MaddogMurch Posted November 19, 2014 ID:910136 Share Posted November 19, 2014 Hi, I am not really sure if Amazon Smart Search is malware or a virus or a browser hijack as i am not a very computer literate person. But whenever i enter something into the google search bar or the main search bar in firefox or IE and if it's something amazon might sell it takes me to amazon.If i enter something they don't sell such as a game site like LOTRO then it doesn't happen.Also all my bookmarks work fine. I have run a full (thorough) virus scan and run malwarebytes premium and neither have found anything wrong. Also there is nothing in extensions or apps in firefox and nothing that i see when i look at the program list in widows or in the uninstall programs area in control panel. I guess i am stumped. I don't see how i can have clicked on something to always take me to amazon, hehe. Anyone have any ideas why this is happening. Thanks Link to post Share on other sites More sharing options...
LiquidTension Posted November 19, 2014 ID:910182 Share Posted November 19, 2014 Hello MaddogMurch, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed. ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible.Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.If you are unable to copy/paste your logs directly into your post, please attach the file. Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.Ensure you are following this topic. Click at the top of the page. ====================================================== I am not really sure if Amazon Smart Search is malware or a virus or a browser hijack as i am not a very computer literate person.It's most likely "installed" as a search scope in your browser. Amazon Smart Search isn't considered malware; more of a PUP (Potentially Unwanted Programme)/PUM (Potentially Unwanted Modification). Some people want it, others don't. Lets run through a few scans, and see what shows up. STEP 1 AdwCleanerPlease download AdwCleaner and save the file to your Desktop.Right-Click AdwCleaner.exe and select Run as administrator to run the programme.Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. STEP 2 Farbar Recovery Scan Tool (FRST) ScanPlease download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. STEP 3 Junkware Removal Tool (JRT)Please download Junkware Removal Tool and save the file to your Desktop.Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click JRT.exe and select Run as administrator to run the programme.Follow the prompts and allow the scan to run uninterrupted. Upon completion, a log (JRT.txt) will open on your desktop.Re-enable your anti-virus software.Copy the contents of JRT.txt and paste in your next reply. ====================================================== STEP 4 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.AdwCleaner[s0].txtFRST.txtAddition.txtJRT.txt Link to post Share on other sites More sharing options...
MaddogMurch Posted November 19, 2014 Author ID:910270 Share Posted November 19, 2014 Hi Adam, First let me thank you for the help and quick response.Here are the logs you requested.AdwClean# AdwCleaner v4.101 - Report created 19/11/2014 at 12:29:59# Updated 09/11/2014 by Xplode# Database : 2014-11-16.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : supersteve - SUPERSTEVE-PC# Running from : C:\Users\supersteve\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****File Deleted : C:\Users\supersteve\AppData\Roaming\Mozilla\Firefox\Profiles\xxutjgud.default-1394740258191\user.js***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}Key Deleted : HKCU\Software\AstromendaKey Deleted : HKCU\Software\BRSKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17420-\\ Mozilla Firefox v33.1.1 (x86 en-US)-\\ Google Chrome v39.0.2171.65[C:\Users\supersteve\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\supersteve\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}*************************AdwCleaner[R0].txt - [2462 octets] - [19/11/2014 12:28:53]AdwCleaner[s0].txt - [2090 octets] - [19/11/2014 12:29:59]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2150 octets] ##########=============FRST64Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014Ran by supersteve (administrator) on SUPERSTEVE-PC on 19-11-2014 12:37:04Running from C:\Users\supersteve\DesktopLoaded Profile: supersteve (Available profiles: supersteve)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(ASUS) C:\Windows\AsScrPro.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-16] (Realtek Semiconductor)HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-09-23] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [sonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)HKLM-x32\...\Run: [updateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-18] (AVAST Software)HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1126416 2014-10-10] (AVG Technologies CZ, s.r.o.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnkShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\supersteve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnkShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-2320190360-1033891084-2137088505-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKU\S-1-5-21-2320190360-1033891084-2137088505-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.comStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-2320190360-1033891084-2137088505-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76FireFox:========FF ProfilePath: C:\Users\supersteve\AppData\Roaming\Mozilla\Firefox\Profiles\xxutjgud.default-1394740258191FF DefaultSearchEngine: Amazon.comFF SelectedSearchEngine: Amazon.comFF Homepage: hxxp://www.lotro.com/en?FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: googlebar - C:\Users\supersteve\AppData\Roaming\Mozilla\Firefox\Profiles\xxutjgud.default-1394740258191\Extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}.xpi [2014-11-18]FF Extension: Adblock Plus - C:\Users\supersteve\AppData\Roaming\Mozilla\Firefox\Profiles\xxutjgud.default-1394740258191\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-21]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-24]FF Extension: No Name - wrc@avast.com [Not Found]Chrome:=======CHR StartupUrls: Default -> "hxxp://www.google.com"CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)CHR Plugin: (Default Plug-in) - default_plugin No FileCHR Profile: C:\Users\supersteve\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\supersteve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-18]CHR Extension: (YouTube) - C:\Users\supersteve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-24]CHR Extension: (Google Search) - C:\Users\supersteve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-24]CHR Extension: (Avast Online Security) - C:\Users\supersteve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-18]CHR Extension: (Google Wallet) - C:\Users\supersteve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-18]CHR Extension: (Gmail) - C:\Users\supersteve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-24]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-18]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-18] (Avast Software)R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [857616 2014-10-10] (AVG Technologies CZ, s.r.o.)S4 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)S4 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-18] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-18] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-18] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-18] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-18] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-18] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-18] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-18] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-18] ()R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-19] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-18] (Avast Software)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-19 12:36 - 2014-11-19 12:36 - 00000197 _____ () C:\Windows\system32\2014-11-19-20-36-15.022-AvastVBoxSVC.exe-5136.log2014-11-19 12:34 - 2014-11-19 12:37 - 00017806 _____ () C:\Users\supersteve\Desktop\FRST.txt2014-11-19 12:34 - 2014-11-19 12:37 - 00000000 ____D () C:\FRST2014-11-19 12:32 - 2014-11-19 12:32 - 00002250 _____ () C:\Users\supersteve\Desktop\AdwCleaner[s0].txt2014-11-19 12:28 - 2014-11-19 12:29 - 00000000 ____D () C:\AdwCleaner2014-11-19 12:27 - 2014-11-19 12:27 - 02117120 _____ (Farbar) C:\Users\supersteve\Desktop\FRST64.exe2014-11-19 12:27 - 2014-11-19 12:27 - 01707532 _____ (Thisisu) C:\Users\supersteve\Desktop\JRT.exe2014-11-19 12:26 - 2014-11-19 12:26 - 02140160 _____ () C:\Users\supersteve\Desktop\AdwCleaner.exe2014-11-18 14:44 - 2014-11-18 14:44 - 36480824 _____ () C:\Users\supersteve\Downloads\Firefox Setup 33.1.1.exe2014-11-18 14:44 - 2014-11-18 14:44 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2014-11-18 14:44 - 2014-11-18 14:44 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2014-11-18 14:20 - 2014-11-18 14:20 - 00000247 _____ () C:\Windows\system32\2014-11-18-22-20-04.045-aswFe.exe-4804.log2014-11-18 14:15 - 2014-11-18 14:19 - 00000247 _____ () C:\Windows\system32\2014-11-18-22-15-46.083-aswFe.exe-6104.log2014-11-18 14:15 - 2014-11-18 14:15 - 00000197 _____ () C:\Windows\system32\2014-11-18-22-15-39.060-AvastVBoxSVC.exe-6364.log2014-11-18 14:13 - 2014-11-18 14:13 - 00034314 _____ () C:\Users\supersteve\Desktop\bookmarks-2014-11-18.json2014-11-18 13:25 - 2014-11-18 13:49 - 00000000 ____D () C:\Windows\SysWOW64\vbox2014-11-18 13:25 - 2014-11-18 13:49 - 00000000 ____D () C:\Windows\system32\vbox2014-11-18 13:11 - 2014-11-18 13:11 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-11-18 13:11 - 2014-11-18 13:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-11-18 13:11 - 2014-11-18 13:11 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-11-18 13:11 - 2014-11-18 13:11 - 00001984 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk2014-11-18 13:11 - 2014-11-18 13:11 - 00001924 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk2014-11-18 13:11 - 2014-11-18 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2014-11-18 12:59 - 2014-11-18 12:59 - 00000000 __SHD () C:\Users\supersteve\AppData\Local\EmieUserList2014-11-18 12:59 - 2014-11-18 12:59 - 00000000 __SHD () C:\Users\supersteve\AppData\Local\EmieSiteList2014-11-18 12:59 - 2014-11-18 12:59 - 00000000 __SHD () C:\Users\supersteve\AppData\Local\EmieBrowserModeList2014-11-18 12:33 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-11-18 12:33 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll2014-11-18 12:33 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-11-18 12:33 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2014-11-15 15:53 - 2014-11-18 14:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-11-11 13:01 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-11-11 13:01 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-11-11 13:01 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-11-11 13:01 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-11-11 13:01 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-11-11 13:01 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-11-11 13:01 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-11-11 13:01 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-11-11 13:01 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-11-11 13:01 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-11-11 13:01 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-11-11 13:01 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-11-11 13:01 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-11-11 13:01 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-11-11 13:01 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-11-11 13:01 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-11-11 13:01 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-11-11 13:01 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-11-11 13:01 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-11-11 13:01 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-11-11 13:01 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-11-11 13:01 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-11-11 13:01 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-11-11 13:01 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-11-11 13:01 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-11-11 13:01 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-11-11 13:01 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-11-11 13:01 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-11-11 13:01 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-11-11 13:01 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-11-11 13:01 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-11-11 13:01 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-11-11 13:01 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-11-11 13:01 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-11-11 13:01 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-11-11 13:01 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-11-11 13:01 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-11 13:01 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-11-11 13:01 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-11-11 13:01 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-11-11 13:01 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-11-11 13:01 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-11-11 13:01 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-11-11 13:01 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-11-11 13:01 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-11-11 13:01 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-11-11 13:01 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-11-11 13:01 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-11-11 13:01 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-11-11 13:01 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-11-11 13:01 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-11-11 13:01 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-11-11 13:01 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-11-11 13:01 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-11-11 13:01 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-11-11 13:01 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-11-11 13:01 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-11-11 13:01 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-11-11 13:01 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-11-11 13:01 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-11-11 13:01 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-11-11 13:01 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-11-11 13:01 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2014-11-11 13:01 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2014-11-11 13:01 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-11-11 13:01 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-11-11 13:01 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-11 13:01 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-11 13:00 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-11-11 13:00 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-11 13:00 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2014-11-11 13:00 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-11 13:00 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-11-11 13:00 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-11-11 13:00 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-11-11 13:00 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-11-11 13:00 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-11-11 13:00 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-11-11 13:00 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-11-11 13:00 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-11-11 13:00 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-11 13:00 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-11 13:00 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-11 13:00 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-11-11 13:00 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-11-11 13:00 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-11-11 13:00 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-11-11 13:00 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-11-11 13:00 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-11-11 13:00 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-11-11 13:00 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-11 13:00 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-11-11 13:00 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-11-11 13:00 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-11-11 13:00 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-11-11 13:00 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-11-11 13:00 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-11-11 13:00 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-11 13:00 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-11-11 13:00 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2014-11-11 13:00 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL2014-11-09 10:08 - 2014-11-09 10:08 - 00000000 ____D () C:\Users\supersteve\AppData\Local\Adobe2014-10-27 11:46 - 2014-10-27 11:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-10-27 11:46 - 2014-10-27 11:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-10-27 11:46 - 2014-10-27 11:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-10-27 11:46 - 2014-10-27 11:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Program Files (x86)\Java==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-19 12:37 - 2011-11-28 18:46 - 01050785 _____ () C:\Windows\WindowsUpdate.log2014-11-19 12:34 - 2014-06-12 12:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-19 12:33 - 2012-07-26 06:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-11-19 12:32 - 2011-11-28 19:12 - 00001337 _____ () C:\Windows\system32\ServiceFilter.ini2014-11-19 12:31 - 2011-11-28 19:10 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe2014-11-19 12:31 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-19 12:30 - 2011-09-23 04:39 - 02022242 _____ () C:\Windows\PFRO.log2014-11-19 12:30 - 2009-07-13 20:51 - 00064346 _____ () C:\Windows\setupact.log2014-11-19 12:25 - 2012-05-28 02:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-18 15:00 - 2012-01-24 03:28 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-11-18 15:00 - 2012-01-24 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-11-18 14:44 - 2012-05-04 03:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-11-18 13:34 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-18 13:34 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-18 13:27 - 2009-07-13 21:13 - 00798804 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-18 13:17 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF2014-11-18 13:11 - 2014-05-07 16:14 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-11-18 13:11 - 2014-02-16 18:56 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-11-18 13:11 - 2013-03-20 09:24 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-11-18 13:11 - 2013-03-20 09:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-11-18 13:11 - 2012-07-26 06:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-11-18 13:11 - 2012-01-24 03:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-11-18 13:11 - 2012-01-24 03:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-11-18 13:11 - 2012-01-24 03:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-11-13 23:53 - 2009-07-13 21:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-11-11 15:25 - 2012-05-28 02:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-11 15:25 - 2012-05-28 02:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-11 15:25 - 2012-05-28 02:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-11 14:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache2014-11-11 13:18 - 2009-07-13 20:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-11 13:17 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-11-11 13:10 - 2013-08-16 11:55 - 00000000 ____D () C:\Windows\system32\MRT2014-11-11 13:08 - 2012-01-26 14:21 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-11-04 14:30 - 2012-01-24 03:35 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-27 12:41 - 2012-05-28 03:03 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler2014-10-27 11:48 - 2014-03-29 01:47 - 00000000 ____D () C:\ProgramData\Oracle2014-10-20 19:25 - 2014-09-07 06:05 - 00000896 _____ () C:\Users\Public\Desktop\AVG.lnk2014-10-20 19:25 - 2014-09-07 06:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ZenSome content of TEMP:====================C:\Users\supersteve\AppData\Local\Temp\Quarantine.exeC:\Users\supersteve\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-11-15 08:59==================== End Of Log ============================additionAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014Ran by supersteve at 2014-11-19 12:37:28Running from C:\Users\supersteve\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) HiddenAsmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.14 - ASUS)ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.22 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.3 - ASUS)ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0007 - ASUS)ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.3 - AsusTek Computer Inc.)ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)AsusScr_U46_ENG (HKLM-x32\...\AsusScr_U46_ENG) (Version: 1.0.0001 - ASUS)AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.6.125 - ASUSTEK)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)Avast Pro Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)AVG (HKLM\...\AvgZen) (Version: 1.0.387 - AVG Technologies)AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.519 - AVG) HiddenAVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)AVG PC TuneUp 2014 (x32 Version: 14.0.1001.519 - AVG) HiddenAVG Zen (Version: 1.0.387 - AVG Technologies) HiddenBest Buy pc app (HKU\S-1-5-21-2320190360-1033891084-2137088505-1000\...\e55b814e55744b76) (Version: 3.2.545.3 - Best Buy)Best Buy pc app (Version: 3.2.2.0 - Best Buy) HiddenBest Buy pc app (x32 Version: 3.2.2.0 - Best Buy) HiddenBing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDAOC-Charplan (HKLM-x32\...\DAOCCharplan) (Version: - )ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)FMW 1 (Version: 1.0.259 - AVG Technologies) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) HiddenIntel PROSet Wireless (x32 Version: - ) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2405 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Meridian 59 (HKLM-x32\...\Meridian 59) (Version: - )Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.8 - ASUS)Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.104 - TuneUp Software) HiddenTuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.4000.286 - TuneUp Software) HiddenVisual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points =========================24-10-2014 14:58:53 Windows Update27-10-2014 19:45:24 Installed Java 7 Update 7129-10-2014 19:28:09 Windows Update04-11-2014 20:15:53 Windows Update11-11-2014 21:00:30 Windows Update11-11-2014 21:07:30 Windows Update15-11-2014 16:34:37 Windows Update18-11-2014 20:31:43 Windows Update18-11-2014 20:34:06 Windows Update18-11-2014 21:10:13 avast! antivirus system restore point==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {0AA089E2-8501-4D04-8B48-4874DF25DF2C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-07-18] (ASUSTeK Computer Inc.)Task: {4620D164-22FA-463F-928C-A557304BE578} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-18] (AVAST Software)Task: {5A327D05-9D71-45CD-BCA1-15D1C048B770} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2011-01-24] ()Task: {5A4957E1-0AA8-4B35-8F8B-4F66E0A930BD} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)Task: {6C7B831B-42A5-4A4F-9F4D-ABDEEF50EED9} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)Task: {86C6262A-5402-4E81-8DE0-75BEB74DB608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24] (Google Inc.)Task: {97F5B3D5-2AD1-440F-AC93-012B538B02E1} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-20] (Adobe Systems Incorporated)Task: {988CABCE-D2F5-4993-8ABC-1ACDE65182B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24] (Google Inc.)Task: {A1CAD179-4FB5-4084-BF5F-D80CD83B9636} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-29] (ASUSTek Computer Inc.)Task: {ADC820B4-3BA5-491C-8B73-AAB310EDA92B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)Task: {EB2D0C47-015A-4BD7-A3B7-A6E7AD75F435} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)Task: {ECD21BE2-3D83-41D6-80E9-6E45E21A8D99} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {ED837396-E131-4EEA-9220-A2ECE4F67582} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)Task: {F3E486DD-B875-4193-9779-68346FB7F893} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2011-01-24 10:55 - 2011-01-24 10:55 - 00541696 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe2014-07-14 11:26 - 2014-07-14 11:26 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll2014-07-14 11:26 - 2014-07-14 11:26 - 00407864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tuavga.dll2011-10-31 02:05 - 2011-05-23 16:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-11-18 13:11 - 2014-11-18 13:11 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll2014-11-18 13:11 - 2014-11-18 13:11 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll2014-11-19 12:26 - 2014-11-19 12:26 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111901\algo.dll2014-11-18 13:11 - 2014-11-18 13:11 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll2011-07-18 15:27 - 2011-07-18 15:27 - 00203264 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll2011-05-30 13:48 - 2011-05-30 13:48 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll2009-11-02 14:20 - 2009-11-02 14:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll2009-11-02 14:23 - 2009-11-02 14:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll2014-11-18 13:11 - 2014-11-18 13:11 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-09-07 06:05 - 2014-09-07 06:05 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exeMSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s========================= Accounts: ==========================Administrator (S-1-5-21-2320190360-1033891084-2137088505-500 - Administrator - Disabled)Guest (S-1-5-21-2320190360-1033891084-2137088505-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2320190360-1033891084-2137088505-1002 - Limited - Enabled)supersteve (S-1-5-21-2320190360-1033891084-2137088505-1000 - Administrator - Enabled) => C:\Users\supersteve==================== Faulty Device Manager Devices =============Name: USB2.0 UVC VGA WebCamDescription: USB Video DeviceClass Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: MicrosoftService: usbvideoProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (11/19/2014 00:36:46 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program FRST64.exe version 19.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 14a4Start Time: 01d00438342712c7Termination Time: 16Application Path: C:\Users\supersteve\Desktop\FRST64.exeReport Id: c3fa517c-702b-11e4-84ca-5404a647b608Error: (11/15/2014 09:18:21 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 00:47:55 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 11:46:52 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 11:26:49 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 10:55:21 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 10:06:40 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 07:25:52 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 05:45:05 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 05:32:22 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).System errors:=============Error: (11/19/2014 00:30:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly.Module Path: C:\Windows\System32\IWMSSvc.dllError: (11/19/2014 00:30:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly.Module Path: C:\Windows\System32\IWMSSvc.dllError: (11/19/2014 00:30:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly.Module Path: C:\Windows\System32\IWMSSvc.dllError: (11/19/2014 00:30:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly.Module Path: C:\Windows\System32\IWMSSvc.dllError: (11/19/2014 00:30:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).Error: (11/19/2014 00:29:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).Error: (11/19/2014 00:29:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error: (11/19/2014 00:29:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.Error: (11/19/2014 00:29:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Intel® Turbo Boost Technology Monitor 2.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.Error: (11/19/2014 00:29:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).Microsoft Office Sessions:=========================Error: (11/19/2014 00:36:46 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: FRST64.exe19.11.2014.014a401d00438342712c716C:\Users\supersteve\Desktop\FRST64.exec3fa517c-702b-11e4-84ca-5404a647b608Error: (11/15/2014 09:18:21 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 00:47:55 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 11:46:52 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 11:26:49 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 10:55:21 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 10:06:40 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 07:25:52 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 05:45:05 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).Error: (11/14/2014 05:32:22 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: HTTP status 404: The requested URL does not exist on the server. ErrorCode: 14007(0x36b7).==================== Memory info ===========================Processor: Intel® Core i5-2450M CPU @ 2.50GHzPercentage of memory in use: 42%Total physical RAM: 6049.14 MBAvailable physical RAM: 3499.59 MBTotal Pagefile: 12096.45 MBAvailable Pagefile: 9536.98 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:673.64 GB) (Free:615.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E3102A4B)Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)Partition 2: (Active) - (Size=673.6 GB) - (Type=07 NTFS)==================== End Of Log ============================JRT~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.9 (11.15.2014:2)OS: Windows 7 Home Premium x64Ran by supersteve on Wed 11/19/2014 at 12:38:39.71~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry Keys~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\best buy pc app"Successfully deleted: [Folder] "C:\Users\supersteve\appdata\local\best buy pc app"~~~ FireFoxEmptied folder: C:\Users\supersteve\AppData\Roaming\mozilla\firefox\profiles\xxutjgud.default-1394740258191\minidumps [37 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 11/19/2014 at 12:45:21.50End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
LiquidTension Posted November 20, 2014 ID:910484 Share Posted November 20, 2014 Hello, Please let me know if there are any outstanding issues after completing the steps below. STEP 1 Revo UninstallerPlease download and install Revo Uninstaller Free.Double-click Revo Uninstaller to run the programme. From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.AVGAVG PC TuneUp 2014AVG ZenBest Buy pc appDouble-click the programme. When prompted if you want to uninstall click Yes.Ensure the Moderate option is selected and click Next.The programme uninstaller will run. If prompted again click Yes.Work your way through the uninstaller, ensuring you read each page thoroughly.Note: Ensure you decline offers of additional software if applicable. Once the built-in uninstaller is finished click Next.Once the programme has searched for leftovers click Next.Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.When prompted click Yes, followed by Next.Click Select all, followed by Delete.When prompted click Yes, followed by Next.Once done click Finish. STEP 2 Farbar Recovery Scan Tool (FRST) ScriptPress the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document.start(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-2320190360-1033891084-2137088505-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileFF DefaultSearchEngine: Amazon.comFF SelectedSearchEngine: Amazon.comFF Extension: No Name - wrc@avast.com [Not Found]R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)Task: {5A4957E1-0AA8-4B35-8F8B-4F66E0A930BD} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)C:\Program Files (x86)\AVGCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:endClick File, Save As and type fixlist.txt as the File Name. Important: The file must be saved in the same location as FRST64.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.Right-Click FRST64.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. STEP 3 Malwarebytes Anti-Malware (MBAM)Open Malwarebytes Anti-Malware and click Update Now.Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.Click the Scan tab, ensure Threat Scan is checked and click Scan Now.Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.Click Copy to Clipboard and paste the log in your next reply. ====================================================== STEP 4 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.Did the programmes uninstall OK?Fixlog.txtMBAM logAre there any outstanding issues? Link to post Share on other sites More sharing options...
MaddogMurch Posted November 20, 2014 Author ID:910551 Share Posted November 20, 2014 Hi Adam, Thanks for another quick response. All the programs uninstalled perfectly. and this may be a dumb question but do i need to reinstallAVG pctuneup?or is it not worht the effort? Thanks again. everything is running fine now :] here are the logs: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014Ran by supersteve at 2014-11-20 13:33:01 Run:1Running from C:\Users\supersteve\Desktop\GoodiesLoaded Profile: supersteve (Available profiles: supersteve)Boot Mode: Normal==============================================Content of fixlist:*****************start(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-2320190360-1033891084-2137088505-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileFF DefaultSearchEngine: Amazon.comFF SelectedSearchEngine: Amazon.comFF Extension: No Name - wrc@avast.com [Not Found]R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)Task: {5A4957E1-0AA8-4B35-8F8B-4F66E0A930BD} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)C:\Program Files (x86)\AVGCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end*****************C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe => No running process foundC:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe => No running process foundHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKU\S-1-5-21-2320190360-1033891084-2137088505-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully."HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully."HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.Firefox DefaultSearchEngine deleted successfully.Firefox SelectedSearchEngine deleted successfully.FF Extension: No Name - wrc@avast.com [Not Found] not found.TuneUp.UtilitiesSvc => Service not found.TuneUpUtilitiesDrv => Service not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A4957E1-0AA8-4B35-8F8B-4F66E0A930BD}" => Key not found.C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013" => Key not found.C:\Program Files (x86)\AVG => Moved successfully.========= ipconfig /flushdns =========Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========= End of CMD: ================== netsh winsock reset all =========Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset.========= End of CMD: ================== netsh int ipv4 reset =========Reseting Global, OK!Reseting Interface, OK!Reseting Unicast Address, OK!Restart the computer to complete this action.========= End of CMD: ================== netsh int ipv6 reset =========Reseting Interface, OK!Restart the computer to complete this action.========= End of CMD: =========EmptyTemp: => Removed 96.5 MB temporary data.The system needed a reboot.==== End of Fixlog ==== MBAMMalwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 11/20/2014Scan Time: 1:38:08 PMLogfile: mbam.txtAdministrator: YesVersion: 2.00.3.1025Malware Database: v2014.11.20.08Rootkit Database: v2014.11.18.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: supersteveScan Type: Threat ScanResult: CompletedObjects Scanned: 323301Time Elapsed: 11 min, 15 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 3PUP.Optional.Vosteran.A, HKU\S-1-5-21-2320190360-1033891084-2137088505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_vosteran, Quarantined, [7dc20b3259238caa3855aa0b887c0bf5],PUP.Optional.InstallCore.A, HKU\S-1-5-21-2320190360-1033891084-2137088505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [013ee15cf785f73f422aa7cfc340a759],PUP.Optional.InstallCore.A, HKU\S-1-5-21-2320190360-1033891084-2137088505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [f34ce25b97e557df7c25484440c47090],Registry Values: 1PUP.Optional.InstallCore.A, HKU\S-1-5-21-2320190360-1033891084-2137088505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R2Y1I1P1N0J1U1C, Quarantined, [f34ce25b97e557df7c25484440c47090]Registry Data: 1PUP.Optional.Vosteran.A, HKU\S-1-5-21-2320190360-1033891084-2137088505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://Vosteran.com/?f=1&a=vst_secureddownload_14_47_ff&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCyDzytCtC0B0D0B0BtDtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0E0EtByE0BtDyCtG0E0Azy0CtG0F0E0C0DtGtA0E0DtCtGtA0DyCtAtC0FtB0CyDzz0C0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtCzy0B0DyC0DtGtCtBtB0EtGyE0Azy0AtGzzyB0CtDtGyDzz0A0AyEyDtAyByBtD0CyC2Q&cr=533465760&ir=, Good: (www.google.com), Bad: (http://Vosteran.com/?f=1&a=vst_secureddownload_14_47_ff&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCyDzytCtC0B0D0B0BtDtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0E0EtByE0BtDyCtG0E0Azy0CtG0F0E0C0DtGtA0E0DtCtGtA0DyCtAtC0FtB0CyDzz0C0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtCzy0B0DyC0DtGtCtBtB0EtGyE0Azy0AtGzzyB0CtDtGyDzz0A0AyEyDtAyByBtD0CyC2Q&cr=533465760&ir=),Replaced,[49f6da63cdaf9a9cd79db59c0cf93ac6] Folders: 5PUP.Optional.Vosteran.A, C:\Users\supersteve\AppData\Roaming\WSE_Vosteran, Quarantined, [2d125ce12e4e171fd2f630075ca75aa6],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran, Quarantined, [cc73ab924537f44209c29e99897ab848],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran\User Data, Quarantined, [cc73ab924537f44209c29e99897ab848],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran\User Data\Default, Quarantined, [cc73ab924537f44209c29e99897ab848],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran\User Data\Default\Local Storage, Quarantined, [cc73ab924537f44209c29e99897ab848],Files: 10PUP.Optional.Vosteran.A, C:\Windows\Tasks\WSE_Vosteran.job, Quarantined, [a59a83baaad28fa77218cde8768ef808],PUP.Optional.Vosteran.A, C:\Windows\System32\Tasks\WSE_Vosteran, Quarantined, [122d7bc2255751e5385306af52b212ee],PUP.Optional.Vosteran.A, C:\Users\supersteve\AppData\Roaming\Mozilla\Firefox\Profiles\xxutjgud.default-1394740258191\searchplugins\Vosteran.xml, Quarantined, [c47be8554c30d95deaa6fbbac143cf31],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran\User Data\Default\Bookmarks, Quarantined, [cc73ab924537f44209c29e99897ab848],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran\User Data\Default\Cookies, Quarantined, [cc73ab924537f44209c29e99897ab848],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran\User Data\Default\History, Quarantined, [cc73ab924537f44209c29e99897ab848],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_oilkkkefbalmbfppgjmgjoefbclebkce_0.localstorage, Quarantined, [cc73ab924537f44209c29e99897ab848],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, Quarantined, [cc73ab924537f44209c29e99897ab848],PUP.Optional.Vosteran, C:\Users\supersteve\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal, Quarantined, [cc73ab924537f44209c29e99897ab848],PUP.Optional.Vosteran.A, C:\Users\supersteve\AppData\Roaming\Mozilla\Firefox\Profiles\xxutjgud.default-1394740258191\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://Vosteran.com/?f=1&a=vst_secureddownload_14_47_ff&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCyDzytCtC0B0D0B0BtDtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0E0EtByE0BtDyCtG0E0Azy0CtG0F0E0C0DtGtA0E0DtCtGtA0DyCtAtC0FtB0CyDzz0C0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtCzy0B0DyC0DtGtCtBtB0EtGyE0Azy0AtGzzyB0CtDtGyDzz0A0AyEyDtAyByBtD0CyC2Q&cr=533465760&ir="),Replaced,[aa957cc12557ab8b6934b2d6e71ecb35] Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
LiquidTension Posted November 21, 2014 ID:910696 Share Posted November 21, 2014 Hello, and this may be a dumb question but do i need to reinstallAVG pctuneup?or is it not worht the effort?No, I would not advise you install any form of "tune up" software. Registry cleaners, optimization tools and tune up progammes that claim to speed up your computer should be avoided, and are potentially dangerous. By running a registry cleaner you risk rendering your machine unbootable. There is no statistical evidence to back claims that cleaning the registry will improve performance. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.Some registry cleaners employ aggressive cleaning routines that may cause substantial damage to your system, and could render your machine unbootable.Not all registry cleaners backup the registry. If an issue arises you may not have a backup to rely on.The usefulness of cleaning the registry is disputable; there is no statistical evidence to support the claim that cleaning the registry will improve system performance. Please refer to the following article on why you should not use registry cleaner software. I suggest reading why Microsoft does not support the use of registry cleaners as well. ---------------- Update the following software:Adobe Flash Player (uncheck the "Optional Offer")Java (watch out for "Optional Offers" or bundled software)Ensure the following programmes are no longer installed:Java 7 Update 71JavaFX 2.1.0 All Clean!Congratulations, your computer appears clean! I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. DelFixPlease download DelFix and save the file to your Desktop.Double-click DelFix.exe to run the programme.Place a checkmark next to the following items:Activate UACRemove disinfection toolsCreate registry backupPurge system restoreReset system settingsClick the Run button.-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete). ====================================================== I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.Answers to common security questions - Best Practices by quietman7, MVPHow Malware Spreads - How did I get infected? by quietman7, MVPSimple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVPHow to Prevent Malware by miekiemoes, MVPHow to backup and restore your data using Cobian Backup by YourHighnessSlow Computer/browser? It May Not Be Malware by quietman7, MVP The following programmes come highly recommended in the security community. AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), preventing your files from being encrypted. Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software. Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution. NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you. SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies. Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above. ====================================================== Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. Thank you for using Malwarebytes. Safe Surfing. Adam Link to post Share on other sites More sharing options...
MaddogMurch Posted November 21, 2014 Author ID:911073 Share Posted November 21, 2014 Hi Adam, Ran DelFix as you said. i got rid of the 2 files for java also. Everything is fine and working great. I won't reinstall the other programs after your suggestion and reading the articles. Thanks again----donation sent Link to post Share on other sites More sharing options...
LiquidTension Posted November 21, 2014 ID:911076 Share Posted November 21, 2014 Hello, I'm very glad to hear all is well.Thanks again----donation sentThank you very much. I will mark this topic as solved. All the best, Adam Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 21, 2014 Root Admin ID:911141 Share Posted November 21, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts