Jump to content

help removing com surrogate, powelik, adclicker


Ryan5000
 Share

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Ryan (administrator) on RYAN-PC on 12-11-2014 16:21:33
Running from C:\Users\Ryan\Downloads
Loaded Profile: Ryan (Available profiles: Ryan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\pcTrayApp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(SwapDrive, Inc.) C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Spotify Ltd) C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2727936 2012-06-07] (Alcatel-Lucent)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [DelTr1171583] => cmd.exe /c rd /s /q  "C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren"
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [OnlineBackupScheduler] => C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe [610304 2007-11-02] (SwapDrive, Inc.)
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [spotify Web Helper] => C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [bRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\RunOnce: [DelTr1171583] => cmd.exe /c rd /s /q  "C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren"
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\RunOnce: [WSE_Lasaoren] => [X]
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Backup Scheduler.lnk
ShortcutTarget: Online Backup Scheduler.lnk -> C:\Windows\Installer\{A9255718-8A40-45F9-B738-93655FBD4F6F}\_C90BDFE323B95CEE248723.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Lasaoren.com/...cr=90030310&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mysearchlinks.com/
SearchScopes: HKLM - DefaultScope {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.co...=1230190011&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/...cr=90030310&ir=
SearchScopes: HKLM - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.co...=1230190011&ir=
SearchScopes: HKLM - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/...cr=90030310&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/...cr=90030310&ir=
SearchScopes: HKCU - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.co...=1230190011&ir=
SearchScopes: HKCU - {9AD1DDCA-9138-4F37-8542-E774CE72FEDC} URL = http://search.yahoo....rtPage?}&fr=ie8
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4
SearchScopes: HKCU - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {EFBAA18C-764F-4320-A142-84ACC4C3AF65} URL = http://search.usatod...w={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3275123363-4289498944-2812251985-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default
FF DefaultSearchEngine: Lasaoren
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Lasaoren
FF Homepage: hxxp://lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2xzuyetn2y1l1qzu0etd0c0bye0eyb0d0czyydzytbtctbtdtn0d0tzu0stctdyeybtn1l2xzutatfyctftctftdtn1l1czutcyetbzytdyd1v1ttn1l1g1b1v1n2y1l1qzu2syc0c0btayd0fzyyetgzztb0etbtgzzyezztctgybyctcyetgtctatczzzyybtctb0b0b0ftd2qtn1m1f1b2z1v1n2y1l1qzu2stcybzz0byc0byd0atg0dtd0e0ctgyetd0a0etgzyybyezztg0eyd0fta0d0dta0ftdzzzyye2q&cr=90030310&ir=
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @cnw.com/cnwplugin -> C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll (AnyMeeting, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ryan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\Lasaoren.xml
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: LastPass - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\support@lastpass.com [2014-08-18]
FF Extension: Evernote Web Clipper - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-10]
FF Extension: Firebug - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-05]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-07-30]
FF Extension: Yesware Email Tracking - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-05-20]
FF Extension: YSlow - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\yslow@yahoo-inc.com.xpi [2012-12-05]
FF Extension: Lasaoren - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{0760faf4-8d0b-49d1-bbac-d05eb1ac32c7}.xpi [2014-11-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-11-12]
FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://Lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=
CHR StartupUrls: Default -> "hxxp://Lasaoren.com/?f=7&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=","hxxp://astromenda.com/?f=7&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir="
CHR DefaultSearchKeyword: Default -> Lasaoren.com
CHR DefaultSearchURL: Default -> http://Lasaoren.com/...cr=90030310&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-06]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-11-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-14]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-14]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2012-11-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [361472 2012-06-18] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-06-18] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342016 2012-06-14] (Alcatel-Lucent) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20141111.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation)
R3 L6TPortB; C:\Windows\System32\Drivers\L6TPortB64.sys [894336 2010-03-09] (Line 6)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [131800 2014-11-12] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.034\ENG64.SYS [129752 2014-10-06] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.034\EX64.SYS [2137304 2014-10-06] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 15:45 - 2014-11-12 15:45 - 00042051 _____ () C:\Users\Ryan\Downloads\Addition.txt
2014-11-12 15:43 - 2014-11-12 16:22 - 00034003 _____ () C:\Users\Ryan\Downloads\FRST.txt
2014-11-12 15:43 - 2014-11-12 16:21 - 00000000 ____D () C:\FRST
2014-11-12 15:43 - 2014-11-12 15:43 - 02116096 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe
2014-11-12 13:17 - 2014-11-12 13:17 - 00000044 _____ () C:\Users\Ryan\AppData\Roaming\WB.CFG
2014-11-12 12:22 - 2014-11-12 12:22 - 00001164 _____ () C:\Users\Ryan\Desktop\Continue Free Download Installation.lnk
2014-11-12 12:16 - 2014-11-12 12:17 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren
2014-11-12 12:16 - 2014-11-12 12:16 - 24489269 _____ () C:\Users\Ryan\Downloads\setup_free.exe
2014-11-12 12:16 - 2014-11-12 12:16 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-11-12 12:13 - 2014-11-12 12:13 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup(1).exe
2014-11-12 12:12 - 2014-11-12 12:12 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup.exe
2014-11-12 11:25 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-12 11:21 - 2014-11-12 11:21 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.08.0.1001(1).exe
2014-11-12 11:16 - 2014-11-12 11:17 - 00000000 ____D () C:\Users\Ryan\Desktop\CB Logos
2014-11-12 11:11 - 2014-11-12 11:17 - 00000000 ____D () C:\Users\Ryan\Desktop\New folder
2014-11-12 11:05 - 2014-11-12 11:09 - 00000000 ____D () C:\Users\Ryan\Desktop\mysearchlinkspics
2014-11-12 11:01 - 2014-11-12 12:06 - 00000000 ____D () C:\Users\Ryan\Desktop\mbar
2014-11-12 11:00 - 2014-11-12 11:00 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.08.0.1001.exe
2014-11-12 09:18 - 2014-11-12 09:18 - 04909382 _____ () C:\Users\Ryan\Downloads\mbam-chameleon-3.1.7.0(1).zip
2014-11-12 02:14 - 2014-11-12 11:25 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 02:13 - 2014-11-12 11:23 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 02:13 - 2014-11-12 02:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-12 02:13 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 02:13 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 02:12 - 2014-11-12 02:12 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-12 02:09 - 2014-11-12 02:09 - 04909382 _____ () C:\Users\Ryan\Downloads\mbam-chameleon-3.1.7.0.zip
2014-11-11 16:34 - 2014-11-11 16:34 - 00001624 _____ () C:\Users\Ryan\Desktop\Shortcut to scrapebox.exe.lnk
2014-11-11 16:31 - 2014-11-11 16:31 - 00425984 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ryan\Downloads\libeay32.dll
2014-11-11 16:31 - 2014-11-11 16:31 - 00232960 _____ (GnuWin32 <http://gnuwin32.sourceforge.net>) C:\Users\Ryan\Downloads\libssl32.dll
2014-11-11 16:31 - 2014-11-11 16:31 - 00200704 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ryan\Downloads\ssleay32.dll
2014-11-10 08:12 - 2014-11-10 08:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 22:23 - 2014-11-08 22:24 - 01701816 _____ () C:\Windows\Minidump\110814-61589-01.dmp
2014-11-07 14:22 - 2014-11-11 16:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Plugins
2014-11-07 14:22 - 2014-11-11 16:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Addons
2014-11-07 14:22 - 2014-11-11 16:31 - 00000000 ____D () C:\Users\Ryan\Downloads\Configuration
2014-11-07 14:22 - 2014-09-02 01:42 - 04072384 _____ (Softtouch Software Design) C:\Users\Ryan\Downloads\scrapebox.exe
2014-11-07 14:22 - 2012-02-17 17:58 - 00000000 ____D () C:\Users\Ryan\Downloads\Blacklist
2014-11-07 14:22 - 2012-02-02 20:43 - 00000000 ____D () C:\Users\Ryan\Downloads\RSS Submission
2014-11-07 14:22 - 2011-05-05 18:42 - 00000000 ____D () C:\Users\Ryan\Downloads\Comment Poster
2014-11-07 14:22 - 2011-04-13 01:21 - 00482760 _____ (Softtouch Software Design) C:\Users\Ryan\Downloads\sbupdate.exe
2014-11-07 14:22 - 2009-12-16 15:36 - 00000000 ____D () C:\Users\Ryan\Downloads\Projects
2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Trackbacks
2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Proxies
2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Ping Mode
2014-11-07 14:21 - 2014-11-07 14:21 - 05230370 _____ () C:\Users\Ryan\Downloads\scrapebox.zip
2014-11-07 14:21 - 2014-11-07 14:21 - 00000000 ____D () C:\Users\Ryan\Downloads\scrapebox
2014-11-07 07:52 - 2014-11-07 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-04 14:03 - 2014-11-04 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-03 19:16 - 2014-11-03 19:16 - 00091068 _____ () C:\Users\Ryan\Documents\6 month top 250 stock gainers.xlsx
2014-11-03 19:09 - 2014-11-03 19:10 - 00091654 _____ () C:\Users\Ryan\Documents\3 month percent average top 250.xlsx
2014-11-03 13:04 - 2014-11-03 13:04 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-03 13:04 - 2014-11-03 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-03 13:04 - 2014-11-03 13:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-03 13:02 - 2014-11-03 13:02 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-03 13:02 - 2014-11-03 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\Program Files\iTunes
2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-03 12:59 - 2014-11-03 12:59 - 00000000 ____D () C:\Program Files\iPod
2014-11-03 12:13 - 2014-11-03 12:13 - 00001034 _____ () C:\Users\Ryan\Desktop\Apple Mobile Device USB Driver - Shortcut.lnk
2014-11-03 12:09 - 2014-11-03 12:09 - 00000000 ____D () C:\Windows\en
2014-11-03 12:08 - 2014-11-03 12:08 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-11-03 12:07 - 2014-11-03 12:07 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-11-03 12:04 - 2014-11-03 12:04 - 00002178 _____ () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-11-03 09:46 - 2014-11-03 09:47 - 72331056 _____ (Apple Inc.) C:\Users\Ryan\Downloads\iCloudSetup.exe
2014-10-31 13:34 - 2014-10-31 13:36 - 122418480 _____ (Apple Inc.) C:\Users\Ryan\Downloads\iTunes64Setup.exe
2014-10-14 22:52 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 22:52 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 22:52 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 22:52 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 22:52 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 22:52 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 22:52 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 22:52 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 22:52 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 22:52 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 22:52 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 22:52 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 22:52 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 22:52 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 22:52 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 22:52 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 22:52 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 22:52 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 22:52 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 22:52 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 22:52 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 22:52 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 22:52 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 22:52 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 22:52 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 22:52 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 22:52 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 22:52 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 22:52 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 22:52 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 22:52 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 22:52 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 22:52 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 22:52 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 22:52 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 22:52 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 22:52 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 22:52 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 22:52 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 22:52 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 22:52 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 22:52 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 22:52 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 22:52 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 22:51 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 22:51 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 22:51 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 22:51 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 22:51 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 22:51 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 22:51 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 22:51 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 22:51 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 22:51 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 22:51 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 22:51 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 22:51 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 22:51 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 22:51 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 22:51 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 22:51 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 22:51 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 22:51 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 22:51 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 22:51 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 22:51 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 22:51 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 22:51 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 22:51 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 22:51 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 22:51 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 22:51 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 22:51 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 22:51 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 22:51 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 22:51 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 22:51 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 22:51 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 22:51 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 22:51 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 22:51 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 22:51 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 22:51 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 22:51 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 22:51 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 22:51 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 22:51 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 22:51 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 22:51 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 22:51 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 22:51 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 22:51 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 22:51 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 22:51 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 22:51 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 22:51 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 22:51 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 22:51 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 22:51 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 22:51 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 22:51 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 22:51 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 22:51 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 22:51 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 22:51 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 22:51 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 22:51 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 22:51 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 22:51 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 22:51 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 22:51 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 22:51 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 22:51 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 22:51 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 22:51 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 22:51 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 22:51 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 22:51 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 22:51 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 22:51 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 22:51 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 22:50 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 22:50 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 22:50 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 22:50 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-13 07:47 - 2014-10-13 07:47 - 01652435 _____ () C:\Users\Ryan\Downloads\Files(1).zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 16:18 - 2013-01-17 14:19 - 00000000 __HDC () C:\ProgramData\~1
2014-11-12 16:17 - 2011-05-23 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-11-12 16:16 - 2013-05-25 12:16 - 00000000 __HDC () C:\ProgramData\~0
2014-11-12 16:15 - 2013-06-02 10:37 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-11-12 16:15 - 2013-06-02 10:37 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-11-12 16:15 - 2012-01-27 16:29 - 00000000 ____D () C:\Program Files\Native Instruments
2014-11-12 16:13 - 2013-10-25 14:12 - 00000000 ____D () C:\ProgramData\Camel Audio
2014-11-12 16:13 - 2013-10-25 14:12 - 00000000 ____D () C:\Program Files (x86)\Camel Audio
2014-11-12 16:13 - 2013-10-18 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camel Audio
2014-11-12 16:12 - 2011-09-14 21:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-12 16:06 - 2011-09-14 21:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 15:52 - 2012-11-16 20:30 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-11-12 15:50 - 2010-06-24 19:21 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps
2014-11-12 15:46 - 2014-04-07 08:59 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3275123363-4289498944-2812251985-1000.job
2014-11-12 15:26 - 2012-04-04 08:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 15:02 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 15:02 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 14:59 - 2010-02-26 06:30 - 01777953 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 14:55 - 2012-05-18 16:13 - 00000000 ___RD () C:\Users\Ryan\Dropbox
2014-11-12 14:55 - 2012-05-18 16:10 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Dropbox
2014-11-12 14:54 - 2013-12-12 17:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Spotify
2014-11-12 14:51 - 2010-01-15 09:10 - 02397924 _____ () C:\Windows\PFRO.log
2014-11-12 14:51 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 14:51 - 2009-07-13 20:51 - 00043030 _____ () C:\Windows\setupact.log
2014-11-12 11:18 - 2014-02-14 16:54 - 00000000 ____D () C:\Users\Ryan\Desktop\Pics
2014-11-12 08:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Speech
2014-11-12 03:37 - 2010-04-03 16:55 - 00000000 ____D () C:\Program Files (x86)\QuickBooks Online Backup
2014-11-11 17:47 - 2014-09-27 15:37 - 00000000 ____D () C:\Users\Ryan\AppData\Local\NPE
2014-11-11 17:26 - 2014-09-27 15:39 - 00000000 ____D () C:\NPE
2014-11-11 16:48 - 2010-03-20 12:07 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{27FAE3BD-BE82-405C-8E7D-DB50733813FF}
2014-11-11 13:26 - 2012-04-04 08:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 13:26 - 2012-04-04 08:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 13:26 - 2011-05-23 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 10:38 - 2014-08-14 07:50 - 04246016 ___SH () C:\Users\Ryan\Desktop\Thumbs.db
2014-11-11 10:19 - 2014-08-21 13:42 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRyan
2014-11-11 10:19 - 2014-08-21 13:42 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForRyan.job
2014-11-11 08:53 - 2014-07-22 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 08:44 - 2013-12-12 17:00 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Spotify
2014-11-09 01:22 - 2014-04-07 08:59 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3275123363-4289498944-2812251985-1000
2014-11-08 22:23 - 2013-08-22 20:28 - 578582455 _____ () C:\Windows\MEMORY.DMP
2014-11-08 22:23 - 2013-08-22 20:28 - 00000000 ____D () C:\Windows\Minidump
2014-11-07 08:16 - 2010-03-23 11:17 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Adobe
2014-11-07 08:06 - 2010-03-23 11:56 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Apple Computer
2014-11-06 14:56 - 2010-04-04 15:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-05 12:20 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 14:03 - 2014-08-26 08:03 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-11-04 14:03 - 2014-08-26 08:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-04 14:03 - 2012-11-16 20:30 - 00000000 ____D () C:\ProgramData\Skype
2014-11-04 11:22 - 2013-05-19 16:04 - 00000000 ____D () C:\Users\Ryan\.thinkorswim
2014-11-04 11:22 - 2010-05-10 07:52 - 00000000 ____D () C:\Program Files (x86)\thinkorswim
2014-11-03 14:45 - 2012-06-01 17:36 - 04150784 ___SH () C:\Users\Ryan\Downloads\Thumbs.db
2014-11-03 13:40 - 2010-03-20 15:18 - 00000000 ____D () C:\Users\Ryan\Tracing
2014-11-03 12:59 - 2010-03-23 11:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-03 12:58 - 2013-03-15 14:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-03 12:10 - 2011-05-23 17:52 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Windows Live
2014-11-03 12:09 - 2011-05-23 17:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-11-03 12:08 - 2012-11-17 11:26 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-11-03 12:07 - 2011-05-23 17:55 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-11-03 12:07 - 2010-01-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-11-03 12:06 - 2012-11-17 11:25 - 00000000 ____D () C:\Program Files\Windows Live
2014-11-03 12:04 - 2010-01-15 09:48 - 00033369 _____ () C:\Windows\DirectX.log
2014-11-03 10:49 - 2010-03-19 14:58 - 00000000 ____D () C:\Users\Ryan
2014-11-03 09:49 - 2010-03-23 11:54 - 00000000 ____D () C:\ProgramData\Apple
2014-10-31 09:09 - 2010-03-20 12:25 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-10-29 01:09 - 2013-06-06 16:09 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 19:09 - 2011-11-10 12:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-21 16:01 - 2011-09-14 21:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 16:01 - 2011-09-14 21:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 16:01 - 2011-09-14 21:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 15:14 - 2012-06-18 21:32 - 00000000 ____D () C:\Program Files (x86)\ATT-SST
2014-10-15 07:27 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 03:24 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 02:46 - 2009-07-13 20:45 - 04981328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 02:43 - 2014-05-06 14:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 02:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 02:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:20 - 2010-03-23 11:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 02:15 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:01 - 2010-03-20 12:19 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxsol3s.dll
C:\Users\Ryan\AppData\Local\Temp\ICReinstall_Free_Download_Setup(1).exe
C:\Users\Ryan\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:31

==================== End Of Log ============================

 

 

**NOTE**malawarebytes.txt

Above is the first log, attached is log 1 and 2.  I previously posted this same post in error with log 1 plus log 2 as a reply but this is the correction!  Thanks! 

Link to post
Share on other sites

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


MalwarebytesAntiRootkit.png Scan with Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save the file to your desktop.

Note that the tool is still in its BETA stage, therefore not all functionalities may be added.

  • Right-click on MalwarebytesAntiRootkit.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you for an extraction place - make sure you will unpack it to your desktop.
  • After the extraction, the tool should start itself (no action required).
  • On the Introduction screen click Next.
  • On the Update screen click Update.
  • When prompted about the succesful update, click Next.
  • On the Scan System screen, make sure that all three options
    • Drivers
    • Sectors
    • System
    are checked for scanning and press Scan.
Wait patiently and don't do anything on your machine while MBAR goes through your system!
  • If no infection is found, just close the tool.
  • If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.
When finished (either with or without cleanup), please navigate to the MBAR directory.

Search there for these two files:

> mbar-log-date(time).txt

> system-log.txt

Please include the content of both files in your reply.

Link to post
Share on other sites

Here are both files as requested.  Just so you know, this result was my second scan today with antirootkit.  First scan today showed a malware result.  I cleaned it but then the window closed and did not prompt me to restart my computer.  So I rescanned and here are the clean results.  Please let me know the next steps at your earliest convenience.  Thanks!

 

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org

Database version: v2014.11.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Ryan :: RYAN-PC [administrator]

11/13/2014 8:29:51 AM
mbar-log-2014-11-13 (08-29-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 361680
Time elapsed: 19 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.013000 GHz
Memory total: 4025802752, free: 1808654336

Downloaded database version: v2014.11.13.06
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
------------ Kernel report ------------
     11/13/2014 08:29:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys
\SystemRoot\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
\SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20141112.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20141107.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\L6TPortB64.sys
\SystemRoot\System32\Drivers\STREAM.SYS
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141112.037\EX64.SYS
\??\C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141112.037\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007334060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xfffffa8007329b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80045d8410
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005d\
Lower Device Object: 0xfffffa80041c0240
Lower Device Driver Name: \Driver\nvstor64\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80045d8410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80045d9b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80045d8410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80041c5e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80041c0240, DeviceName: \Device\0000005d\, DriverName: \Driver\nvstor64\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1227192320

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1227399168  Numsec = 22861824

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8007334060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007335040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007334060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007329b60, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

Link to post
Share on other sites

Malware removal takes multiple steps which can't be done in a way you think. I need to review the logs after each of your steps to be sure what to do and which tool should be used.

Sorry, but there isn't any forum-based way to speed it up. I am not a magician with a magic wand.

I can still see some more work to be done here. Please re-run FRST with the scan option. Post the generated logfile.

Link to post
Share on other sites

Be more thorough when following the procedures. If I will need some another logs and/or options, I will let you know :)

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
Link to post
Share on other sites

please be more explicitly clear on your instructions so that I can follow them more accurately.  when you say 'Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!'  do you mean frst.txt or frst.exe?  also, i tried every combo and put them in the same folder on my desktop, hit fix and it still is saying both have to be in the same location.  please advise.  thanks

Link to post
Share on other sites

i figured it out.  here is the requested log...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
Ran by Ryan at 2014-11-14 08:06:28 Run:1
Running from C:\Users\Ryan\Desktop\FRST FOLDER
Loaded Profile: Ryan (Available profiles: Ryan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mysearchlinks.com/
SearchScopes: HKLM - DefaultScope {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=
SearchScopes: HKLM - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir=
SearchScopes: HKLM - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=
SearchScopes: HKCU - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir=
SearchScopes: HKCU - {9AD1DDCA-9138-4F37-8542-E774CE72FEDC} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
SearchScopes: HKCU - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {EFBAA18C-764F-4320-A142-84ACC4C3AF65} URL = http://search.usatoday.com/search/search.aspx?qt=news%2Cyss%2Cweb%2Crel%2Cimg%2Ctop10%2Ckmatch&nr=5&s=sb&kw={searchTerms}
Toolbar: HKU\S-1-5-21-3275123363-4289498944-2812251985-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
FF DefaultSearchEngine: Lasaoren
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Lasaoren
FF Homepage: hxxp://lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2xzuyetn2y1l1qzu0etd0c0bye0eyb0d0czyydzytbtctbtdtn0d0tzu0stctdyeybtn1l2xzutatfyctftctftdtn1l1czutcyetbzytdyd1v1ttn1l1g1b1v1n2y1l1qzu2syc0c0btayd0fzyyetgzztb0etbtgzzyezztctgybyctcyetgtctatczzzyybtctb0b0b0ftd2qtn1m1f1b2z1v1n2y1l1qzu2stcybzz0byc0byd0atg0dtd0e0ctgyetd0a0etgzyybyezztg0eyd0fta0d0dta0ftdzzzyye2q&cr=90030310&ir=
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\user.js
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\Lasaoren.xml
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: Lasaoren - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{0760faf4-8d0b-49d1-bbac-d05eb1ac32c7}.xpi [2014-11-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found]
CHR HomePage: Default -> hxxp://Lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=
CHR StartupUrls: Default -> "hxxp://Lasaoren.com/?f=7&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=","hxxp://astromenda.com/?f=7&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir="
CHR DefaultSearchKeyword: Default -> Lasaoren.com
CHR DefaultSearchURL: Default -> http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
2014-11-12 13:17 - 2014-11-12 13:17 - 00000044 _____ () C:\Users\Ryan\AppData\Roaming\WB.CFG
2014-11-12 12:22 - 2014-11-12 12:22 - 00001164 _____ () C:\Users\Ryan\Desktop\Continue Free Download Installation.lnk
2014-11-12 12:16 - 2014-11-12 17:09 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-11-12 12:16 - 2014-11-12 12:16 - 24489269 _____ () C:\Users\Ryan\Downloads\setup_free.exe
2014-11-12 12:13 - 2014-11-12 12:13 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup(1).exe
2014-11-12 12:12 - 2014-11-12 12:12 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup.exe
EmptyTemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}" => Key deleted successfully.
"HKCR\CLSID\{5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCA70054-9FB7-46C4-A32D-B64843035997}" => Key deleted successfully.
"HKCR\CLSID\{CCA70054-9FB7-46C4-A32D-B64843035997}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CCA70054-9FB7-46C4-A32D-B64843035997}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CCA70054-9FB7-46C4-A32D-B64843035997}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}" => Key deleted successfully.
"HKCR\CLSID\{5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9AD1DDCA-9138-4F37-8542-E774CE72FEDC}" => Key deleted successfully.
"HKCR\CLSID\{9AD1DDCA-9138-4F37-8542-E774CE72FEDC}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
"HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCA70054-9FB7-46C4-A32D-B64843035997}" => Key deleted successfully.
"HKCR\CLSID\{CCA70054-9FB7-46C4-A32D-B64843035997}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFBAA18C-764F-4320-A142-84ACC4C3AF65}" => Key deleted successfully.
"HKCR\CLSID\{EFBAA18C-764F-4320-A142-84ACC4C3AF65}" => Key not found.
HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.3 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\user.js => Moved successfully.
C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\Lasaoren.xml => Moved successfully.
C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\safesearch.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml => Moved successfully.
C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{0760faf4-8d0b-49d1-bbac-d05eb1ac32c7}.xpi => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} => value deleted successfully.
FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found] not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
C:\Users\Ryan\AppData\Roaming\WB.CFG => Moved successfully.
C:\Users\Ryan\Desktop\Continue Free Download Installation.lnk => Moved successfully.
C:\ProgramData\BoostSoftware => Moved successfully.
C:\Users\Ryan\Downloads\setup_free.exe => Moved successfully.
C:\Users\Ryan\Downloads\Free_Download_Setup(1).exe => Moved successfully.
C:\Users\Ryan\Downloads\Free_Download_Setup.exe => Moved successfully.
EmptyTemp: => Removed 7.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

Hi :)

We will talk about protection when we will be completely done here. I think that you may use your machine in a regular manner, however please perform my instructions until I will say that it's over :)

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/15/2014
Scan Time: 11:50:29 AM
Logfile: scanlog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.15.07
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ryan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362275
Time Elapsed: 21 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3275123363-4289498944-2812251985-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [00e93109700c7eb8b52c1759a75c6997],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3275123363-4289498944-2812251985-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [f2f7e95186f6ef4761b895f20bf9e51b],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3275123363-4289498944-2812251985-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0B1N2X1N1T2Z, Quarantined, [f2f7e95186f6ef4761b895f20bf9e51b]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hi :)

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=40e678ff0699a84894f780eeac8e7840

# engine=21122

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-11-17 10:08:10

# local_time=2014-11-17 02:08:10 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Norton 360'

# compatibility_mode=3598 16777213 100 100 1927282 166794986 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 66 85 41844914 167762340 0 0

# scanned=378149

# found=7

# cleaned=0

# scan_time=9861

sh=5FF255137383AE008087E082E8FC6570FBF9E10B ft=1 fh=c4e7e8afaf66996d vn="a variant of Win32/InstallCore.RA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ryan\Downloads\Free_Download_Setup(1).exe.xBAD"

sh=5FF255137383AE008087E082E8FC6570FBF9E10B ft=1 fh=c4e7e8afaf66996d vn="a variant of Win32/InstallCore.RA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Ryan\Downloads\Free_Download_Setup.exe.xBAD"

sh=526C685B52444130CD450DEC45826528AD21DFB2 ft=1 fh=8cfb9e08e6192fa7 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\ProgramData\Ask\APN-Stub\AD5\APNIC.dll"

sh=526C685B52444130CD450DEC45826528AD21DFB2 ft=1 fh=8cfb9e08e6192fa7 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\All Users\Ask\APN-Stub\AD5\APNIC.dll"

sh=7B72AFE25646A2C7EC2CBC1C016C3A32C27800C6 ft=1 fh=262b74e235ac33dc vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Ryan\Downloads\Misc. Downloads\PIP267_AVR12_.exe"

sh=AF9F877375157D5DFCA5938FFDFDC0C54452F1E1 ft=1 fh=0e06d07073e5e682 vn="a variant of Win32/Adware.iBryte.D application" ac=I fn="C:\Users\Ryan\Downloads\Misc. Downloads\Setup(1).exe"

sh=A038A9AA2617415D3551A508788045D8D6CE07DF ft=1 fh=04922188d727ed5b vn="a variant of Win32/Adware.iBryte.D application" ac=I fn="C:\Users\Ryan\Downloads\Misc. Downloads\Setup.exe"
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.90  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton 360 Premier Edition   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Flash Cookie Cleaner   

 JavaFX 2.1.0    

 Java 6 Update 26  

 Java 7 Update 51  

 Java version out of Date! 

 Adobe Flash Player 15.0.0.223  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox (33.1) 

 Google Chrome (38.0.2125.104) 

 Google Chrome (38.0.2125.111) 

 Google Chrome (chrome.exe..) 

 Google Chrome (debug.log..) 

 Google Chrome (Dictionaries...) 

````````Process Check: objlist.exe by Laurent````````  

 QuickBooks Online Backup OnlineBackup.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Hello :)

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startC:\ProgramData\AskC:\Users\All Users\AskC:\Users\Ryan\Downloads\Misc. Downloads\PIP267_AVR12_.exeC:\Users\Ryan\Downloads\Misc. Downloads\Setup(1).exeC:\Users\Ryan\Downloads\Misc. Downloads\Setup.exeend
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.

updates.png Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.

Your logs clearly indicate that some of your software needs updating.

javacup.png Updating Java manually

  • Click the Start button
  • Click Control Panel
  • Double click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed.
  • If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
  • From Control panel also please remove any older versions of Java - do not leave them installed!.
Adobe_Reader_v9-0_icon.png Updating Adobe manually
  • Visit Adobe website.
  • You will see a download option there for the newest Adobe Acrobat version.
  • In the center part you will be prompted to install McAfee Security Scan Plus or Google Chrome (depending on your locale) as a free program. This is foistware. Remember to leave the box for it UNCHECKED.
  • Click on Install, save the file to a convenient location, double-click it and follow the prompts.
Remember to keep your software always updated.
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014

Ran by Ryan at 2014-11-19 22:11:48 Run:2

Running from C:\Users\Ryan\Desktop\FRST FOLDER

Loaded Profile: Ryan (Available profiles: Ryan)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

C:\ProgramData\Ask

C:\Users\All Users\Ask

C:\Users\Ryan\Downloads\Misc. Downloads\PIP267_AVR12_.exe

C:\Users\Ryan\Downloads\Misc. Downloads\Setup(1).exe

C:\Users\Ryan\Downloads\Misc. Downloads\Setup.exe

end

*****************

 

C:\ProgramData\Ask => Moved successfully.

"C:\Users\All Users\Ask" => File/Directory not found.

C:\Users\Ryan\Downloads\Misc. Downloads\PIP267_AVR12_.exe => Moved successfully.

C:\Users\Ryan\Downloads\Misc. Downloads\Setup(1).exe => Moved successfully.

C:\Users\Ryan\Downloads\Misc. Downloads\Setup.exe => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Hi and sorry for the delay, my network connection went south.

51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
Include it for my review.

Please also manually reboot your machine after posting your logfile.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.