Jump to content

Malware audio ads, can't get removed


Recommended Posts

Hello!

I seem to be having the same malware problem as member "r3dDaWn" who initially posted on April 14, 2014.  In my search for a solution, it was finding his post in this forum that reminded me that Malwarebytes has these helpful forums, Duh!  For I think Malwarebytes is great and have the paid Premium version of Malwarebytes.  It just didn't start giving me helpful clues about this malware until a few days ago.

In my case, there is apparently the same malware associated with "searchnet.blinkxcore.com" as affected "r3dDaWn" that intermittently runs weird audio ads.  But I'm an older person who is only moderately computer/internet literate, so, because until just a few days ago Malwarebytes had not been giving me any notices about that website name or any other information about any malicious intrusions, I had nothing to go on, and all I knew to do was run the couple protection programs I have.  I've had no clue what to do until finally being given a notification by the Malwarebytes software in just the last few days that eventually got me here to this forum.

(And it wasn't until just a little while ago after reading that other fellow's post again that I realized I might be able to get more log information from my Malwarebytes program than I'd known how to find to now, so I dug further into my Malwarebytes program awhile ago and realized I could make a copy of the Malwarebytes daily protection log into a text file, which I did and attached that along with the others per the AdvancedSetup page's instructions.  Though I still don't know how to find a log of a scan.  As I said, I'm still very behind-the-curve on all this. :P)

The audio ads malware actually first happened a few months ago.  But unlike in recent days, during that first period Malwarebytes was not giving any kind of notices at all about any kind of malicious intrusions or anything.   So, again, I had little to go on.  I ran scans with AdAware, (I have their paid full Internet Security /AntiVirus version), and Malwarebytes, and Spybot Search and Destroy.  The only things that showed up were some tracking cookies and PUPs, mostly in Spybot, that I let get fixed.

(I eventually also downloaded a software called Secunia that's supposed to help one keep up with updating programs supposedly because outdated programs tend to have their weak points exploited by hackers, though I've not used it since the first time after installing it.)

The audio ads still kept happening.  And I realized that it seemed they'd happen around times I was playing or had played videos (my online college classes as well as research involve video classes via the school's online system and other videos, most often via YouTube.)  But that still didn't tell me anything helpful.

I thought that maybe one of my neightbor's internet connection's was somehow interfering with mine, which, unless they were purposely hacking, didn't make sense in that they use their wifi, but I have my computer connected directly to my modem with an ethernet cable, and don't use the wifi.

But I knew that a neighbor had experienced some kind of hacking awhile ago, so I checked with neighbors and called my internet provider just in case.  No helpful info or answers.  I did online searches for answers, but did not know how to describe what was happening very well, and I had no other information to go on at that time, so didn't come up with anything that looked helpful.

Then the audio ads stopped happening.  But during the ensuing next few weeks, there were two or three instances of a Malwarebytes dialogue box popping up saying that my Malwarebytes database was "missing or corrupt" and asking Yes/No if I wished to newly download the database.  This seemed really strange, but I hoped it was just a good self-correction thing, and I just clicked to newly download the database.  I was getting worried when it happened the second or third time and, being amidst a heavy workload schedule, decided that if it happened one more time, I was going to query Malwarebytes, but then that did not happen again.

The audio ads did not happen any more for several weeks.

Then just several days ago, for the very first time ever, Malwarebytes started delivering a popup notification from the bottom of the screen saying that it had successfully blocked a malicious website.  I considered this both a good thing protection-wise, but very distressing in that the only websites I'd been on those particular days were very high-integrity sites I trusted and had used for years in my work and studies, so things didn't make sense.

The popup happened a few more times, but would disappear before I could read its information.  I didn't yet know that I could find a daily protection log inside the program.  So when I opened the Malwarebytes program hoping to see some kind of log of those notifications and their info right after they happened, I didn't know where/how to look to locate it.  I know, I know.. really stupid super-DUH that when I did click "History" and it was on the Quarantine page, I was too tired to notice the "Application Logs" tab.  Okay, so I admit it, I'm really, really embarrassed that on top of all else, I need new glasses!

At the next notification instance I managed to quickly enough move my cursor over to the popup and hover over it, hoping it would keep it there, which it did.  I made a mental note of things, but did not have time to write it down that first time.

Then within a day or so the audio ads began happening again, apparently most often associated near or at the time of playing a video like on YouTube, or a replay of a webinar whether originally done on a Google hangouts or other service.  And by then the Malwarebytes notification had popped up a few more times as well near the times when this happened.

I caught the popup and noted down the information the next time I could grab it in time, and then caught it the next few times as well to see if it was giving the same malicious site and information, which it was.  The only information that changed each time was the "Port."

This is the information I noted down given in the Malwarebytes notification popups saying that it had successfully blocked a malicious website (now also in an attached log):
--  The Ports would change, so I only noted the first few I paused, which were 57630, 51433 and 61488.
--  IP 66.45.56.109  (This stayed the same at least for those few of the notices I noted.)
--  website -- searchnet.blinkxcore.com
--  outbound
--  Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

It had been long hours these last few days going too long without sleep trying to catch up on school assignments, so after noting this while grabbing sleep I ran a full scan with AdAware internet security.  Nothing was detected.  I was feeling so stupid and clueless, but had to search for a solution!

This time in searching for a solution, it was the fact that I finally had something specific, that malicious website's name, to put into the search query that finally led me to a few places where others had experienced the same malware problem.  On one forum a fellow had experienced the exact same things (except he said nothing of Malwarebytes notifications), and indicated he thought that the website was a porn site.  This was extremely upsetting and made me worry that one of the nearby neighbor adolescents might have indeed somehow hacked into my internet connection.

Right after reading that, I clicked another of the search results that brought me to the Malwarebytes Forum post answering "r3dDaWn"'s post about the same malware.

So, anyway, I'm just so glad you are all here and that I found you, and that someone has already had this problem successfully cleared with your wonderful help!  So I'm praying that you'll be able to help me get this successfully cleared, too!

So per the instructions on the Advanced Setup page, I did a full scan with my Malwarebytes Premium, but it said it did not detect anything malicious.  Out of curiosity I looked at the scan settings and saw that "Scan for Rootkits" was not checked, so I checked it and ran another scan.  Still said nothing detected.

(Then as mentioned above, it was not until in the process of writing this post and after already running the Farbar tool, that I happen to again glance through that fellow's post, and realized I should dig further into my Malwarebytes for a log.)

I downloaded and ran the Farbar Recovery Scan Tool, and have attached the logs.  And also per the instructions have not run anything else nor taken any other actions regarding this.

(I unexpectedly noticed something in one of the Farbar logs that was disturbing.  I've not bothered with the Chrome browser for many months, it's just proven to be a problem for me on this computer.  So the first thing that is disturbing is that the Chrome browser is showing up at all.  But I saw in the log that in it, "conduit.search" is showing up as a default, which was malware that had hijacked the search in my Firefox browser some months ago, and it took days of searching to finally find the sufficiently complete steps to fully clear that off of Firefox.  I frankly can't recall if I attempted to find the steps to clear it from Chrome or not, I was amidst a very heavy class load, so might just have had to get right back to work after clearing Firefox.  After getting the current issue cleared up, I'll check the forums here for the right steps to clear this, too;  though I think I might just uninstall Chrome, and do a new install if ever wishing to try it again?  Just hoping it won't cause any added problems to this malware removal process.)

Thank you all ahead of time for your tremendously valued and appreciated time and assistance!  (And for your patience with my limited knowledge and inefficient descriptions,.. all made worse by my way overtired dough-brain!)

Please know how very greatly you are appreciated!

P.S.

Just would like to say that after a long challenging life-path of setbacks, I'm just now in the last few years restoring my own path and goals, admittedly occasionally flailing a times as I try to catch up with the learning curve to learn about the online world about both website creation and business and such things, as part of that quest to eventually be able to establish the natural-health resources website I've long wished and planned to do...
... and I have well-intended friends who are much more online business savvy always trying to be helpful by continually sending me links and stuff, that I feel obligated to say that I've looked at, but seldom have time to do more than make a quick desktop folder and plunk the link or file into it to check later, but never do!  I just haven't had time to sort through the accumulated mess!, so I just wish to apologize for there being a bunch of unnecessary desktop stuff making the log unnecessarily long,..
... I'd wished I could clear all of that off before sending the logs, but feared that doing so would mess up the process here,.. so again, apologies for all the unnecessary clutter.

But just wished to say that along with ever continuing my dedicated primary computer use for studies, research, education, my computer and online access are now more important to me than ever, as I've gone back to school, attending college entirely online.... which is vitally important to me, so the idea of something nastily interfering with my computer or online classes is really upsetting.  And I'm right amidst a heavy class load this semester right now while still moving kinda slow still recovering from illness...

...  So, when things clearly got to a point a few days ago where nothing I knew to do was clearing up this scarily intrusive malware problem, the idea of having to take everything off my computer (a very modest little laptop, but it's the most important thing in my world right now!) and resetting it and restoring everything from scratch was just overwhelming.  But of course, the potential for something to crash or dangerously hack or mess up my computer and its files is even more worrisome!

So again, I'm so relieved and grateful to have found you all at this forum, and again thank you for your patience and assistance!
 

Addition.txt

FRST.txt

daily protection log 9-10-14.txt

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Hello, MrCharlie!

 

Thank you so very much for responding.  I very much appreciated your profile introduction.  Critters, particularly critter family members, are an important part of my world, so I have to say that I love your wonderful doggies! :)

 

-- I have done all of the steps per your instructions.  I have attached what I knew what/how to attach.  (That doesn’t even qualify as “grammar”.. tuh... it’s late, only a few synapses still active in ye ole brain. )

 

-- Sorry for my taking so long in getting this posted.  Along with having to toggle back and forth to do schoolwork (just using my textbooks and email, didn’t have to use the school online system at all so didn’t affect any of the steps), it took me a very long time to make the complete set of back-up files onto an external hard drive that I wished to have, as I have a lot of files for both my school and my work and wished a complete backup.  (I have only done top-priority-files backup-saves for some months.)

 

-- I did a new system restore point successfully; the only thing I did not know where to find despite searching every page I could see in that area, was some kind of obvious specific statement/indicator that confirmed that the system restore process is “turned on and running.”  So finally just pressed the “Create new restore point” selection.  After creating the new restore point, which the system message said had been successfully accomplished, I can only hope it is right to assume that this also means that the system restore function also remains still “turned on and running.”?

 

-- The only instruction I did a bit of a fail on was in not having thought to disable the automatic daily “Quick Scan” setting in Ad-Aware.  Just hit me I needed to do so when a Quick-Scan started while writing this.

 

-- I’m relatively new to navigating forums.  Per the “AdvancedSetup” instructions page, I did indeed click the “Follow this Topic” selection that I finally found showing in the upper right hand corner of the page after I’d made my post; and I recall looking for the “Immediate email notification” selection the instructions said to choose, but I couldn’t find that.

 

But it seems that just clicking the “Follow this Topic” button maybe was sufficient, because I did receive an email notice of your post right away after you posted it.   Apologies if this is just my doofus-ness missing something obvious.  (..."doofus-ness"?... :huh: )

 

-- There are only Malwarebytes logs for the daily Protection Log in my attachments.

 

--  There were no items shown quarantined in the Malwarebytes scan.

 

--  I cannot find anywhere else, that I know to look anyway, to find any full scan logs, and per Notes 4), I guess there aren't any? .

 

=========================================================

 

Notes 1)

 

While doing the steps of your very clear instructions, I've also been going up and down between determination and frustration.  Trying to make notes about the things I'd really like to understand so that I can be better equipped to at least keep up better with basic and essential kinds of maintenance measures hereafter.

 

I'm just progressively connecting-the-dots in my mind regarding what I've experienced over the last few days, weeks and months, and am just now calming down from getting really upset as it finally fully registered in my mind that in every scan by either Malwarebytes or Ad-Aware Pro Security for many weeks, the screens at the end of the scans have flashed only the basic message something like "Scan successfully completed… No threats detected..."  But there were no Scan Summary screens/lists.  And so no indication of any need to check out anything else, e.g. anything detected, quarantined or things requiring a decision.

 

But I have not taken any further steps inside either program, because I was simply not "registering" what was happening.  I have a vague memory of briefly wonderfing to myself one time "..shouldn't I be seeing some kind of summary list?.."  but life's overload would always push me right back to whatever task I was amidst.

 

But during the course of these days of digging further, I have discovered that in both Malwarebytes and Ad-Aware there were indeed either threats detected and/or items quarantined, but had not been indicated on a Scan Summary screen/page right after the scans as should have been,..  which, again, should have made me suspicious, but I was not thinking of anything in those terms at the time.

 

=========================================================

 

Notes 2)

 

--  In Malwarebytes, is there somewhere other than the screen of the daily "Protection" log (under History/Application Logs) where a complete log of a full-scan results can be found?

 

I finally found my way to the Settings/History Settings screen where, under the "Scan Log Options" section the settings options were "Don't export log information" versus "Export log information to disk".

 

Mine was set to "Don't export log information."  Does that mean unless it was set to automatically create an exported log on disk, there is absolutely nowhere else inside the program itself that gives the complete results of a full scan at least in a manner as is listed and shown in the History section for the daily Protection actions?

 

--------------------------------------------------------------

 

That section also showed the default path for exporting log data set to the following path:  C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs.

 

...But entering the exact full path into the computer's search turns up no results, so I'm assuming that how the program works is that the folder will only exist i.e. be created if/when one does an initial export of a log that triggers its creation?

 

(I've learned to get comfortable using Windows 8 well enough, but I still get really frustrated at its having made it so ridiculously convoluted a process to find one's way into and around inside the file system versus so easy even for a perpetual-catch-up-student like me to do/learn/figure out in XP and other Windows OS’s....

 

...  I was interested to see exactly where this critter was supposed to be located once created, so after trying several different ways to query, I finally found the nearest filepath location that upon clicking go-to-file-location should/would have taken me to or near that file if it existed.  Nothing there now, though.  But why the heck does the "ProgramData" folder listing disappear after moving upward from inside the folder hierarchy?  If one came into that part of the directory from the usual top-down direction, it would not even be seen in the list?)

 

--------------------------------------------------------------

 

--  As I've been scanning my own brain/memory during these days, a fuzzy memory finally popped clear where, in the days just preceding finding the forum, amidst a heavy schedule, I'd hastily dug a little more into the Malwarebytes program just out of frustration at trying to find answers, and saw that there had been a PUP discovered and quarantined by Malwarebytes (earlier I recalled it as showing up in Spybot S&D, which had caught some in previous months),..

 

… that I ultimately let it delete, which I now regret doing before at least noting the item's name/path, but I was on overload behind schedule and very overtired as usual and just got upset and concerned at that moment that no indication of this whatsoever had appeared as it should have on the end-scan screen of the full scan, only whatever its basic happy "No threats detected..."  message.

 

(Note:  My settings in Malwarebytes have always been set to:   “PUP… Treat detections as malware." and “PUM… Treat detections as malware.")

 

=========================================================

 

Notes 3)

 

(In the following paragraphs, there are quite a few points about Ad-Aware's behavior and related advice queries -- I'm not meaning to try to make you troubleshoot someone else's program, just trying to include those things that seem relevant to the issue we're handling, for clearly both Malwarebytes and Ad-Aware have been affected, and the settings of each can potentially affect the other.  My humble aim is to be as thorough as possible in respect of your valuable time and assistance, and be able to improve my own knowledge and handling of things here-forward.)

 

--------------------------------------------------------------

 

Similar story with Ad-Aware.  It's automatic quick scans have detected nothing, and the only end-scan screen at end of each full scan, by whatever its wording, was only the message saying something like "Scan successful...No threats detected..."... and no other immediate Scan Summary screen showed up as supposed to, which, again, should have made me suspicious, but, again, I was not noticing/thinking in those terms at the time.

 

But after starting this search-for-remedy process, with further digging, turns out that the last few full scans have indeed detected things.  A number of cookies and a couple application items are in the "Quarantined Files" section;   plus when going into the "Scan Computer-View Report List/Report List/Scan Report List/Scanned Report Details" section of the last few full scans, it is showing two infected objects that were detected (a type of Trojan.Generic..), but, again, the usual immediate "Scan Summary" plus choice of actions did not show up right after the scan (as supposed to), but I didn't mentally register that fact, so I took no further steps at those times,..

 

--------------------------------------------------------------

 

--  I finally found the apparent answer as to why there are no active choices available for Actions to take on the listed infected items found in those scans, described at “Notes 4)”.

 

But that still doesn't explain why no "Scan Summary" page showed up right after each scan with the list of items found and actions taken or recommended.  Something still amiss.

 

--------------------------------------------------------------

 

Before I found that answer in a sub-section of the "Settings", I did a search, and found this on a LavaSoft Support Center page:

 

----- <begin page quote> -----

 

"How do I remove detected objects after a scan?

 

After a scan is finished the 'Scan Results' screen is shown, detected objects are listed by family and are given a pre-selected Lavasoft 'recommended action' defined by Lavasoft experts.

The infection type, total number of objects, their TAI rating and the action to perform are also shown.

 

To change an Action click on the drop-down menu under the Action heading.

The following actions are available.

 

Custom: You can change the Action by clicking on "Custom Action" or by clicking on the description menu at the end of that particular Family.

 

Remove all: Delete all objects for a particular family from your system.

Quarantine all: Add all objects for a particular family to Quarantine; isolate and back-up the object in quarantine, where it does not pose a threat to your system.

Add To Ignore List: Add the object to the Ignore List; keep the item on your system and make sure it is not detected in future scans.

Allow all Once: Allow the objects for a particular family to stay on the system. During the next scan, the objects will be detected again.

Repair all: Ad-Aware will attempt to repair all objects for a particular family.

 

Note: Selected action for a particular family will be applied only to objects that selected action can be applied to.

 

To change an Action for single detected object from the recommended action, choose custom and select one of the following custom actions.

 

Quarantine: Add the object to Quarantine; isolate and back-up the object in quarantine, where it does not pose a threat to your system.

Remove: Delete the object from your system.

Add To Ignore: Add the object to the Ignore List; keep the item on your system and make sure it is not detected in future scans.

Allow Once: Allow the object to stay on the system. During the next scan, the object will be detected again.

Repair: Repair detected object (available only for specific objects).

 

Select the required action for each object from the drop-down menu and then click "Perform Actions Now".

Ad-Aware will apply the required action for each detected object and present you with the "Scan Summary? screen.

 

Applies to:

 

----- <end page quote> -----

 

--------------------------------------------------------------

 

This, or more specifically the described “Scan Results” screen, is of course what I expected to see at the end of each full scan, but that has not been showing up, only the "Scan completed...No threats detected..." message screen or something similar, just indicating nothing found, nothing to be tended.  I vaguely recall one time many weeks and a few scans ago of seeing the proper summary-list pop up right after the scan showing all "0"s regarding stuff detected or done, but haven't seen even that for last few scans.  (Found that list now only after digging inside the program to find it in the report section.)

 

=========================================================

 

Notes 4)

 

As mentioned above, I found the apparent answer regarding the handling of the infected items listed in the report:

 

...In the course of trying to figure things out, not understanding yet what to do about the items found in the reports section, and coming up with no answers in the LavaSoft forums or the manual, I began digging inside the program, and found the "Real-Time Protection" section and dug further inside it into the "Advanced Settings"/"Default Real-Time Protection Action" sub-section...

 

--  In there, the very first setting is --

      --  "Default Real-Time Protection Action" (Select the default action taken by the Real-Time Protection module when an infected file is found.)

 

The choices in a drop-down list are "Disinfect" or "Quarantine", and it is currently set to "Disinfect".

 

So apparently this means that even though the two infected files found in the last full scans are still listed in the Reports section, I can assume that the items themselves have already been "disinfected",...

... which is fine, it just would be helpful for there to be some kind of indication on that report/ summary page confirming the fact of the action taken, e.g. in this case the disinfect action.

 

--------------------------------------------------------------

 

Your advice? --

Is the better default setting "Disinfect" versus "Quarantine"?

 

--------------------------------------------------------------

 

In this same "Advanced Settings"/"Real-Time Protection Settings" sub-section in the area below that default action choice, are other selections,... your advice? --

 

--  Right now in this sub-section, the only things turned "On" are:

     -- "Smart Scan" (Skips the files previously deemed as clear (checksum based) and rescans them periodically for validation.)

     --  "Scan network files" (Scan data and files in real-time while they are in transit on the network.)

 

--  Should any of the other choices in this section (listed below) (all currently "Off")  be turned "On"?

     --  "Deep Scan"  ("Enables deep scanning inside CHM and installer files.  Not required for normal operations.)

     --  "Scan boot sectors"  (Scans boot sectors files.)

     --  "Scan archive files"  (Real-time scanning of archives 9such as RAR, ZIP, GZIP)

 

--------------------------------------------------------------

 

Returning up from there to the main "Real-Time Protection" section, -- your advice? --

 

In the main "Real Time Protection" section, there are two choices:

 

--  "Real Time Protection"   (Real-Time Protection: This option should be turned on for the best possible protection.  When running multiple security programs, only one of them should have Real-Time Protection enabled.)

-- "Active Virus Control."  (This option monitors the processes' behavior.  Using heuristic technology, this feature identifies all malware activities and stops all their negative effect on your PC.)

 

"Real Time Protection" is currently turned "on".

"Active Virus Control" is currently turned "off".

 

Should "Active Virus Control be turned "on"?

 

=========================================================

 

Notes 5)

 

In Ad-Aware, under “Network Protection/Advanced Settings”:

 

The first selection on the page is --

“Internet connection sharing” (Protect your Internet Connection from being shared without your knowledge.)

-- This is currently “Off”. .. should this be turned “On”?

 

The only items turned “On” in this section are:

-- Block port scans (Block hackers from scanning your computer ports.) ..

and

-- Monitor process changes (Enabling this option Ad-Aware will constantly monitor all process changes in applications and adapters for which rules were created.)

 

-- Under “Default Action” (set common actions for any programs and/or zones for which rules were not created yet.)” the drop-down menu choices are “Allow, Deny or Prompt” and it’s currently set to “Allow”.

 

I did not go into the “Applications Rules” or “Adapters Settings” management sections beyond a quick glance.

 

=========================================================

 

Notes 6)

 

In the Ad-Aware “Web Protection” section: -- your advice?

 

--  “Web Protection” (Intercepts and blocks navigating to known bad URLs and websites.)  is currently turned “On”.

--  “Anti-Phishing” (Powerful real-time anti-phishing that prevents you from going to sites that might attempt to steal your credit card or other identifiable data.) is currently turned “On”.

--  (( “Parental Control” is not installed. ))

 

 

=========================================================

 

Notes 7)

 

Even after clearing up a few understandings on my own, and confident that with your expert guidance we will clear up the present gremlins, I'm still wondering if it then might be wise to do a total uninstall and fresh install of Ad-Aware, and maybe Malwarebytes, too?  -- your advice?

 

Or is there a better choice than Ad-Aware Pro Security in your experience?

 

(I will not use Norton, even when it was offered free by my provider; it was great in its earliest years, but I eventually had only big problems with it in more recent years-past.  I liked AVG for quite awhile until they started putting weird stuff inside it.  I have felt confident with Ad-Aware until all this came up,.. and over the last several weeks, a few folks have given unsolicited recommendations for "Avast."  Better choice?

My subscription will need renewing soon, so it's a good time to make new decisions if necessary.

 

--------------------------------------------------------------

 

(Not trying to waste your time with the numerous advice queries, rather the opposite, hoping better choices and awareness on my part will prevent or at least minimize the occasions for my having to impose on your or others' time here in future, and by this able to somewhat pay-forward keeping more of your valuable time free to help other folks.  :)

 

=========================================================

 

Notes 8)

 

Note:  While downloading the Ad-Aware 11 Manual, I checked my browser's download list to see if it had completed, and saw this item listed right before it:  “Setup.exe -- Failed -- downloadlian.com -- 11:29 PM”

 

I had not tried to download anything else during that time.

 

--------------------------------------------------------------

 

Note:  While copying backup files, I noticed that I did at some point in the past weeks in my sporadic frustrated search for answers, download AdwCleaner, but have not yet used it.  Is that a good program for future?

 

-- While doing the new system restore point, I noticed that “System Protection For Local Disk…” was only set for drive “(C:), and not for drive (D:), so I set it for drive (D:), too… was that the right thing to do, or a Dumb-Duh?  :unsure:

 

-- For the system restore points, the allowed "System Disk Usage" was set to the lowest amount (5.14 GB).  I increased this to somewhere about 22.3 GB, having no idea what I was doing really, but just trying to ease the amount upward a couple times until I stopped getting the message that there wasn’t enough allowed storage to maintain the earlier restore points, resulting in their being deleted.  I was rushing due to an assignment deadline, just had to quickly make as reasonable a decision as I could at that moment, but if I’ve inadvertently just done a (or 'another') big “Duh” on this please let me know so I can remedy it!  :unsure:

 

-- After clicking “Agree” to the EULA terms for RogueKiller, an Internet Explorer window tried to open, but I closed it before it fully loaded, guess that’s okay?

 

-- Could the/an infection/malware also be amongst the files I’ve copied to the External Hard Drive?  If so, how to handle?

 

-- No audio ads have popped in during this time, which I’m supposing is because their trigger is somehow associated with visiting a website that has video and/or audio?,… which I have not done during this time.

 

=========================================================

 

Phew!...

 

Thank you so much for your very appreciated patience and assistance.  :)

 

=========================================================

 

As described earlier, I haven't found, or don't know how to find, full scan logs in Malwarebytes.  And it might not have been set to do so.

 

At the end of the last scan, the screen simply read:

 

Malwarebytes Anti-Malware has finished scanning your computer!

(big green check mark) (green colored font--) Scan completed successfully: No malicious items were detected!

Scan Type:             Threat Scan

Time Started:          Fri Sep 12 01:47:41 2014

Time Elapsed:         00:17:34

Objects Scanned:   234845

Objects Infected:     0

 

 

These logs are all I have, or know how to find:

 

Malwarebytes daily Protection logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Detection, 9/12/2014 2:31:24 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65454, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/12/2014 2:31:25 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65454, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/12/2014 2:31:25 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65456, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/12/2014 2:31:25 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65457, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/12/2014 2:31:25 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65459, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Update, 9/12/2014 8:16:01 PM, SYSTEM, LPC-ANEW, Scheduler, Rootkit Database, 2014.9.10.2, 2014.9.12.1,
Update, 9/12/2014 8:16:17 PM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.12.2, 2014.9.12.9,
Protection, 9/12/2014 8:16:17 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,
Protection, 9/12/2014 8:16:17 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,
Protection, 9/12/2014 8:16:17 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,
Protection, 9/12/2014 8:16:54 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,
Protection, 9/12/2014 8:16:54 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,
Protection, 9/12/2014 8:16:55 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Detection, 9/12/2014 2:31:24 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65454, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/12/2014 2:31:25 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65454, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/12/2014 2:31:25 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65456, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/12/2014 2:31:25 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65457, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/12/2014 2:31:25 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65459, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

(end)

 

 

RogueKiller report:

 

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : flowi_000 [Admin rights]
Mode : Scan -- Date : 09/13/2014  04:36:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF6EC2AC-67B8-4825-83EA-7977100B4131} | DhcpNameServer : 192.168.0.1 205.171.2.25  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FF6EC2AC-67B8-4825-83EA-7977100B4131} | DhcpNameServer : 192.168.0.1 205.171.2.25  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LM0 12 HN-M500MBB SATA Disk Device +++++
--- User ---
[MBR] 2e0487424b56c59107caa25fa7f665cb
[bSP] 66f1c882e795472a7e95f91d5cefd3ff : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HP Photosmart C4280 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

Link to post
Share on other sites

Your detailed responses are nice but I dodn't have the time to read through them.
Please just do as I ask and answer my questions, let me know if you are having any problems with what we are doing.

====================================

Please make sure you have created that system restore oint before you continue!!

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

====================================

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next.........

Please run a Threat Scan
Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine All that's found

MrC

Link to post
Share on other sites

Hi, MrCharlie,

 

Thank you for your kind reply.  Apologies for my having over-compensated, as the one time in recent past when I received help from someone on a technical problem, I was scolded for making my own judgments as to what information was useful, and not having been thorough enough in providing all known information at the start, resulting in their having to retrace steps.

 

Okay, onward... below is the Fixlog.txt, and I'm now proceeding to do next instructed steps...

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Lana at 2014-09-13 10:18:53 Run:1
Running from C:\Users\Lana\Desktop\Malwarebytes Forum Help\Farbar Recovery Scan Tool
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-04-27]
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchProvider: Default -> Conduit Search
CHR DefaultSearchURL: Default -> http://search.conduit.com/Results.aspx?gd=&ctid=CT3320211&octid=EB_ORIGINAL_CTID&ISID=M782F641D-A4D0-4C2D-B9E1-A6EF76000046&SearchSource=58&CUI=&UM=5&UP=SP882A7893-CD1D-43ED-89F3-508FA9632CD1&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes -> Listing permissions failed. Access Denied.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Error deleting key. The key could be protected.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes -> Listing permissions failed. Access Denied.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fmdownloader@gmail.com => Value could not be deleted.

"C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com" directory move:

Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome.manifest" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\install.rdf" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\defaults\preferences\prefs.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\skin\32freemake.png" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\skin\overlay.css" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\skin\toolbar-button-over.png" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\skin\toolbar-button.png" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\locale\en-US\about.dtd" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\locale\en-US\overlay.dtd" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\locale\en-US\overlay.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\content\about.xul" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\content\button-enable.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\content\ff-overlay.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\content\ff-overlay.xul" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\chrome\content\overlay.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com" directory. => Scheduled to move on reboot.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com => Value could not be deleted.

"C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com" directory move:

Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome.manifest" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\install.rdf" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\modules\jQuery.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\modules\youtube_com.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\locale\ru-RU\main.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\locale\jp-JP\main.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\locale\it-IT\main.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\locale\fr-FR\main.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\locale\es-ES\main.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\locale\en-US\main.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\locale\de-DE\main.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\content\downloader.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\content\downloader.xul" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\content\icons\32freemake.png" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\content\icons\icon.png" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com" directory. => Scheduled to move on reboot.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fmconverter@gmail.com => Value could not be deleted.

"C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" directory move:

Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome.manifest" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\install.rdf" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\defaults\preferences\prefs.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\skin\32freemake.png" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\skin\overlay.css" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\skin\toolbar-button.png" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\locale\en-US\about.dtd" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\locale\en-US\overlay.dtd" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\locale\en-US\overlay.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\content\about.xul" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\content\button-enable.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\content\ff-overlay.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\content\ff-overlay.xul" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\chrome\content\overlay.js" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" directory. => Scheduled to move on reboot.

Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
 

Link to post
Share on other sites

Here are the AdwCleaner logs:  (There was another pair of .txt files in there indicating that I'd run this program while handling the "Conduit" problem.  Very strange, as I do not recall having done so, nothing in the AdwCleaner program screen was familiar to me at all in terms of ever having seen/used it before. Oh, well....)

 

# AdwCleaner v3.310 - Report created 13/09/2014 at 10:48:02
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : flowi_000 - LPC-ANEW
# Running from : C:\Users\Lana\Desktop\Malwarebytes Forum Help\AdwCleaner\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\Users\Lana\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17054


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1592 octets] - [08/06/2014 21:57:44]
AdwCleaner[R1].txt - [942 octets] - [13/09/2014 10:48:02]
AdwCleaner[s0].txt - [1677 octets] - [08/06/2014 22:28:53]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [1061 octets] ##########
 

 

 

 

# AdwCleaner v3.310 - Report created 13/09/2014 at 10:57:41
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : flowi_000 - LPC-ANEW
# Running from : C:\Users\Lana\Desktop\Malwarebytes Forum Help\AdwCleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Lana\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17054


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1592 octets] - [08/06/2014 21:57:44]
AdwCleaner[R1].txt - [1139 octets] - [13/09/2014 10:48:02]
AdwCleaner[s0].txt - [1677 octets] - [08/06/2014 22:28:53]
AdwCleaner[s1].txt - [1071 octets] - [13/09/2014 10:57:41]

########## EOF - \AdwCleaner\AdwCleaner[s1].txt - [1131 octets] ##########
 

Link to post
Share on other sites

Hi, MrCharlie,

 

Below is the Junkware Removal Tool log.  FYI, all went well, just one hold-breath moment at end.  While scanning, the JRT screen had shown a message saying that the desktop might temporarily disappear and this was normal.  It did disappear, main screen went all blue (just the small JRT scanning-screen sitting atop it).  When the scan finished, the JRT.txt file came up in Notepad, and the scan-screen message said that there would also be a copy of that JRT.txt file put on my desktop.

 

Just for good measure, before closing things out, I did a "Save As" save of that file with a slightly altered name into the desktop folder I'd made for the JRT.  Then "x'd" out the Notepad screen, and the JRT screen disappeared, too.  But the main blue screen stayed, the desktop did not reappear.  After waiting quite a long time, I finally pressed the laptop's power button.  It went to rest (it's light didn't go entirely off, kept blinking).  After a few minutes I pressed it again, and was glad to see the Microsoft default welcome page.  Logged in -- and got the same blank blue screen.  So crossed my fingers, pressed the power button, unhooked all cables, and removed the battery for a few minutes to reset things,..I hoped.  Reassembled everything, and very happy to report that all returned to normal.

 

However, there was no JRT.txt file on my desktop.  So I was very glad I'd made that Save-As save of it.

 

Then ran the Malwarebytes Threat Scan.  "Scan successful.. No threats found."  There was nothing Quarantined.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by flowi_000 on Sat 09/13/2014 at 11:36:49.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/13/2014 at 11:54:54.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Hi, MrCharlie,

 

I had to check in on a class for awhile, then went onto a few sites with videos to play to see what happened.  I was happy that I did not hear any audio ads try to pop in.  But then, with so many good things handled, I was surprised to see the Malwarebytes malicious site notification pop-up at the bottom of the screen again, a number of times as I continued to visit sites (all YouTube videos).

 

And then after checking the daily Protection log, I was puzzled at first by the earlier indicated intrusion attempts, and then I suddenly realized I might have screwed things up... as I'd completely zoned-out about the mandate to not download anything, and had briefly gone onto a totally trusted site earlier this morning to quickly grab a couple special instructional/trainings audios and videos I knew were waiting for me, needed for my personal health therapy.. I'm dealing with a rather painful condition, worsened by lack of sleep, and I wasn't thinking of anything at that moment than my own consuming discomfort and wishing to use the new therapy routines to gain a bit of relief before having to go on to several hours of class assignments.  :wacko:  Good grief... I can't even believe I did that.  Major "flunk".

 

Copied the daily Protection log just now --

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 9/13/2014 8:05:34 AM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.13.1, 2014.9.13.2,
Protection, 9/13/2014 8:05:40 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,
Protection, 9/13/2014 8:05:40 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 8:05:41 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 8:07:07 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,
Protection, 9/13/2014 8:07:07 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 8:07:08 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,
Detection, 9/13/2014 8:53:20 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62658, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/13/2014 8:53:21 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62658, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/13/2014 8:53:21 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62660, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/13/2014 8:53:21 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62663, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/13/2014 8:53:21 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62667, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Update, 9/13/2014 10:19:27 AM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.13.2, 2014.9.13.3,
Protection, 9/13/2014 10:19:27 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,
Protection, 9/13/2014 10:19:27 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 10:19:30 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 10:20:34 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,
Protection, 9/13/2014 10:20:34 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 10:20:35 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,
Protection, 9/13/2014 10:23:00 AM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Starting,
Protection, 9/13/2014 10:23:00 AM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Started,
Protection, 9/13/2014 10:23:00 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 10:23:29 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,
Protection, 9/13/2014 11:00:09 AM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Starting,
Protection, 9/13/2014 11:00:09 AM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Started,
Protection, 9/13/2014 11:00:10 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 11:01:20 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,
Protection, 9/13/2014 12:04:55 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Starting,
Protection, 9/13/2014 12:04:55 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Started,
Protection, 9/13/2014 12:04:56 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 12:05:12 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,
Update, 9/13/2014 12:08:43 PM, SYSTEM, LPC-ANEW, Manual, Malware Database, 2014.9.13.3, 2014.9.13.4,
Protection, 9/13/2014 12:08:43 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,
Protection, 9/13/2014 12:08:43 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 12:08:44 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 12:09:01 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,
Protection, 9/13/2014 12:09:01 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 12:09:03 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,
Update, 9/13/2014 2:13:59 PM, SYSTEM, LPC-ANEW, Scheduler, Rootkit Database, 2014.9.12.1, 2014.9.13.1,
Update, 9/13/2014 2:14:36 PM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.13.4, 2014.9.13.6,
Protection, 9/13/2014 2:14:36 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,
Protection, 9/13/2014 2:14:36 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 2:14:38 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 2:15:05 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,
Protection, 9/13/2014 2:15:06 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 2:16:31 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,
Detection, 9/13/2014 2:18:58 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52198, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/13/2014 2:18:58 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52198, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/13/2014 2:18:58 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52204, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/13/2014 2:19:00 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52214, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/13/2014 2:19:00 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52215, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/13/2014 2:40:29 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52810, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

(end)

Link to post
Share on other sites

Here are the FRST logs, MrC --

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Lana (ATTENTION: The logged in user is not administrator) on LPC-ANEW on 13-09-2014 17:31:19
Running from C:\Users\Lana\Desktop\Malwarebytes Forum Help\Farbar Recovery Scan Tool
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
(Spotify Ltd) C:\Users\Lana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-06-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2013-11-27] (Hewlett-Packard)
HKU\S-1-5-21-1929260117-778202956-3327960154-1002\...\Run: [Google Update] => C:\Users\Lana\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-25] (Google Inc.)
HKU\S-1-5-21-1929260117-778202956-3327960154-1002\...\Run: [spotify Web Helper] => C:\Users\Lana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-26] (Spotify Ltd)
HKU\S-1-5-21-1929260117-778202956-3327960154-1002\...\Run: [GoogleChromeAutoLaunch_1E6E905977BB5330AF6FB963C18B8E9E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422
FF Homepage: hxxp://www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Lana\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Lana\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Lana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Lana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lana\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lana\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422\searchplugins\startpage-https.xml
FF Extension: NetVideoHunter - C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422\Extensions\netvideohunter@netvideohunter.com [2014-07-29]
FF Extension: LastPass - C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422\Extensions\support@lastpass.com [2014-08-22]
FF Extension: DownloadHelper - C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2014-01-27]
FF Extension: Zotero - C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422\Extensions\zotero@chnm.gmu.edu.xpi [2014-02-16]
FF Extension: FlashGot - C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-01-27]
FF Extension: ScrapBook - C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-01-27]
FF Extension: DownThemAll! - C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\xiyrf5d2.default-1390659867422\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-27]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-09]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7ADCCCD0-FDEC-4A18-A329-550A87710223}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-25]
CHR Extension: (Google Drive) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-25]
CHR Extension: (Google Search) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-25]
CHR Extension: (Vimeo™ Download Videos) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg [2014-01-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-25]
CHR Extension: (RealPlayer Downloader) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-25]
CHR Extension: (Hangouts) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Gmail) - C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-05-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S3 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2009-07-22] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2736128 2009-07-22] (Firebird Project) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-11-05] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [23040 2012-11-05] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-11-05] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [23040 2012-11-05] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-11-05] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [23040 2012-11-05] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-05-13] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-09] () [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-06] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-16] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R3 bbcap; C:\Windows\system32\DRIVERS\bbcap.sys [4608 2014-01-11] (Windows ® Codename Longhorn DDK provider)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2013-07-17] (BitDefender LLC)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 11:36 - 2014-09-13 11:36 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 10:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-13 04:11 - 2014-09-13 04:11 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-13 04:11 - 2014-09-13 04:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-12 02:54 - 2014-09-12 02:54 - 00000000 ____D () C:\Users\Lana\Desktop\USING NOW
2014-09-11 23:12 - 2014-07-23 19:32 - 00002184 _____ () C:\Users\Lana\Desktop\Kindle - Copy.lnk
2014-09-11 23:12 - 2014-07-18 14:49 - 00002067 _____ () C:\Users\Lana\Desktop\GnuCash.lnk
2014-09-11 23:12 - 2014-07-17 14:37 - 00002000 _____ () C:\Users\Lana\Desktop\FileZilla Client.lnk
2014-09-11 23:12 - 2014-02-10 09:44 - 00002697 _____ () C:\Users\Lana\Desktop\Skype.lnk
2014-09-11 02:38 - 2014-09-13 17:31 - 00000000 ____D () C:\FRST
2014-09-11 02:36 - 2014-09-13 17:31 - 00000000 ____D () C:\Users\Lana\Desktop\Malwarebytes Forum Help
2014-09-10 07:52 - 2014-09-10 07:52 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 07:52 - 2014-09-10 07:52 - 00000000 ____D () C:\Users\Lana\AppData\Local\Apple Computer
2014-09-10 07:52 - 2014-09-10 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 07:51 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-10 07:49 - 2014-09-10 07:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 07:49 - 2014-09-10 07:51 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 07:49 - 2014-09-10 07:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-10 07:49 - 2014-09-10 07:49 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 07:45 - 2014-09-10 07:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-10 07:38 - 2014-09-10 07:40 - 112794960 _____ (Apple Inc.) C:\Users\Lana\Downloads\iTunes64Setup.exe
2014-09-05 17:54 - 2014-09-05 17:55 - 00000000 ____D () C:\Users\Lana\Desktop\Ryan Eliason via Marisa n Murray
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Lana\Desktop\Tsunami Sites
2014-09-05 04:06 - 2014-08-20 17:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-05 04:06 - 2014-08-20 11:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-05 04:06 - 2014-08-20 11:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-05 04:06 - 2014-08-20 11:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-05 04:06 - 2014-08-20 11:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-05 04:06 - 2014-08-20 11:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-05 04:06 - 2014-06-24 01:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-05 04:06 - 2014-06-24 00:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-05 04:06 - 2014-06-24 00:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-05 04:06 - 2014-06-24 00:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-05 04:06 - 2014-06-24 00:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-05 04:06 - 2014-06-23 22:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-05 04:06 - 2014-06-23 22:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-05 04:06 - 2014-06-23 22:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-03 20:36 - 2014-09-03 20:36 - 00000124 _____ () C:\Users\Lana\Desktop\Tsunami Sites my account login.url
2014-09-02 20:20 - 2014-09-02 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-01 08:11 - 2014-09-01 08:11 - 00000151 _____ () C:\Users\Lana\Desktop\Josh Elder free 30K training.url
2014-09-01 08:07 - 2014-09-01 08:07 - 00000121 _____ () C:\Users\Lana\Desktop\Tsunami Sites member login.url
2014-09-01 08:06 - 2014-09-01 08:07 - 00000141 _____ () C:\Users\Lana\Desktop\Matt Bacak Secret Sauce download page.url
2014-08-31 05:10 - 2014-08-23 00:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-31 05:10 - 2014-07-15 17:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 05:10 - 2014-07-11 20:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-31 04:30 - 2014-09-02 03:13 - 00000000 ____D () C:\Users\Lana\Desktop\Cameron and Mario AutoSalesMachine
2014-08-28 20:09 - 2014-08-28 20:10 - 00000000 ____D () C:\Users\Lana\Desktop\Elon Trending Azon Profits via Lee
2014-08-28 09:11 - 2014-08-28 09:11 - 00000000 ____D () C:\Users\Lana\Desktop\Suzanne Evans Overnight Success
2014-08-26 17:36 - 2014-08-26 17:42 - 00000000 ____D () C:\Users\Lana\Desktop\Todd Brown 6Fig Funnel via Tribby
2014-08-26 04:01 - 2014-08-26 19:15 - 00000000 ____D () C:\Users\Lana\Desktop\Aware Show new
2014-08-24 12:11 - 2014-08-24 12:12 - 00000000 ____D () C:\Users\Lana\Desktop\PIES
2014-08-24 10:40 - 2014-08-24 10:41 - 00000000 ____D () C:\Users\Lana\Desktop\Christian Mickelsen via Derek Rydall
2014-08-18 23:48 - 2014-08-18 23:48 - 00000000 ____D () C:\Users\Lana\Desktop\Kris Darty
2014-08-18 16:13 - 2014-08-01 18:15 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-18 16:13 - 2014-08-01 18:15 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-18 14:48 - 2014-07-15 16:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-18 14:43 - 2014-06-10 16:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-18 14:43 - 2014-06-10 16:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-18 14:38 - 2014-07-24 06:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 14:38 - 2014-07-24 06:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 14:38 - 2014-07-24 06:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 14:38 - 2014-07-24 06:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 14:38 - 2014-07-24 06:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 14:38 - 2014-07-24 04:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 14:38 - 2014-07-24 04:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 14:38 - 2014-07-24 04:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 14:38 - 2014-07-24 04:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 14:37 - 2014-07-24 06:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 14:37 - 2014-07-24 06:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 14:37 - 2014-07-24 06:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-18 14:37 - 2014-07-24 06:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 14:37 - 2014-07-24 06:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 14:37 - 2014-07-24 06:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 14:37 - 2014-07-24 04:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 14:37 - 2014-07-24 04:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 14:37 - 2014-07-24 04:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 14:37 - 2014-07-24 04:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 14:37 - 2014-07-24 04:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 14:37 - 2014-07-24 04:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 14:37 - 2014-07-24 02:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-18 14:37 - 2014-06-12 19:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-18 14:37 - 2014-06-12 19:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-18 14:35 - 2014-06-05 11:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-18 14:35 - 2014-06-05 11:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-18 14:35 - 2014-06-05 11:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-18 14:35 - 2014-06-05 07:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-18 14:35 - 2014-06-05 07:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-18 14:34 - 2014-06-19 17:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-18 14:34 - 2014-06-19 16:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-18 14:34 - 2014-05-28 22:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-18 14:34 - 2014-05-07 19:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-17 16:52 - 2014-08-26 03:58 - 00000000 ____D () C:\Users\Lana\Desktop\Robin Williams
2014-08-16 08:07 - 2014-09-10 07:53 - 00000000 ____D () C:\Users\Lana\AppData\Roaming\Apple Computer
2014-08-15 13:52 - 2014-08-15 13:52 - 00000000 ____D () C:\Users\Lana\Desktop\Health truth
2014-08-15 12:55 - 2014-08-15 12:56 - 00000000 ____D () C:\Users\Lana\Desktop\Aging Ageless Regeneration
2014-08-15 03:48 - 2014-09-10 07:49 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-15 03:48 - 2014-08-15 03:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-15 03:48 - 2014-08-15 03:48 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-15 03:48 - 2014-08-15 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-15 03:46 - 2014-08-15 03:46 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-15 03:46 - 2014-08-15 03:46 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-15 03:43 - 2014-08-15 03:43 - 41945432 _____ (Apple Inc.) C:\Users\Lana\Downloads\QuickTimeInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 17:31 - 2014-09-11 02:38 - 00000000 ____D () C:\FRST
2014-09-13 17:31 - 2014-09-11 02:36 - 00000000 ____D () C:\Users\Lana\Desktop\Malwarebytes Forum Help
2014-09-13 17:14 - 2014-02-03 20:17 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1929260117-778202956-3327960154-1002.job
2014-09-13 17:08 - 2014-01-25 19:32 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1929260117-778202956-3327960154-1002UA.job
2014-09-13 17:07 - 2014-01-25 19:33 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-13 17:00 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-13 16:39 - 2014-06-09 05:22 - 00000364 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-13 12:05 - 2014-01-25 19:33 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-13 12:04 - 2014-01-17 05:44 - 00000031 _____ () C:\Windows\system32\bbcap.err
2014-09-13 12:04 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 11:36 - 2014-09-13 11:36 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 10:59 - 2012-08-03 16:23 - 00719588 _____ () C:\Windows\PFRO.log
2014-09-13 10:58 - 2014-06-08 21:56 - 00000000 ____D () C:\AdwCleaner
2014-09-13 09:46 - 2014-04-18 06:19 - 00000000 ____D () C:\Users\Lana\dwhelper
2014-09-13 04:11 - 2014-09-13 04:11 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-13 04:11 - 2014-09-13 04:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-13 04:10 - 2014-06-09 05:58 - 00000000 ____D () C:\Users\Lana\Desktop\AntiVirus AntiMalware
2014-09-12 04:06 - 2012-07-26 01:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 02:54 - 2014-09-12 02:54 - 00000000 ____D () C:\Users\Lana\Desktop\USING NOW
2014-09-12 00:01 - 2014-02-07 23:14 - 00000000 ____D () C:\Users\Lana\AppData\Roaming\Skype
2014-09-11 23:08 - 2014-01-25 19:32 - 00000870 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1929260117-778202956-3327960154-1002Core.job
2014-09-11 15:17 - 2014-01-25 19:34 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-10 07:53 - 2014-08-16 08:07 - 00000000 ____D () C:\Users\Lana\AppData\Roaming\Apple Computer
2014-09-10 07:52 - 2014-09-10 07:52 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 07:52 - 2014-09-10 07:52 - 00000000 ____D () C:\Users\Lana\AppData\Local\Apple Computer
2014-09-10 07:52 - 2014-09-10 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 07:51 - 2014-09-10 07:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 07:51 - 2014-09-10 07:49 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 07:51 - 2014-09-10 07:49 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-10 07:49 - 2014-09-10 07:49 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 07:49 - 2014-08-15 03:48 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-10 07:46 - 2013-12-07 03:35 - 00000000 ____D () C:\ProgramData\Apple
2014-09-10 07:45 - 2014-09-10 07:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-10 07:40 - 2014-09-10 07:38 - 112794960 _____ (Apple Inc.) C:\Users\Lana\Downloads\iTunes64Setup.exe
2014-09-08 21:33 - 2013-12-07 18:13 - 01154799 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 14:56 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-06 18:09 - 2014-03-10 16:12 - 00000000 ____D () C:\Users\Lana\Desktop\TeeShirt all
2014-09-05 22:35 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\rescache
2014-09-05 17:55 - 2014-09-05 17:54 - 00000000 ____D () C:\Users\Lana\Desktop\Ryan Eliason via Marisa n Murray
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Lana\Desktop\Tsunami Sites
2014-09-05 04:10 - 2012-07-26 02:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-05 04:10 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-05 04:07 - 2012-07-26 01:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-04 07:20 - 2013-12-07 23:03 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2014-09-04 04:17 - 2014-07-21 12:43 - 00000000 ____D () C:\Users\Lana\Desktop\Adams Fall 2014 & Spring 2015
2014-09-03 20:36 - 2014-09-03 20:36 - 00000124 _____ () C:\Users\Lana\Desktop\Tsunami Sites my account login.url
2014-09-02 20:20 - 2014-09-02 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-02 03:15 - 2014-06-09 02:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-02 03:13 - 2014-08-31 04:30 - 00000000 ____D () C:\Users\Lana\Desktop\Cameron and Mario AutoSalesMachine
2014-09-01 08:11 - 2014-09-01 08:11 - 00000151 _____ () C:\Users\Lana\Desktop\Josh Elder free 30K training.url
2014-09-01 08:07 - 2014-09-01 08:07 - 00000121 _____ () C:\Users\Lana\Desktop\Tsunami Sites member login.url
2014-09-01 08:07 - 2014-09-01 08:06 - 00000141 _____ () C:\Users\Lana\Desktop\Matt Bacak Secret Sauce download page.url
2014-08-31 05:19 - 2014-07-25 14:49 - 00431864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 04:22 - 2014-06-14 20:42 - 00000000 ____D () C:\Users\Lana\Desktop\Video et al
2014-08-28 23:32 - 2014-07-08 04:50 - 00000000 ____D () C:\Users\Lana\Desktop\A - USE MAYBE
2014-08-28 20:10 - 2014-08-28 20:09 - 00000000 ____D () C:\Users\Lana\Desktop\Elon Trending Azon Profits via Lee
2014-08-28 10:22 - 2014-08-12 06:37 - 00000000 ____D () C:\Users\Lana\Desktop\Dan Kennedy via Rick Schefren
2014-08-28 09:11 - 2014-08-28 09:11 - 00000000 ____D () C:\Users\Lana\Desktop\Suzanne Evans Overnight Success
2014-08-28 00:09 - 2014-08-13 21:38 - 00000000 ____D () C:\Users\Lana\Desktop\Ezra Firestone via Ryan D
2014-08-26 19:15 - 2014-08-26 04:01 - 00000000 ____D () C:\Users\Lana\Desktop\Aware Show new
2014-08-26 17:42 - 2014-08-26 17:36 - 00000000 ____D () C:\Users\Lana\Desktop\Todd Brown 6Fig Funnel via Tribby
2014-08-26 03:58 - 2014-08-17 16:52 - 00000000 ____D () C:\Users\Lana\Desktop\Robin Williams
2014-08-26 03:51 - 2014-08-08 15:03 - 00000000 ____D () C:\Users\Lana\Desktop\Brittany Lynch via Russell Brunson
2014-08-25 20:52 - 2014-07-08 04:53 - 00000000 ____D () C:\Users\Lana\Desktop\A - USING NOW
2014-08-25 20:25 - 2014-07-06 21:15 - 00000000 ____D () C:\Users\Lana\Desktop\Video downloads various subjects
2014-08-25 04:03 - 2013-12-07 15:37 - 00000000 ____D () C:\Users\Lana\AppData\Local\Packages
2014-08-24 12:12 - 2014-08-24 12:11 - 00000000 ____D () C:\Users\Lana\Desktop\PIES
2014-08-24 10:41 - 2014-08-24 10:40 - 00000000 ____D () C:\Users\Lana\Desktop\Christian Mickelsen via Derek Rydall
2014-08-23 00:47 - 2014-08-31 05:10 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 17:43 - 2013-12-09 01:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-20 22:44 - 2014-01-03 15:10 - 00000000 ____D () C:\Users\Lana\Desktop\Devon Mentorship
2014-08-20 21:13 - 2014-07-08 04:52 - 00000000 ____D () C:\Users\Lana\Desktop\A - USE JUST FOR REFERENCE
2014-08-20 17:40 - 2014-09-05 04:06 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-08-20 11:05 - 2014-09-05 04:06 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-20 11:05 - 2014-09-05 04:06 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-08-20 11:05 - 2014-09-05 04:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-20 11:02 - 2014-09-05 04:06 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-20 11:02 - 2014-09-05 04:06 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-18 23:48 - 2014-08-18 23:48 - 00000000 ____D () C:\Users\Lana\Desktop\Kris Darty
2014-08-18 16:10 - 2013-12-15 00:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-18 16:10 - 2013-12-15 00:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-18 15:55 - 2013-12-08 17:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-18 15:02 - 2013-12-08 17:51 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 16:53 - 2014-07-04 19:46 - 00000000 ____D () C:\Users\Lana\Desktop\PeerTap
2014-08-15 13:52 - 2014-08-15 13:52 - 00000000 ____D () C:\Users\Lana\Desktop\Health truth
2014-08-15 12:56 - 2014-08-15 12:55 - 00000000 ____D () C:\Users\Lana\Desktop\Aging Ageless Regeneration
2014-08-15 10:09 - 2014-03-31 19:00 - 00000000 ____D () C:\Users\Lana\Desktop\FaceRig
2014-08-15 03:49 - 2014-08-15 03:48 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-15 03:48 - 2014-08-15 03:48 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-15 03:48 - 2014-08-15 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-15 03:46 - 2014-08-15 03:46 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-15 03:46 - 2014-08-15 03:46 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-15 03:43 - 2014-08-15 03:43 - 41945432 _____ (Apple Inc.) C:\Users\Lana\Downloads\QuickTimeInstaller.exe
2014-08-14 04:17 - 2014-07-23 21:44 - 00000000 ____D () C:\Users\Lana\Desktop\Ari Rothland all

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Lana at 2014-09-13 17:33:18
Running from C:\Users\Lana\Desktop\Malwarebytes Forum Help\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft)
AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{039B859F-360B-58D8-F86F-C277BA6ED7D8}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BB FlashBack Express (HKLM-x32\...\BB FlashBack Express) (Version: 4.1.8.2960 - Blueberry)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bolt PDF Printer (HKLM-x32\...\BoltPDF) (Version: 1.17 - NCH Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
C4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CountAnything (HKLM-x32\...\CountAnything_is1) (Version: 2.1 - Ginstrom IT Solutions (GITS))
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2.5712 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.2.2114 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2110 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4528 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.5.5811 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.17 - NCH Software)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Firebird 2.1.3.18185 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.3.18185 - Firebird Project)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FlameRobin 0.9.2 (HKLM-x32\...\FlameRobin_is1) (Version:  - The FlameRobin Project)
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GnuCash 2.6.3 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.0.1558 (HKCU\...\GoToMeeting) (Version: 6.4.0.1558 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{711EA7BB-5FF5-487F-8379-46BB5696FE40}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
iWisoft Free Video Downloader 2.1 (HKLM-x32\...\iWisoft Free Video Downloader_is1) (Version: 2.1 - www.iwisoft.com)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LongTailPro - Version 2.4.27 (HKLM-x32\...\com.longtailpro.LongTailPro) (Version: 2.4.27 - Long Tail Media, LLC)
LongTailPro - Version 2.4.27 (x32 Version: 2.4.27 - Long Tail Media, LLC) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Painter Classic (HKLM-x32\...\PainterClassicDeinstKey) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PenOffice 2.0 (HKLM-x32\...\PenOffice) (Version:  - )
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PS_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.10 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Subliminal Power 2 (HKLM-x32\...\{3BA67FA2-59B4-4473-A415-0A12AEFFBDCD}}_is1) (Version:  - www.subliminalpower2.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toolwiz FlipBook (HKLM-x32\...\Toolwiz FlipBook_is1) (Version: 1.5.0.0 - Toolwiz)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TurboCASH4.5.1.760 - Development Release (HKLM-x32\...\TurboCASH4_is1) (Version:  - Philip Copeman)
TurboCASH451.760 Update to TurboCASH451.838 (HKLM-x32\...\TurboCASH451.760 Update to TurboCASH451.838_is1) (Version:  - TurboCASH)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.04) (Version: 1.04 - Webvati)
VideoMakerFX (x32 Version: 1.04 - Webvati) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-2 - Wacom Technology Corp.)
Wacom PenTools (HKLM-x32\...\PenTools) (Version:  - )
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zotero Standalone 4.0.22 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.22 (x86 en-US)) (Version: 4.0.22 - Zotero)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 23:26 - 2014-06-09 02:54 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1929260117-778202956-3327960154-1002.job => C:\Users\Lana\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1929260117-778202956-3327960154-1002Core.job => C:\Users\Lana\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1929260117-778202956-3327960154-1002UA.job => C:\Users\Lana\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => ?

==================== Loaded Modules (whitelisted) =============

2014-08-22 17:41 - 2014-08-22 17:41 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 13:29 - 2014-05-01 13:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 08886592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_locale-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02101568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\HtmlFramework.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\DllStorage.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00832848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTrayDefaultSkin.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\Localization.dll
2014-01-16 22:30 - 2013-12-16 19:17 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-09-12 19:20 - 2012-09-12 19:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-10-12 19:22 - 2012-10-12 19:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2013-12-07 15:38 - 2013-12-07 15:38 - 00120224 _____ () C:\Users\Lana\AppData\Local\assembly\dl3\Z1KWYX3H.AL2\R3TN3O66.Q7B\b2fb34a1\00f33f28_e1a8cd01\HPItunesModule.DLL
2012-10-12 19:22 - 2012-10-12 19:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 19:22 - 2012-10-12 19:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1E6E905977BB5330AF6FB963C18B8E9E"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/13/2014 00:04:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:00:02 PM on ‎9/‎13/‎2014 was unexpected.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD E2-1800 APU with Radeon HD Graphics
Percentage of memory in use: 46%
Total physical RAM: 3682.26 MB
Available physical RAM: 1986.57 MB
Total Pagefile: 5538.26 MB
Available Pagefile: 3489.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.54 GB) (Free:227.22 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.45 GB) (Free:2.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Link to post
Share on other sites

Please don't install programs like this: Freemake Video Downloader & Freemake Video Converter
http://www.systemlookup.com/FF_Extensions/2684-fmdownloader_gmail_com.html <---read!!!

============

Go to your programs and Features and uninstall these if possible: (adware/malware)
Freemake Video Converter
Freemake Video Downloader


===============

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

==================

Re-scan with AdwCleaner, JRT and Malwarebytes.

MrC

Link to post
Share on other sites

Hi, MrC,

 

In Programs and Features, uninstall of Freemake Video Converer went all okay.  Uninstall of Freemake Video Downloader said was basically done, but that some components couldn't be uninstalled, would have to be done manually.

I found a "Freemake" folder in "Program Files (x86)" with a few subfolders and numerous items still in them (e.g. .dlls and other stuff) and deleted the main "Freemake" folder and all in it.

Also deleted any remaining programs or items I saw that were of NCH Software origin.  Then did a full Power Off and Power On of computer.  Then did the FRST Fix log is below.  Going on now to the remaining steps.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Lana at 2014-09-13 20:02:25 Run:2
Running from C:\Users\Lana\Desktop\Malwarebytes Forum Help\Farbar Recovery Scan Tool
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

*****************

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fmdownloader@gmail.com => Value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com => Value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fmconverter@gmail.com => Value not found.

==== End of Fixlog ====

Link to post
Share on other sites

Hi, MrC,

 

Completed the instructed steps.

 

Some old notes reminded me that it might be helpful to carefully glance through the Registry area.  I don’t know if this is helpful or not, but this is what I found:

 

Under:  “HKEY_LOCAL_MACHINE\SOFTWARE” there are a couple “NCH..” folders with a few things in them.

Under:  “HKEY_CURRENT_USER\SOFTWARE” found a “Freemake” folder with subfolders and sub-subfolders and quite a lot of stuff in them.

 

Thank you for all you’re doing.

 

 

 

AdwCleaner[R2}.txt  --

 

 

# AdwCleaner v3.310 - Report created 13/09/2014 at 20:32:39

# Updated 12/09/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : flowi_000 - LPC-ANEW

# Running from : C:\Users\Lana\Desktop\Malwarebytes Forum Help\AdwCleaner\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.17054

 

 

-\\ Google Chrome v37.0.2062.120

 

[ File : C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1592 octets] - [08/06/2014 21:57:44]

AdwCleaner[R1].txt - [1139 octets] - [13/09/2014 10:48:02]

AdwCleaner[R2].txt - [790 octets] - [13/09/2014 20:32:39]

AdwCleaner[s0].txt - [1677 octets] - [08/06/2014 22:28:53]

AdwCleaner[s1].txt - [1209 octets] - [13/09/2014 10:57:41]

 

########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [969 octets] ##########

 

 

 

 

AdwCleaner[s2].txt  --

 

 

# AdwCleaner v3.310 - Report created 13/09/2014 at 20:39:01

# Updated 12/09/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : flowi_000 - LPC-ANEW

# Running from : C:\Users\Lana\Desktop\Malwarebytes Forum Help\AdwCleaner\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.17054

 

 

-\\ Google Chrome v37.0.2062.120

 

[ File : C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1592 octets] - [08/06/2014 21:57:44]

AdwCleaner[R1].txt - [1139 octets] - [13/09/2014 10:48:02]

AdwCleaner[R2].txt - [1046 octets] - [13/09/2014 20:32:39]

AdwCleaner[s0].txt - [1677 octets] - [08/06/2014 22:28:53]

AdwCleaner[s1].txt - [1209 octets] - [13/09/2014 10:57:41]

AdwCleaner[s2].txt - [971 octets] - [13/09/2014 20:39:01]

 

########## EOF - \AdwCleaner\AdwCleaner[s2].txt - [1030 octets] ##########

 

 

 

 

Junkware Removal Tool,  JRT.txt  --

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8 x64

Ran by flowi_000 on Sat 09/13/2014 at 20:53:44.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 09/13/2014 at 21:11:37.44

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Malwarebytes

 

Most recent daily Protection log to 9:48 p.m.  --

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Update, 9/13/2014 8:05:34 AM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.13.1, 2014.9.13.2,

Protection, 9/13/2014 8:05:40 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,

Protection, 9/13/2014 8:05:40 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,

Protection, 9/13/2014 8:05:41 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,

Protection, 9/13/2014 8:07:07 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,

Protection, 9/13/2014 8:07:07 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 8:07:08 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Detection, 9/13/2014 8:53:20 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62658, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 8:53:21 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62658, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 8:53:21 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62660, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 8:53:21 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62663, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 8:53:21 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62667, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Update, 9/13/2014 10:19:27 AM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.13.2, 2014.9.13.3,

Protection, 9/13/2014 10:19:27 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,

Protection, 9/13/2014 10:19:27 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,

Protection, 9/13/2014 10:19:30 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,

Protection, 9/13/2014 10:20:34 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,

Protection, 9/13/2014 10:20:34 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 10:20:35 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Protection, 9/13/2014 10:23:00 AM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Starting,

Protection, 9/13/2014 10:23:00 AM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Started,

Protection, 9/13/2014 10:23:00 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 10:23:29 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Protection, 9/13/2014 11:00:09 AM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Starting,

Protection, 9/13/2014 11:00:09 AM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Started,

Protection, 9/13/2014 11:00:10 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 11:01:20 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Protection, 9/13/2014 12:04:55 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Starting,

Protection, 9/13/2014 12:04:55 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Started,

Protection, 9/13/2014 12:04:56 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 12:05:12 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Update, 9/13/2014 12:08:43 PM, SYSTEM, LPC-ANEW, Manual, Malware Database, 2014.9.13.3, 2014.9.13.4,

Protection, 9/13/2014 12:08:43 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,

Protection, 9/13/2014 12:08:43 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,

Protection, 9/13/2014 12:08:44 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,

Protection, 9/13/2014 12:09:01 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,

Protection, 9/13/2014 12:09:01 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 12:09:03 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Update, 9/13/2014 2:13:59 PM, SYSTEM, LPC-ANEW, Scheduler, Rootkit Database, 2014.9.12.1, 2014.9.13.1,

Update, 9/13/2014 2:14:36 PM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.13.4, 2014.9.13.6,

Protection, 9/13/2014 2:14:36 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,

Protection, 9/13/2014 2:14:36 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,

Protection, 9/13/2014 2:14:38 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,

Protection, 9/13/2014 2:15:05 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,

Protection, 9/13/2014 2:15:06 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 2:16:31 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Detection, 9/13/2014 2:18:58 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52198, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 2:18:58 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52198, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 2:18:58 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52204, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 2:19:00 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52214, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 2:19:00 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52215, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 2:40:29 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52810, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Detection, 9/13/2014 4:59:29 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56369, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

Update, 9/13/2014 7:01:00 PM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.13.6, 2014.9.14.1,

Protection, 9/13/2014 7:01:00 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,

Protection, 9/13/2014 7:01:00 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,

Protection, 9/13/2014 7:01:01 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,

Protection, 9/13/2014 7:01:15 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,

Protection, 9/13/2014 7:01:15 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 7:01:15 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Protection, 9/13/2014 8:41:25 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Starting,

Protection, 9/13/2014 8:41:25 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Started,

Protection, 9/13/2014 8:41:26 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 8:41:47 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Update, 9/13/2014 8:50:59 PM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.14.1, 2014.9.14.2,

Protection, 9/13/2014 8:51:00 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,

Protection, 9/13/2014 8:51:00 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,

Protection, 9/13/2014 8:51:00 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,

Protection, 9/13/2014 8:51:11 PM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,

Protection, 9/13/2014 8:51:11 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 8:51:12 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Protection, 9/13/2014 9:20:15 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Starting,

Protection, 9/13/2014 9:20:15 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Started,

Protection, 9/13/2014 9:20:15 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 9:20:27 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

Protection, 9/13/2014 9:47:49 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Starting,

Protection, 9/13/2014 9:47:49 PM, SYSTEM, LPC-ANEW, Protection, Malware Protection, Started,

Protection, 9/13/2014 9:47:50 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,

Protection, 9/13/2014 9:48:11 PM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,

 

(end)

 

 

 

 

Malwarebytes Scanning History Log --

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/13/2014

Scan Time: 9:23:40 PM

Logfile: late Sat scan log for post 9-13-14.txt

Administrator: No

 

Version: 2.00.2.1012

Malware Database: v2014.09.14.02

Rootkit Database: v2014.09.13.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: Lana

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 234869

Time Elapsed: 18 min, 12 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.Ellora, C:\$Recycle.Bin\S-1-5-21-1929260117-778202956-3327960154-1002\$RTRBM4M.exe, Quarantined, [fb8fb03d8fec90a684ae123f39c8d42c],

PUP.Optional.OpenCandy, C:\$Recycle.Bin\S-1-5-21-1929260117-778202956-3327960154-1002\$RU8B22C.exe, Quarantined, [d1b98c61e19a37ff7e069885a45dd030],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Hi, MrC,

 

Here is the latest.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 9/14/2014 12:18:13 AM, SYSTEM, LPC-ANEW, Scheduler, Malware Database, 2014.9.14.2, 2014.9.14.3,
Protection, 9/14/2014 12:18:17 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Starting,
Protection, 9/14/2014 12:18:17 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopping,
Protection, 9/14/2014 12:18:18 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Stopped,
Protection, 9/14/2014 12:18:49 AM, SYSTEM, LPC-ANEW, Protection, Refresh, Success,
Protection, 9/14/2014 12:18:49 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Starting,
Protection, 9/14/2014 12:18:49 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, Started,
Detection, 9/14/2014 2:13:41 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53001, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/14/2014 2:13:41 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53001, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/14/2014 2:13:41 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53005, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/14/2014 2:13:41 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53008, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 9/14/2014 2:13:42 AM, SYSTEM, LPC-ANEW, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53011, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

(end)

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.