D-5C7E-47CC-8A7E-8AC1CC19DDB6}\MpKsl70512449.sys [X]
C:\Program Files (x86)\Movies Toolbar
2014-07-06 18:14 - 2014-07-06 18:14 - 00000000 ____D () C:\Program Files (x86)\MinuimUamPrice
2014-07-05 21:30 - 2014-07-05 21:30 - 00003194 _____ () C:\Windows\System32\Tasks\{A5D4B7C7-C700-400C-8F01-49C98CC2E6CA}
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\Program Files (x86)\PddfMakera
2014-07-05 21:24 - 2014-07-05 21:24 - 00000000 ____D () C:\Program Files (x86)\WowuCooupon
2014-07-05 21:24 - 2014-07-05 21:24 - 00000000 ____D () C:\Program Files (x86)\HTmlCHecker
2014-07-05 21:23 - 2014-07-05 21:23 - 00000000 ____D () C:\Program Files (x86)\seaeveitkEep
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\DaealExpresiS
C:\Users\Home Student\jagex_cl_runescape_LIVE.dat
C:\Users\Home Student\random.dat
C:\Users\Home Student\AppData\Local\Temp\*.exe
C:\Users\Home Student\AppData\Local\Temp\*.dll
cmd: ipconfig /flushdns

*****************

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{111D74D5-F559-45EA-826E-09F0CA5FDA2A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111D74D5-F559-45EA-826E-09F0CA5FDA2A}' => Key deleted successfully.
C:\Windows\System32\Tasks\RegistryDr_Popup => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Popup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23DB3EB0-EB42-430C-89B6-165AB46D56C4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23DB3EB0-EB42-430C-89B6-165AB46D56C4}' => Key deleted successfully.
C:\Windows\System32\Tasks\RegistryDr_Start => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Start' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{393ED98C-4178-4337-ABA7-E86A3128C0C5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{393ED98C-4178-4337-ABA7-E86A3128C0C5}' => Key deleted successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6847C982-6546-442E-8DF0-1BF856ED9793}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6847C982-6546-442E-8DF0-1BF856ED9793}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{82C1EA32-4277-42C8-8907-03EA4538DFED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82C1EA32-4277-42C8-8907-03EA4538DFED}' => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector_startup => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A359443-DFF0-4E36-B5A4-7D507D051995}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A359443-DFF0-4E36-B5A4-7D507D051995}' => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACCDE9E4-FD89-48D2-9AAC-DFA9F04CE2C7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACCDE9E4-FD89-48D2-9AAC-DFA9F04CE2C7}' => Key deleted successfully.
C:\Windows\System32\Tasks\FF Watcher {9AEAC859-EC4A-4E03-8EAB-59DC062C90CF} => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {9AEAC859-EC4A-4E03-8EAB-59DC062C90CF}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3736723-989C-476C-BE40-289333C07E6C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3736723-989C-476C-BE40-289333C07E6C}' => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9F13BE9-3810-44A7-955D-DBC7E48E00FE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9F13BE9-3810-44A7-955D-DBC7E48E00FE}' => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector' => Key deleted successfully.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
C:\Windows\Tasks\Dealply.job => Moved successfully.
C:\Windows\Tasks\FF Watcher {9AEAC859-EC4A-4E03-8EAB-59DC062C90CF}.job => Moved successfully.
C:\Program Files (x86)\Registry Dr => Moved successfully.
"C:\Program Files (x86)\Desk 365" => File/Directory not found.
"C:\Program Files (x86)\Advanced System Protector" => File/Directory not found.
C:\Program Files (x86)\AnyProtectEx => Moved successfully.
"C:\Program Files\V-bates" => File/Directory not found.
"C:\Program Files (x86)\RegClean Pro" => File/Directory not found.
"C:\Users\HOMEST~1\AppData\Roaming\Dealply" => File/Directory not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
[2604] C:\Program Files (x86)\OtShot\otshot.exe => Process closed successfully.
C:\Program Files (x86)\OtShot => Moved successfully.
[1724] C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe => Process closed successfully.
C:\Program Files (x86)\Tbccint => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\OtShot => value deleted successfully.
HKU\S-1-5-21-3402564657-2907318571-1118940796-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainerV2 => value deleted successfully.
C:\Users\Home Student\AppData\Local\Conduit => Moved successfully.
'HKU\S-1-5-21-3402564657-2907318571-1118940796-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bf1f5ce-d46a-11e2-a5d6-806e6f6e6963}' => Key deleted successfully.
'HKCR\CLSID\{1bf1f5ce-d46a-11e2-a5d6-806e6f6e6963}'=> Key not found.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe' => Key deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

========= reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.



========= End of Reg: =========

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}' => Key deleted successfully.
'HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}' => Key deleted successfully.
'HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5721852B-E4F9-4BF2-8B83-428DFEA2AF23}' => Key deleted successfully.
'HKCR\CLSID\{5721852B-E4F9-4BF2-8B83-428DFEA2AF23}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.
'HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5721852B-E4F9-4BF2-8B83-428DFEA2AF23}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{5721852B-E4F9-4BF2-8B83-428DFEA2AF23}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}' => Key deleted successfully.
'HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}' => Key deleted successfully.
'HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5721852B-E4F9-4BF2-8B83-428DFEA2AF23}' => Key deleted successfully.
'HKCR\CLSID\{5721852B-E4F9-4BF2-8B83-428DFEA2AF23}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD82D201-71AA-44EE-ACC4-ADE7B5C62EB2}' => Key deleted successfully.
'HKCR\CLSID\{CD82D201-71AA-44EE-ACC4-ADE7B5C62EB2}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.
'HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D97F8A7A-8C19-4FC1-8A09-59FCBEF68B41}' => Key deleted successfully.
'HKCR\CLSID\{D97F8A7A-8C19-4FC1-8A09-59FCBEF68B41}'=> Key not found.
Firefox newtab deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Proxy settings were reset.
C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\searchplugins\ask-search.xml => Moved successfully.
C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\searchplugins\Ask.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnljggfbhlncogjicmndickihfnjkknk => Moved successfully.
C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfidlmhcfcfbkpkemcejcakgfdpciaof => Moved successfully.
C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\imelcnblmfenapnjepdpdledgekgdkad => Moved successfully.
C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgikkbchdjfeomdejhgmdnbmogokfhlc => Moved successfully.
C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmhdhmcgjkmgiebmejiidlhfgjhhakf => Moved successfully.
C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmaijdkcpplmbkodhlcdnjkcbmhlfgfp => Moved successfully.
70e6ca8c => Service deleted successfully.
be0fb33b => Service deleted successfully.
c:\Program Files (x86)\Optimizer Pro => Moved successfully.
c:\progra~2\suppor~1 => Moved successfully.
avkmgr => Service not found.
F06DEFF2-5B9C-490D-910F-35D3A91196222 => Service deleted successfully.
MpKsl70512449 => Service deleted successfully.
"C:\Program Files (x86)\Movies Toolbar" => File/Directory not found.
C:\Program Files (x86)\MinuimUamPrice => Moved successfully.
C:\Windows\System32\Tasks\{A5D4B7C7-C700-400C-8F01-49C98CC2E6CA} => Moved successfully.
C:\Program Files (x86)\PddfMakera => Moved successfully.
C:\Program Files (x86)\WowuCooupon => Moved successfully.
C:\Program Files (x86)\HTmlCHecker => Moved successfully.
C:\Program Files (x86)\seaeveitkEep => Moved successfully.
C:\Program Files (x86)\predm => Moved successfully.
C:\Program Files (x86)\DaealExpresiS => Moved successfully.
C:\Users\Home Student\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Home Student\random.dat => Moved successfully.
C:\Users\Home Student\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Home Student\AppData\Local\Temp\*.dll => Moved successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

As a follow up to my Fixlog.txt post, I didn't see the top of your reply telling me to uninstall Java and the Snapdo Engine until after running FRST.

 

Java uninstalled successfully

Snapdo Engine wouldn't uninstall

 

Please let me know how to proceed.

 

Thanks for your help.

 

Cheer

Link to post
Share on other sites

Very good, we have two more steps:

 

 

 

Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article

> Doubleclick on the MBAR file mbar.png  and allow it to run.
•  Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
•  mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
•  After reading the Introduction, click Next if you agree.


•  On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
•  Under Scan Targets ensure all boxes are ticked. Then click the Scan button.

Notice: with some infections, you may see two messages boxes:
'Could not load protection driver'. Click 'OK'.
'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.


>>  If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.

>>  If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
•  The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.

>>  Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.



> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Please post both logs in your next reply.

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

  • Click on the Scan button.
  • After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.


  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Post logfile will also be saved in the C:\AdwCleaner folder.

 

 

 

 

Tell me how is your computer after this?

Link to post
Share on other sites

Pasted Below are the 3 log files. Please let me know what my next step is.

 

Thanks

 

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17207
Home Student :: HOMESTUDENT-HP [administrator]

23/07/2014 9:25:40 AM
mbar-log-2014-07-23 (09-25-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 329014
Time elapsed: 16 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17207

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.893000 GHz
Memory total: 4172341248, free: 2344054784

Downloaded database version: v2014.07.23.05
Downloaded database version: v2014.07.17.01
=======================================
Initializing...
------------ Kernel report ------------
     07/23/2014 09:25:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwfx.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Dathrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ws2_32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\advapi32.dll
\Windows\System32\sechost.dll
\Windows\System32\setupapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80045cd410
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004145050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80045cd410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80045ceb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80045cd410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004142e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004145050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5DD72B12

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 945864704

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 946071552  Numsec = 30492672

    Partition 3 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976564224  Numsec = 206848

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

 

 

# AdwCleaner v3.216 - Report created 23/07/2014 at 09:47:14
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Home Student - HOMESTUDENT-HP
# Running from : C:\Users\Home Student\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : TBSrv

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\ProgramData\CheeaPME
Folder Deleted : C:\ProgramData\DaealExpresiS
Folder Deleted : C:\ProgramData\FunDeaels
Folder Deleted : C:\ProgramData\FuonDeaals
Folder Deleted : C:\ProgramData\MinuimUamPrice
Folder Deleted : C:\ProgramData\saVeittKeep
Folder Deleted : C:\ProgramData\seaeveitkEep
Folder Deleted : C:\ProgramData\WowuCooupon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Unitech LLC
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\HOMEST~1\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\HOMEST~1\AppData\Local\Temp\Desk365
Folder Deleted : C:\Users\HOMEST~1\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Home Student\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Home Student\AppData\Local\RegistryDr
Folder Deleted : C:\Users\Home Student\AppData\Local\torch
Folder Deleted : C:\Users\Home Student\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Home Student\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Home Student\AppData\Roaming\Movies Toolbar
Folder Deleted : C:\Users\Home Student\AppData\Roaming\SupTab
Folder Deleted : C:\Users\Home Student\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Home Student\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Home Student\Documents\RegistryDr
Folder Deleted : C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmhdhmcgjkmgiebmejiidlhfgjhhakf
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmhdhmcgjkmgiebmejiidlhfgjhhakf
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\sasnative64.exe
File Deleted : C:\Users\Home Student\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\Users\Home Student\AppData\Roaming\aps.scan.results
File Deleted : C:\Users\Home Student\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\user.js
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP3
File Deleted : C:\Windows\System32\Tasks\VisualBeeRecovery

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Classes\MinimumPRIcae.MinimumPRIcae
Key Deleted : HKLM\SOFTWARE\Classes\MinimumPRIcae.MinimumPRIcae.6.3
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D41A8549-2194-7F2E-2D08-6B7E43C6B1B6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D41A8549-2194-7F2E-2D08-6B7E43C6B1B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D41A8549-2194-7F2E-2D08-6B7E43C6B1B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D41A8549-2194-7F2E-2D08-6B7E43C6B1B6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D41A8549-2194-7F2E-2D08-6B7E43C6B1B6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Unitech LLC
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\superlyrics
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\Free_soft_today
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\SafetyNut
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Unitech LLC
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\V9Software
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\Software\Wpm
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Home Student\AppData\Roaming\Mozilla\Firefox\Profiles\gkk3as5b.default\prefs.js ]

Line Deleted : user_pref("CT3286042_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374687138422,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3298580.FF19Solved", "true");
Line Deleted : user_pref("CT3298580.UserID", "UN26833095591086128");
Line Deleted : user_pref("CT3298580.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298580.fullUserID", "UN26833095591086128.IN.20130716163647");
Line Deleted : user_pref("CT3298580.installDate", "16/07/2013 16:36:47");
Line Deleted : user_pref("CT3298580.installSessionId", "{B17FC360-9F0D-47C2-A265-463910D6ED23}");
Line Deleted : user_pref("CT3298580.installSp", "TRUE");
Line Deleted : user_pref("CT3298580.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3298580.keyword", "true");
Line Deleted : user_pref("CT3298580.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN11421697231926972&UM=2&SearchSource=13");
Line Deleted : user_pref("CT3298580.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3286042&ctid=CT3286042&SearchSource=2&CUI=UN11421697231926972&UM=2&q=");
Line Deleted : user_pref("CT3298580.originalSearchEngine", "KeyBar 1.8 Customized Web Search");
Line Deleted : user_pref("CT3298580.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298580.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3298580.searchRevert", "false");
Line Deleted : user_pref("CT3298580.searchUserMode", "2");
Line Deleted : user_pref("CT3298580.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298580.versionFromInstaller", "10.16.4.19");
Line Deleted : user_pref("CT3298580.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN26833095591086128&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3286042&ctid=CT3286042&SearchSource=2&CUI=UN11421697231926972&UM=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3286042");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V44 Customized Web Search");
Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Line Deleted : user_pref("extensions.GHoMR6x.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Deleted : user_pref("extensions.QRHo.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.UMref.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Deleted : user_pref("extensions.VSAAz3cglKA.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.aZX8bM0IJ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Deleted : user_pref("extensions.adc59fc105a264311af8dbf9b600a7b9c080e29b99bee4caab38c4958c5aa2376com52466.52466.internaldb.Resources_meta.value", "%7B%22iframe.html%22%3A%7B%22id%22%3A538570%2C%22ver%22%3A18%2C[...]
Line Deleted : user_pref("extensions.adc59fc105a264311af8dbf9b600a7b9c080e29b99bee4caab38c4958c5aa2376com52466.52466.internaldb.Resources_resource_538570.value", "%22%3Chtml%20style%3D%5C%22width%3A854px%3Bheigth%3A[...]
Line Deleted : user_pref("extensions.adc59fc105a264311af8dbf9b600a7b9c080e29b99bee4caab38c4958c5aa2376com52466.52466.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
Line Deleted : user_pref("extensions.adc59fc105a264311af8dbf9b600a7b9c080e29b99bee4caab38c4958c5aa2376com52466.52466.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.dGM6XxUYy.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Deleted : user_pref("extensions.dTgyT.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 23068442);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "ca");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "tuguucr");
Line Deleted : user_pref("extensions.helperbar.installationid", "f2bdbb24-fc63-0ad2-c2bf-ee5bafd91362");
Line Deleted : user_pref("extensions.helperbar.installdate", "02/10/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "tuguu");
Line Deleted : user_pref("extensions.l57z2znTH_ni.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.la1l0uT6pne.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.svFSH.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Deleted : user_pref("extensions.xAMmxLqeJ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3286042");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN11421697231926972&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN26833095591086128&UM=2[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&SearchSource=2&CUI=UN11421697231926972&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?oct[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298580");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298580");
Line Deleted : user_pref("smartbar.machineId", "B+AW4/8IZN01CAGOHDSCJ+TIOXH33JQN1XWQLU1JFX6HXBE8BOSLANVAAQSURZWHAF+KWDSFK5YPY5XOPSSQIQ");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN26833095591086128&UM=2&SearchSource=13");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Home Student\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : kpdhgpkkloealnjnmepfhanpcleldbef
Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [20572 octets] - [23/07/2014 09:45:21]
AdwCleaner[s0].txt - [19777 octets] - [23/07/2014 09:47:14]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [19838 octets] ##########
 

Link to post
Share on other sites

Thanks, you're very welcome :)
 

 

 

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.
 
 

Recommended reading:

icon_exclaim.gifMUST READ - general maintenance: What to do if your Computer is running slowly?
 
 
 

Recommended additional software:

icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
 
 
The following will implement some post-cleanup procedures:
 
=> Please download DelFix by Xplode to your Desktop.
 
Run the tool and check the following boxes below;
checkmark.png Remove disinfection tools
checkmark.png Create registry backup
checkmark.png Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
 
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 
 
 
Stay safe,
TwinHeadedEagle :)
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.