Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Very Aggressive Tuvaro Adware Virus! [Solved]

Tuvaro Goobzo iWebar ShopperPro Adware Virus Search GBUpdate YTDownloader

  • This topic is locked This topic is locked

#1
Spencer4134

Spencer4134

    Member

  • Member
  • PipPip
  • 57 posts

Windows 8.1 Toshiba Laptop: I have the Tuvaro adware virus. And from what I understand, it often includes iWebar, ShopperPro, and YTDownloader. I used to have all of those. But I have run several adware/malware/virus removal programs and no longer have them. The problem is, Tuvaro keeps being set as my home page. I have found that this is caused by an application called GBUpdate. I have located the file (C:/Program Files/Common Files/Goobzo/GBUpdate/smp.exe) and know that it is altering the properties of my web browsers to redirect to www-search.net, no matter what the homepage is. I have noticed that if I erase the redirect and restart my computer, the smp.exe runs in the command prompt and puts it back. None of my adware/malware/virus removal programs have detected this file. From seeing everywhere that the above adwares have been, I am refraining from simply deleting it because I am worried it is in other places too. I have the log files from Adware Removal Tool, AdwCleaner, HitmanPro, Junkware Removal Tool (JRT), OTL from OldTimer, And Zoek. I can't seem to find where the MalwareBytes logs are. Please tell me which logs are needed and I will post them. I have made a temporary fix by blocking the smp.exe process with Bitdefender. But I want to make sure this is out of my files, registry, Add-Ons, and everywhere else, because it KEEPS COMING BACK.

 

Also, I believe it still is generating ads in my web browsers, and seems to continuously add files to the registry.

 

I have subscribed to the microsoft remote assistance help and will go to them as well.

 

Any advice is greatly appreciated


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :wave: and welcome to GeeksToGo! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a fresh look at your system with FRST and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

  • 0

#3
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Bowplus (administrator) on CBSTOSH on 07-08-2014 12:02:41
Running from C:\Users\Bowplus\Desktop\PC Repair Tools
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1569536 2014-08-05] (Bitdefender)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [814064 2014-08-05] (Bitdefender)
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2F436636-E538-4692-912F-207099FB0E90} URL = http://www.bing.com/...=IE11TR&pc=TNJB
SearchScopes: HKCU - {2F436636-E538-4692-912F-207099FB0E90} URL =
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Bowplus\AppData\Roaming\Mozilla\Firefox\Profiles\far87mnr.default-1407361548559
FF Homepage: hxxp://www.memotoo.com/
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-06-06] (Bitdefender)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-06-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1513952 2014-08-05] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2013-07-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-11-19] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
U0 SR;
U2 srservice;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 12:02 - 2014-08-07 12:02 - 00000000 ____D () C:\FRST
2014-08-07 12:01 - 2014-08-07 12:01 - 05185536 _____ (AVAST Software) C:\Users\Bowplus\Downloads\aswmbr.exe
2014-08-07 11:59 - 2014-08-07 11:59 - 02094080 _____ (Farbar) C:\Users\Bowplus\Downloads\FRST64.exe
2014-08-07 10:50 - 2014-08-07 10:50 - 00001424 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sfc.exe.lnk
2014-08-07 09:05 - 2014-08-07 09:06 - 00000000 ____D () C:\B+Data
2014-08-06 17:25 - 2014-08-06 17:42 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Rescue RC - d2b29833-16cd-4316-9494-9e33219ff49c
2014-08-06 15:30 - 2014-08-06 15:30 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (5).lnk
2014-08-06 15:26 - 2014-08-06 15:26 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (4).lnk
2014-08-06 15:22 - 2014-08-06 15:22 - 01475072 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.303.exe
2014-08-06 15:04 - 2014-08-06 15:04 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Rescue.lnk
2014-08-06 13:59 - 2014-08-07 08:54 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\LogMeIn Rescue Applet
2014-08-06 13:59 - 2014-08-06 13:59 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Bowplus\Downloads\Support-LogMeInRescue(1).exe
2014-08-06 13:59 - 2014-08-06 13:59 - 00002280 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (3).lnk
2014-08-06 12:23 - 2014-08-06 12:02 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-06 12:04 - 2014-08-06 12:27 - 00014498 _____ () C:\zoek-results.log
2014-08-06 12:02 - 2014-08-06 12:20 - 00000000 ____D () C:\zoek_backup
2014-08-06 12:01 - 2014-08-06 12:01 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\bdch
2014-08-06 12:01 - 2014-08-06 12:01 - 00000000 ____D () C:\ProgramData\bdch
2014-08-06 11:28 - 2014-08-06 11:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 11:02 - 2014-08-06 15:28 - 00001846 _____ () C:\Windows\PFRO.log
2014-08-06 11:01 - 2014-08-06 11:01 - 00000000 ____D () C:\_OTL
2014-08-06 11:00 - 2014-08-06 11:00 - 01288704 _____ () C:\Users\Bowplus\Downloads\zoek.exe
2014-08-06 10:59 - 2014-08-06 10:59 - 01016261 _____ (Thisisu) C:\Users\Bowplus\Downloads\JRT.exe
2014-08-06 10:57 - 2014-08-06 10:57 - 00602112 _____ (OldTimer Tools) C:\Users\Bowplus\Downloads\OTL.exe
2014-08-06 10:55 - 2014-08-06 10:55 - 00854410 _____ () C:\Users\Bowplus\Downloads\SecurityCheck.exe
2014-08-05 17:03 - 2014-08-05 17:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-05 17:02 - 2014-08-05 17:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-05 17:01 - 2014-08-05 17:02 - 11188736 _____ (SurfRight B.V.) C:\Users\Bowplus\Downloads\HitmanPro_x64.exe
2014-08-05 16:57 - 2014-08-07 12:02 - 00000000 ___RD () C:\Users\Bowplus\Desktop\PC Repair Tools
2014-08-05 16:41 - 2014-08-06 15:25 - 00000000 ____D () C:\AdwCleaner
2014-08-05 16:41 - 2014-08-05 16:41 - 01361309 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.302.exe
2014-08-05 16:12 - 2014-08-06 13:01 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-08-05 16:12 - 2014-08-05 16:12 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-08-05 16:11 - 2014-08-05 16:11 - 00753184 _____ () C:\Users\Bowplus\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-08-05 15:24 - 2014-08-05 15:39 - 00000000 ____D () C:\Flood-Backup
2014-08-04 14:18 - 2014-08-04 15:26 - 00000000 ___RD () C:\Users\Bowplus\Desktop\Scan
2014-07-31 17:02 - 2014-07-31 17:02 - 00004952 _____ () C:\Users\Bowplus\Downloads\google-Ruben-Munoz.csv
2014-07-30 13:09 - 2014-07-30 13:09 - 00001095 _____ () C:\Windows\setupact.log
2014-07-30 13:09 - 2014-07-30 13:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 14:34 - 2014-07-29 14:34 - 00921135 _____ () C:\Users\Bowplus\Downloads\yahoo_contacts.csv
2014-07-29 12:08 - 2014-07-29 12:37 - 00000000 ___HD () C:\Backup Files
2014-07-29 10:13 - 2014-07-29 10:13 - 01545711 _____ () C:\Users\Bowplus\Downloads\contacts-all-CURRENT-notGoogle.csv
2014-07-29 10:12 - 2014-07-29 10:12 - 03457000 _____ () C:\Users\Bowplus\Downloads\google-all-CURRENT.csv
2014-07-29 09:55 - 2014-07-29 09:55 - 03455044 _____ () C:\Users\Bowplus\Downloads\google-all-([email protected]).csv
2014-07-29 09:23 - 2014-07-29 09:23 - 03230050 _____ () C:\Users\Bowplus\Downloads\google-all-INCOMPLETE.csv
2014-07-28 14:33 - 2014-07-29 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-28 14:33 - 2014-07-29 11:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-28 14:32 - 2014-07-28 14:32 - 01376768 _____ () C:\Users\Bowplus\Downloads\7z920-x64.msi
2014-07-28 13:08 - 2014-07-28 13:08 - 03455044 _____ () C:\Users\Bowplus\Downloads\google-all-latest.csv
2014-07-25 22:54 - 2014-07-25 22:54 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Adobe
2014-07-25 16:25 - 2014-07-25 16:28 - 03400514 _____ () C:\Users\Bowplus\Downloads\google-mycontacts.csv
2014-07-25 16:25 - 2014-07-25 16:25 - 03422034 _____ () C:\Users\Bowplus\Downloads\google-all.csv
2014-07-22 09:37 - 2014-07-22 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 15:17 - 2014-07-21 15:17 - 00000000 ____H () C:\Users\Bowplus\Documents\Default.rdp
2014-07-16 13:13 - 2014-08-06 11:01 - 00000000 ____D () C:\Users\Bowplus\AppData\Temp
2014-07-15 20:03 - 2014-07-15 20:03 - 00000385 _____ () C:\Users\Bowplus\AppData\Roaminguser_gensett.xml
2014-07-15 20:01 - 2014-07-15 20:01 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-07-15 16:24 - 2014-07-15 16:24 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-07-15 15:55 - 2014-07-15 15:55 - 00660470 _____ () C:\ProgramData\1405460800.bdinstall.bin
2014-07-15 15:54 - 2014-07-15 16:13 - 00000000 ____D () C:\ProgramData\BDLogging
2014-07-15 15:54 - 2014-07-15 15:54 - 00002224 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-07-15 15:54 - 2013-12-02 12:58 - 00635392 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-07-15 15:54 - 2013-12-02 12:56 - 00893440 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-07-15 15:54 - 2013-11-19 15:44 - 00098768 _____ (BitDefender LLC) C:\Windows\system32\Drivers\bdfndisf6.sys
2014-07-15 15:54 - 2013-11-04 16:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-07-15 15:54 - 2013-11-04 16:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-07-15 15:54 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2014-07-15 15:54 - 2013-07-30 18:41 - 00079192 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-07-15 15:54 - 2013-07-17 19:31 - 00261496 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-07-15 15:54 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-07-15 15:50 - 2014-07-15 16:13 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\Bitdefender
2014-07-15 15:46 - 2014-07-15 15:55 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-07-15 15:46 - 2014-07-15 15:50 - 00000000 ____D () C:\Program Files\Bitdefender
2014-07-15 15:46 - 2014-07-15 15:46 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\QuickScan
2014-07-15 15:46 - 2013-11-04 16:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-07-15 15:46 - 2013-11-04 16:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-07-15 15:46 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-07-15 15:46 - 2013-08-07 13:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-07-15 15:37 - 2014-07-15 15:46 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-15 15:36 - 2014-07-15 15:36 - 06770080 _____ () C:\Users\Bowplus\Downloads\bitdefender_tsecurity.exe
2014-07-14 16:53 - 2014-07-14 16:53 - 00001766 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-14 16:53 - 2014-07-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 16:52 - 2014-07-14 16:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 16:52 - 2014-07-14 16:53 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 16:52 - 2014-07-14 16:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 16:52 - 2014-07-14 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-07-14 16:21 - 2014-07-14 16:21 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Bowplus\Downloads\mbam-setup(1).exe
2014-07-14 16:17 - 2014-07-14 16:17 - 00000000 ____D () C:\Users\Bowplus\Documents\Autoruns
2014-07-14 16:08 - 2014-07-14 16:08 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (2).lnk
2014-07-14 15:18 - 2014-08-06 15:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 15:17 - 2014-07-14 15:23 - 00001085 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 15:17 - 2014-07-14 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 15:17 - 2014-07-14 15:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 15:17 - 2014-07-14 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 15:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 15:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 15:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 15:16 - 2014-07-14 15:16 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Bowplus\Downloads\mbam-setup.exe
2014-07-14 15:09 - 2014-07-14 15:09 - 00002280 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
2014-07-14 15:08 - 2014-07-14 15:08 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Bowplus\Downloads\Support-LogMeInRescue.exe
2014-07-14 14:23 - 2014-08-06 18:24 - 00064512 ___SH () C:\Users\Bowplus\Downloads\Thumbs.db
2014-07-09 13:05 - 2014-06-16 16:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 13:05 - 2014-06-16 16:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 13:05 - 2014-06-06 08:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 13:05 - 2014-05-29 21:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 13:05 - 2014-05-29 06:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 13:05 - 2014-05-29 01:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 13:05 - 2014-05-29 00:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 13:05 - 2014-05-29 00:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 13:05 - 2014-05-28 23:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 13:05 - 2014-05-28 23:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 13:04 - 2014-06-18 19:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 13:04 - 2014-06-18 18:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 13:04 - 2014-06-18 18:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 13:04 - 2014-06-18 18:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 13:04 - 2014-06-18 17:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 13:04 - 2014-06-18 17:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 13:04 - 2014-06-18 17:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 13:04 - 2014-06-18 17:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 13:04 - 2014-06-18 17:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 13:04 - 2014-06-18 17:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 13:04 - 2014-06-18 17:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 13:04 - 2014-06-18 17:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 13:04 - 2014-06-18 17:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 13:04 - 2014-06-18 16:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 13:04 - 2014-06-18 16:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 13:04 - 2014-06-18 16:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 13:04 - 2014-06-18 16:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 13:04 - 2014-06-18 16:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 13:04 - 2014-06-18 16:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 13:04 - 2014-06-18 16:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 13:04 - 2014-06-18 16:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 13:04 - 2014-06-18 16:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 13:04 - 2014-06-18 16:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 13:04 - 2014-06-18 16:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 13:04 - 2014-06-18 16:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 13:04 - 2014-06-18 16:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 13:04 - 2014-06-18 16:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 15:53 - 2014-07-08 15:53 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\Apple Computer
2014-07-08 15:53 - 2014-07-08 15:53 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Apple Computer
2014-07-08 15:53 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-08 15:52 - 2014-07-14 16:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-08 15:51 - 2014-07-08 15:51 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:51 - 2014-07-08 15:51 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-07-08 15:51 - 2014-07-08 15:51 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Apple
2014-07-08 15:51 - 2014-07-08 15:51 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:50 - 2014-07-08 15:51 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:50 - 2014-07-08 15:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-08 15:50 - 2014-07-08 15:50 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-08 15:50 - 2014-07-08 15:50 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-08 15:45 - 2014-07-08 15:47 - 112616784 _____ (Apple Inc.) C:\Users\Bowplus\Downloads\iTunes64Setup.exe
2014-07-08 15:41 - 2014-08-07 12:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-08 15:41 - 2014-07-08 15:41 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 15:41 - 2014-07-08 15:41 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Macromedia
2014-07-08 14:05 - 2014-08-07 12:00 - 01757135 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 14:05 - 2014-04-13 21:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-08 13:40 - 2014-07-08 13:40 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-08 13:40 - 2014-07-08 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-08 13:40 - 2014-07-08 13:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-08 13:39 - 2014-02-22 11:26 - 04721920 _____ (Piriform Ltd) C:\Users\Bowplus\Downloads\ccsetup410.exe
2014-07-08 13:35 - 2014-06-06 07:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 13:35 - 2014-06-06 06:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 13:35 - 2014-05-31 04:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-08 13:35 - 2014-05-31 04:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-08 13:35 - 2014-05-30 21:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-08 13:35 - 2014-05-30 21:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-08 13:35 - 2014-05-30 21:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 13:35 - 2014-05-30 21:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-08 13:35 - 2014-05-30 21:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-08 13:35 - 2014-05-30 21:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 13:35 - 2014-05-30 20:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-08 13:35 - 2014-05-30 20:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-08 13:35 - 2014-05-30 20:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-08 13:35 - 2014-05-30 20:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-08 13:35 - 2014-05-30 20:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-08 13:35 - 2014-05-30 20:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-08 13:35 - 2014-05-30 20:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-08 13:31 - 2014-07-08 13:31 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-08 13:16 - 2014-08-06 13:11 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\lptmp1170911795
2014-07-08 13:15 - 2014-07-15 20:00 - 00000000 ____D () C:\Program Files\Webroot

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 12:02 - 2014-08-07 12:02 - 00000000 ____D () C:\FRST
2014-08-07 12:02 - 2014-08-05 16:57 - 00000000 ___RD () C:\Users\Bowplus\Desktop\PC Repair Tools
2014-08-07 12:01 - 2014-08-07 12:01 - 05185536 _____ (AVAST Software) C:\Users\Bowplus\Downloads\aswmbr.exe
2014-08-07 12:00 - 2014-07-08 15:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 12:00 - 2014-07-08 14:05 - 01757135 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 12:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-07 11:59 - 2014-08-07 11:59 - 02094080 _____ (Farbar) C:\Users\Bowplus\Downloads\FRST64.exe
2014-08-07 11:46 - 2014-04-18 13:31 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 10:50 - 2014-08-07 10:50 - 00001424 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sfc.exe.lnk
2014-08-07 09:16 - 2014-06-13 06:37 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-696741958-2862974563-846841340-1001
2014-08-07 09:06 - 2014-08-07 09:05 - 00000000 ____D () C:\B+Data
2014-08-07 08:58 - 2014-06-17 21:09 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-07 08:58 - 2014-06-13 06:32 - 00001366 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-07 08:54 - 2014-08-06 13:59 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\LogMeIn Rescue Applet
2014-08-07 08:54 - 2014-06-17 09:28 - 00000000 __RDO () C:\Users\Bowplus\OneDrive
2014-08-07 08:53 - 2014-04-18 13:31 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 18:24 - 2014-07-14 14:23 - 00064512 ___SH () C:\Users\Bowplus\Downloads\Thumbs.db
2014-08-06 17:42 - 2014-08-06 17:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Rescue RC - d2b29833-16cd-4316-9494-9e33219ff49c
2014-08-06 17:24 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 17:23 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-06 15:51 - 2014-07-14 15:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 15:30 - 2014-08-06 15:30 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (5).lnk
2014-08-06 15:28 - 2014-08-06 11:02 - 00001846 _____ () C:\Windows\PFRO.log
2014-08-06 15:26 - 2014-08-06 15:26 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (4).lnk
2014-08-06 15:25 - 2014-08-05 16:41 - 00000000 ____D () C:\AdwCleaner
2014-08-06 15:22 - 2014-08-06 15:22 - 01475072 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.303.exe
2014-08-06 15:04 - 2014-08-06 15:04 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Rescue.lnk
2014-08-06 15:02 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-06 13:59 - 2014-08-06 13:59 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Bowplus\Downloads\Support-LogMeInRescue(1).exe
2014-08-06 13:59 - 2014-08-06 13:59 - 00002280 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (3).lnk
2014-08-06 13:11 - 2014-07-08 13:16 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\lptmp1170911795
2014-08-06 13:06 - 2014-06-26 12:04 - 00073728 ___SH () C:\Users\Bowplus\Desktop\Thumbs.db
2014-08-06 13:01 - 2014-08-05 16:12 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-08-06 12:58 - 2014-06-17 13:08 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\CrashDumps
2014-08-06 12:53 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-06 12:27 - 2014-08-06 12:04 - 00014498 _____ () C:\zoek-results.log
2014-08-06 12:27 - 2014-06-13 06:29 - 00000000 ____D () C:\Users\Bowplus
2014-08-06 12:20 - 2014-08-06 12:02 - 00000000 ____D () C:\zoek_backup
2014-08-06 12:02 - 2014-08-06 12:23 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-06 12:01 - 2014-08-06 12:01 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\bdch
2014-08-06 12:01 - 2014-08-06 12:01 - 00000000 ____D () C:\ProgramData\bdch
2014-08-06 11:28 - 2014-08-06 11:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 11:01 - 2014-08-06 11:01 - 00000000 ____D () C:\_OTL
2014-08-06 11:01 - 2014-07-16 13:13 - 00000000 ____D () C:\Users\Bowplus\AppData\Temp
2014-08-06 11:01 - 2013-08-22 07:25 - 00000098 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-08-06 11:00 - 2014-08-06 11:00 - 01288704 _____ () C:\Users\Bowplus\Downloads\zoek.exe
2014-08-06 10:59 - 2014-08-06 10:59 - 01016261 _____ (Thisisu) C:\Users\Bowplus\Downloads\JRT.exe
2014-08-06 10:57 - 2014-08-06 10:57 - 00602112 _____ (OldTimer Tools) C:\Users\Bowplus\Downloads\OTL.exe
2014-08-06 10:55 - 2014-08-06 10:55 - 00854410 _____ () C:\Users\Bowplus\Downloads\SecurityCheck.exe
2014-08-05 17:14 - 2014-08-05 17:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-05 17:03 - 2014-08-05 17:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-05 17:02 - 2014-08-05 17:01 - 11188736 _____ (SurfRight B.V.) C:\Users\Bowplus\Downloads\HitmanPro_x64.exe
2014-08-05 16:41 - 2014-08-05 16:41 - 01361309 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.302.exe
2014-08-05 16:12 - 2014-08-05 16:12 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-08-05 16:11 - 2014-08-05 16:11 - 00753184 _____ () C:\Users\Bowplus\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-08-05 15:39 - 2014-08-05 15:24 - 00000000 ____D () C:\Flood-Backup
2014-08-04 18:34 - 2014-06-17 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-04 15:26 - 2014-08-04 14:18 - 00000000 ___RD () C:\Users\Bowplus\Desktop\Scan
2014-07-31 17:02 - 2014-07-31 17:02 - 00004952 _____ () C:\Users\Bowplus\Downloads\google-Ruben-Munoz.csv
2014-07-30 13:09 - 2014-07-30 13:09 - 00001095 _____ () C:\Windows\setupact.log
2014-07-30 13:09 - 2014-07-30 13:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 14:34 - 2014-07-29 14:34 - 00921135 _____ () C:\Users\Bowplus\Downloads\yahoo_contacts.csv
2014-07-29 12:37 - 2014-07-29 12:08 - 00000000 ___HD () C:\Backup Files
2014-07-29 11:36 - 2014-07-28 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-29 11:36 - 2014-07-28 14:33 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-29 10:13 - 2014-07-29 10:13 - 01545711 _____ () C:\Users\Bowplus\Downloads\contacts-all-CURRENT-notGoogle.csv
2014-07-29 10:12 - 2014-07-29 10:12 - 03457000 _____ () C:\Users\Bowplus\Downloads\google-all-CURRENT.csv
2014-07-29 09:55 - 2014-07-29 09:55 - 03455044 _____ () C:\Users\Bowplus\Downloads\google-all-([email protected]).csv
2014-07-29 09:23 - 2014-07-29 09:23 - 03230050 _____ () C:\Users\Bowplus\Downloads\google-all-INCOMPLETE.csv
2014-07-28 14:32 - 2014-07-28 14:32 - 01376768 _____ () C:\Users\Bowplus\Downloads\7z920-x64.msi
2014-07-28 13:08 - 2014-07-28 13:08 - 03455044 _____ () C:\Users\Bowplus\Downloads\google-all-latest.csv
2014-07-25 22:54 - 2014-07-25 22:54 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Adobe
2014-07-25 16:28 - 2014-07-25 16:25 - 03400514 _____ () C:\Users\Bowplus\Downloads\google-mycontacts.csv
2014-07-25 16:25 - 2014-07-25 16:25 - 03422034 _____ () C:\Users\Bowplus\Downloads\google-all.csv
2014-07-22 09:37 - 2014-07-22 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 15:17 - 2014-07-21 15:17 - 00000000 ____H () C:\Users\Bowplus\Documents\Default.rdp
2014-07-16 14:39 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-07-16 13:18 - 2014-03-25 22:52 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-16 13:18 - 2014-03-25 22:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-15 20:03 - 2014-07-15 20:03 - 00000385 _____ () C:\Users\Bowplus\AppData\Roaminguser_gensett.xml
2014-07-15 20:01 - 2014-07-15 20:01 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-07-15 20:00 - 2014-07-08 13:15 - 00000000 ____D () C:\Program Files\Webroot
2014-07-15 16:24 - 2014-07-15 16:24 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-07-15 16:13 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\BDLogging
2014-07-15 16:13 - 2014-07-15 15:50 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\Bitdefender
2014-07-15 15:55 - 2014-07-15 15:55 - 00660470 _____ () C:\ProgramData\1405460800.bdinstall.bin
2014-07-15 15:55 - 2014-07-15 15:46 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-07-15 15:54 - 2014-07-15 15:54 - 00002224 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-07-15 15:50 - 2014-07-15 15:46 - 00000000 ____D () C:\Program Files\Bitdefender
2014-07-15 15:46 - 2014-07-15 15:46 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\QuickScan
2014-07-15 15:46 - 2014-07-15 15:37 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-15 15:43 - 2014-04-18 13:34 - 00000000 ____D () C:\ProgramData\Norton
2014-07-15 15:36 - 2014-07-15 15:36 - 06770080 _____ () C:\Users\Bowplus\Downloads\bitdefender_tsecurity.exe
2014-07-14 16:53 - 2014-07-14 16:53 - 00001766 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-14 16:53 - 2014-07-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 16:53 - 2014-07-14 16:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 16:53 - 2014-07-14 16:52 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 16:53 - 2014-07-14 16:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 16:52 - 2014-07-14 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-07-14 16:52 - 2014-07-08 15:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-14 16:21 - 2014-07-14 16:21 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Bowplus\Downloads\mbam-setup(1).exe
2014-07-14 16:17 - 2014-07-14 16:17 - 00000000 ____D () C:\Users\Bowplus\Documents\Autoruns
2014-07-14 16:08 - 2014-07-14 16:08 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (2).lnk
2014-07-14 16:07 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\addins
2014-07-14 15:23 - 2014-07-14 15:17 - 00001085 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 15:23 - 2014-07-14 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 15:23 - 2014-07-14 15:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 15:17 - 2014-07-14 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 15:16 - 2014-07-14 15:16 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Bowplus\Downloads\mbam-setup.exe
2014-07-14 15:09 - 2014-07-14 15:09 - 00002280 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
2014-07-14 15:08 - 2014-07-14 15:08 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Bowplus\Downloads\Support-LogMeInRescue.exe
2014-07-11 17:33 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-07-11 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2014-07-11 13:38 - 2013-08-22 08:44 - 00335784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 21:05 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-09 21:05 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 21:05 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 21:05 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 15:22 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-08 18:47 - 2014-04-18 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-08 15:53 - 2014-07-08 15:53 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\Apple Computer
2014-07-08 15:53 - 2014-07-08 15:53 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Apple Computer
2014-07-08 15:51 - 2014-07-08 15:51 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:51 - 2014-07-08 15:51 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-07-08 15:51 - 2014-07-08 15:51 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Apple
2014-07-08 15:51 - 2014-07-08 15:51 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:51 - 2014-07-08 15:50 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:50 - 2014-07-08 15:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-08 15:50 - 2014-07-08 15:50 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-08 15:50 - 2014-07-08 15:50 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-08 15:47 - 2014-07-08 15:45 - 112616784 _____ (Apple Inc.) C:\Users\Bowplus\Downloads\iTunes64Setup.exe
2014-07-08 15:41 - 2014-07-08 15:41 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 15:41 - 2014-07-08 15:41 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Macromedia
2014-07-08 14:07 - 2014-06-21 16:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 14:05 - 2014-06-21 16:19 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 14:05 - 2013-08-22 13:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 13:56 - 2014-03-26 14:07 - 00000000 ____D () C:\Windows\Panther
2014-07-08 13:40 - 2014-07-08 13:40 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-08 13:40 - 2014-07-08 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-08 13:40 - 2014-07-08 13:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-08 13:39 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-07-08 13:31 - 2014-07-08 13:31 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-01 13:08

==================== End Of Log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Bowplus at 2014-08-07 12:03:36
Running from C:\Users\Bowplus\Desktop\PC Repair Tools
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.12.0.958 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.3920.05 - CyberLink Corp.) Hidden
Digital Pass Launcher (HKLM-x32\...\{2359C6E9-DE4F-4FDA-9C12-AE6EFC2EE330}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.9.0.1001 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.51.81.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 2.0.0.15C - Toshiba Corporation) Hidden
Toshiba Quality Application (x32 Version: 1.0.9.4B2 - TOSHIBA) Hidden
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-07-2014 00:23:01 Scheduled Checkpoint
25-07-2014 20:06:49 Scheduled Checkpoint
28-07-2014 20:32:54 Installed 7-Zip 9.20 (x64 edition)
06-08-2014 18:04:36 zoek.exe restore point

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0C009AC2-E6A8-4EDA-A27F-6E8AB981E890} - \SMW_UpdateTask_Time_323632373832343038302d2350785732325b6c342a2d45 No Task File <==== ATTENTION
Task: {0DCB0136-761A-487F-9E87-83547AA6E636} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E4F6B29-2EC0-456F-96D9-C53C890E8F73} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4307FE6C-33DB-4725-A7A0-7127C3021633} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {562DB143-2F5C-4BD8-9E5A-8E72E39328DE} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-03-30] ()
Task: {5BD00B8C-019E-4B7F-BB0D-EEBC11EFD9F2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {5DD0D483-11B3-4B5D-AF8F-80ABCA676C6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {64A4CF6E-DD5E-4E57-A57C-2D5B678B17D5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {67C9D1B7-34FC-43AA-A80B-9DEE7D44C237} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A055BEB8-7005-4D10-BA29-5A1E003D71FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4A943C2-3D3C-48E2-BAC8-A4C678A6E09E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {B6081EFB-F46A-47BB-ADC1-4C97B6954E53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {B9F99432-A804-454D-9F30-6D76091B719A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {BC1590F8-806D-4539-9433-E0ECE6C14B39} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-08] (Microsoft Corporation)
Task: {C3A4C192-7D17-4DC3-B2C5-6A0C2B524700} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CA8A3DDD-F5C0-4086-BE7C-390D69B87919} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D3C51065-CAF6-49F1-A5EC-0477D852843B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D890D92B-00FC-46BF-BF1A-57C776471516} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-15 15:54 - 2014-06-06 15:11 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-07-15 15:54 - 2014-07-11 17:30 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-07-15 15:54 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2014-07-25 13:34 - 2014-07-25 13:34 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpbr.mdl
2014-07-25 13:34 - 2014-07-25 13:34 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpdsp.mdl
2014-07-25 13:34 - 2014-07-25 13:34 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpph.mdl
2014-07-25 13:34 - 2014-07-25 13:34 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttprbl.mdl
2014-07-15 15:54 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-18 12:58 - 2013-12-10 08:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Bowplus\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Bowplus\Downloads\Adware-Removal-Tool-v3.9.1.exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\adwcleaner_3.302.exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\adwcleaner_3.303.exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\aswmbr.exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\HitmanPro_x64.exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\SecurityCheck.exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\Support-LogMeInRescue(1).exe:BDU
AlternateDataStreams: C:\Users\Bowplus\Downloads\zoek.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2014 09:16:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (08/07/2014 09:16:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8


System errors:
=============
Error: (08/07/2014 11:00:13 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: CBSTOSH)
Description: There was an error while attempting to read the local hosts file.

Error: (08/06/2014 05:24:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/06/2014 05:24:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (08/06/2014 05:23:00 PM) (Source: DCOM) (EventID: 10010) (User: CBSTOSH)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/06/2014 05:23:00 PM) (Source: DCOM) (EventID: 10010) (User: CBSTOSH)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/06/2014 05:23:00 PM) (Source: DCOM) (EventID: 10010) (User: CBSTOSH)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/06/2014 03:29:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/06/2014 03:29:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (08/06/2014 03:28:08 PM) (Source: DCOM) (EventID: 10010) (User: CBSTOSH)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/06/2014 03:28:08 PM) (Source: DCOM) (EventID: 10010) (User: CBSTOSH)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office Sessions:
=========================
Error: (08/07/2014 09:16:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (08/07/2014 09:16:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 6054.98 MB
Available physical RAM: 4646.58 MB
Total Pagefile: 7014.98 MB
Available Pagefile: 5148.86 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (TI10692000E) (Fixed) (Total:687.94 GB) (Free:645.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

And here is all the info I know about the problem application:

 

Location:

 C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe

 

Aliases:

 Utilities.SearchHandler.exe

Created:
 03-30-2014
Modified:
 03-30-2014
Accessed:
 06-17-2014

Notes:
 CONSTANTLY changes web browser properties to redirect to www-search.net (Tuvaro Search Engine)
 Tuvaro Search Engine is associated with YTDownloader, iWebar, and ShopperPro
 Runs on every boot up
 Strongly appears to be Pre-Installed:
  Laptop was purchased and first booted in June
  Some research suggests that Toshiba satellite (this PC model) is a common laptop to have this preinstalled

 There is no Uninstaller to be found so far


Edited by Spencer4134, 07 August 2014 - 12:30 PM.

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

I don't see the log from aswMBR, could you run it and post that log along with the ones I'll request this round. Let's show this guest the door. I'm going to provide a custom fix for you and we'll run JRT and AdwCleaner in conjunction with that.

Note: Please move FRST64.exe from your downloads directory to your desktop or the FRST fix will not work.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
HKLM\...\Run: [] => [X]
Hosts:
Task: {0C009AC2-E6A8-4EDA-A27F-6E8AB981E890} - \SMW_UpdateTask_Time_323632373832343038302d2350785732325b6c342a2d45 No Task File <==== ATTENTION
Task: {562DB143-2F5C-4BD8-9E5A-8E72E39328DE} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-03-30] ()
C:\Program Files\Common Files\Goobzo
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Temporary File Cleaner


Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

  • 0

#5
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I'm sorry, I must have missed that. I'm afraid I will not have access to this computer until Wednesday. I have the log saved on the computer and will post it as soon as I get the chance.
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I'm sorry, I must have missed that. I'm afraid I will not have access to this computer until Wednesday. I have the log saved on the computer and will post it as soon as I get the chance.


No worries :) We'll do this on the schedule that works best for you. :thumbsup:
  • 0

#7
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

So, the bleeping computer website is down.

 

adwCleaner had me download an update, so I did. Then, when running ANYTHING as an administrator, IT WAS ABLE TO OBTAIN ADMIN PRIVILEGES WITHOUT MY CONSENT. Not sure if this is normal, but after the reboot, it doesn't do that anymore. So here are the logs:

 

aswMBR:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-07 12:04:41
-----------------------------
12:04:41.540    OS Version: Windows x64 6.2.9200
12:04:41.540    Number of processors: 4 586 0x4501
12:04:41.556    ComputerName: CBSTOSH  UserName: Bowplus
12:04:42.920    Initialize success
12:04:42.951    VM: initialized successfully
12:04:42.966    VM: Intel CPU supported
12:04:48.062    VM: disk I/O iaStorA.sys
12:06:25.351    AVAST engine defs: 14080700
12:06:57.248    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
12:06:57.248    Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX0A4M Size: 715404MB BusType: 11
12:06:57.436    Disk 0 MBR read successfully
12:06:57.436    Disk 0 MBR scan
12:06:57.452    Disk 0 unknown MBR code
12:06:57.452    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
12:06:57.577    Disk 0 scanning C:\Windows\system32\drivers
12:07:08.526    Service scanning
12:07:13.255    Service BdfNdisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys **LOCKED** 5
12:07:13.318    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
12:07:13.474    Service bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys **LOCKED** 5
12:07:50.061    Modules scanning
12:07:50.061    Disk 0 trace - called modules:
12:07:50.093    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
12:07:50.108    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00148d135e0]
12:07:50.108    3 CLASSPNP.SYS[fffff80192e0227b] -> nt!IofCallDriver -> [0xffffe00146ee5c60]
12:07:50.124    5 ACPI.sys[fffff80192b717aa] -> nt!IofCallDriver -> [0xffffe00146ee5e50]
12:07:50.124    7 ACPI.sys[fffff80192b717aa] -> nt!IofCallDriver -> \Device\0000002c[0xffffe00146ee45b0]
12:07:51.333    AVAST engine scan C:\Windows
12:07:53.280    AVAST engine scan C:\Windows\system32
12:10:22.330    AVAST engine scan C:\Windows\system32\drivers
12:10:36.499    AVAST engine scan C:\Users\Bowplus
12:13:56.290    AVAST engine scan C:\ProgramData
12:14:44.916    Scan finished successfully
12:17:14.297    Disk 0 MBR has been saved successfully to "C:\Users\Bowplus\Desktop\PC Repair Tools\Log Files\aswmbr\MBR.dat"
12:17:14.297    The log file has been saved successfully to "C:\Users\Bowplus\Desktop\PC Repair Tools\Log Files\aswmbr\aswMBR.txt"


Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-08-2014
Ran by Bowplus at 2014-08-13 10:07:39 Run:1
Running from C:\Users\Bowplus\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
Hosts:
Task: {0C009AC2-E6A8-4EDA-A27F-6E8AB981E890} - \SMW_UpdateTask_Time_323632373832343038302d2350785732325b6c342a2d45 No Task File <==== ATTENTION
Task: {562DB143-2F5C-4BD8-9E5A-8E72E39328DE} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-03-30] ()
C:\Program Files\Common Files\Goobzo
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
Hosts was reset successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C009AC2-E6A8-4EDA-A27F-6E8AB981E890}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C009AC2-E6A8-4EDA-A27F-6E8AB981E890}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323632373832343038302d2350785732325b6c342a2d45" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{562DB143-2F5C-4BD8-9E5A-8E72E39328DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{562DB143-2F5C-4BD8-9E5A-8E72E39328DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\Smp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp" => Key deleted successfully.
C:\Program Files\Common Files\Goobzo => Moved successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\exefile" => Key not found.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog ====

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Bowplus on Wed 08/13/2014 at 10:08:49.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/13/2014 at 10:13:38.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner:

 

# AdwCleaner v3.304 - Report created 13/08/2014 at 10:18:37
# Updated 08/08/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Bowplus - CBSTOSH
# Running from : C:\Users\Bowplus\Desktop\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Bowplus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Bowplus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Bowplus\AppData\Roaming\Mozilla\Firefox\Profiles\far87mnr.default-1407361548559\prefs.js ]


*************************

AdwCleaner[R0].txt - [6589 octets] - [05/08/2014 16:41:54]
AdwCleaner[R1].txt - [6988 octets] - [06/08/2014 11:09:48]
AdwCleaner[R2].txt - [1905 octets] - [06/08/2014 15:23:46]
AdwCleaner[R3].txt - [1907 octets] - [13/08/2014 10:18:01]
AdwCleaner[S0].txt - [6639 octets] - [06/08/2014 11:11:12]
AdwCleaner[S1].txt - [1668 octets] - [06/08/2014 15:25:52]
AdwCleaner[S2].txt - [1524 octets] - [13/08/2014 10:18:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1584 octets] ##########
 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by Bowplus (administrator) on CBSTOSH on 13-08-2014 10:22:21
Running from C:\Users\Bowplus\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1569536 2014-08-05] (Bitdefender)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [814064 2014-08-05] (Bitdefender)
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2F436636-E538-4692-912F-207099FB0E90} URL = http://www.bing.com/...=IE11TR&pc=TNJB
SearchScopes: HKCU - {2F436636-E538-4692-912F-207099FB0E90} URL =
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Bowplus\AppData\Roaming\Mozilla\Firefox\Profiles\far87mnr.default-1407361548559
FF Homepage: hxxp://www.memotoo.com/
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-06-06] (Bitdefender)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-06-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1513952 2014-08-05] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2013-07-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-11-19] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
U0 SR;
U2 srservice;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 10:22 - 2014-08-13 10:22 - 00022188 _____ () C:\Users\Bowplus\Desktop\FRST.txt
2014-08-13 10:21 - 2014-08-13 10:21 - 00001664 _____ () C:\Users\Bowplus\Desktop\AdwCleaner[S2].txt
2014-08-13 10:16 - 2014-08-13 10:15 - 01366203 _____ () C:\Users\Bowplus\Desktop\adwcleaner_3.304.exe
2014-08-13 10:15 - 2014-08-13 10:15 - 01366203 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.304.exe
2014-08-13 10:13 - 2014-08-13 10:13 - 00000758 _____ () C:\Users\Bowplus\Desktop\JRT.txt
2014-08-13 10:02 - 2014-08-13 10:02 - 00448512 _____ (OldTimer Tools) C:\Users\Bowplus\Downloads\TFC.exe
2014-08-13 10:02 - 2014-08-13 10:02 - 00448512 _____ (OldTimer Tools) C:\Users\Bowplus\Desktop\TFC.exe
2014-08-13 10:02 - 2014-08-06 10:59 - 01016261 _____ (Thisisu) C:\Users\Bowplus\Desktop\JRT.exe
2014-08-13 09:27 - 2014-08-07 11:59 - 02094080 _____ (Farbar) C:\Users\Bowplus\Desktop\FRST64.exe
2014-08-13 09:26 - 2014-08-07 12:17 - 00002448 _____ () C:\Users\Bowplus\Desktop\aswMBR.txt
2014-08-07 12:42 - 2014-08-07 12:42 - 00000000 _____ () C:\Windows\system32\sfcdetails.txt
2014-08-07 12:02 - 2014-08-13 10:22 - 00000000 ____D () C:\FRST
2014-08-07 12:01 - 2014-08-07 12:01 - 05185536 _____ (AVAST Software) C:\Users\Bowplus\Downloads\aswmbr.exe
2014-08-07 11:59 - 2014-08-07 11:59 - 02094080 _____ (Farbar) C:\Users\Bowplus\Downloads\FRST64.exe
2014-08-07 10:50 - 2014-08-07 10:50 - 00001424 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sfc.exe.lnk
2014-08-07 09:05 - 2014-08-07 09:06 - 00000000 ____D () C:\B+Data
2014-08-06 15:30 - 2014-08-06 15:30 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (5).lnk
2014-08-06 15:26 - 2014-08-06 15:26 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (4).lnk
2014-08-06 15:22 - 2014-08-06 15:22 - 01475072 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.303.exe
2014-08-06 15:04 - 2014-08-06 15:04 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Rescue.lnk
2014-08-06 13:59 - 2014-08-07 08:54 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\LogMeIn Rescue Applet
2014-08-06 13:59 - 2014-08-06 13:59 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Bowplus\Downloads\Support-LogMeInRescue(1).exe
2014-08-06 13:59 - 2014-08-06 13:59 - 00002280 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (3).lnk
2014-08-06 12:23 - 2014-08-06 12:02 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-06 12:04 - 2014-08-06 12:27 - 00014498 _____ () C:\zoek-results.log
2014-08-06 12:02 - 2014-08-06 12:20 - 00000000 ____D () C:\zoek_backup
2014-08-06 12:01 - 2014-08-06 12:01 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\bdch
2014-08-06 12:01 - 2014-08-06 12:01 - 00000000 ____D () C:\ProgramData\bdch
2014-08-06 11:28 - 2014-08-06 11:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 11:02 - 2014-08-13 10:19 - 00003720 _____ () C:\Windows\PFRO.log
2014-08-06 11:01 - 2014-08-06 11:01 - 00000000 ____D () C:\_OTL
2014-08-06 11:00 - 2014-08-06 11:00 - 01288704 _____ () C:\Users\Bowplus\Downloads\zoek.exe
2014-08-06 10:59 - 2014-08-06 10:59 - 01016261 _____ (Thisisu) C:\Users\Bowplus\Downloads\JRT.exe
2014-08-06 10:57 - 2014-08-06 10:57 - 00602112 _____ (OldTimer Tools) C:\Users\Bowplus\Downloads\OTL.exe
2014-08-06 10:55 - 2014-08-06 10:55 - 00854410 _____ () C:\Users\Bowplus\Downloads\SecurityCheck.exe
2014-08-05 17:03 - 2014-08-05 17:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-05 17:02 - 2014-08-05 17:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-05 17:01 - 2014-08-05 17:02 - 11188736 _____ (SurfRight B.V.) C:\Users\Bowplus\Downloads\HitmanPro_x64.exe
2014-08-05 16:57 - 2014-08-13 10:16 - 00000000 ___RD () C:\Users\Bowplus\Desktop\PC Repair Tools
2014-08-05 16:41 - 2014-08-13 10:18 - 00000000 ____D () C:\AdwCleaner
2014-08-05 16:41 - 2014-08-05 16:41 - 01361309 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.302.exe
2014-08-05 16:12 - 2014-08-06 13:01 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-08-05 16:12 - 2014-08-05 16:12 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-08-05 16:11 - 2014-08-05 16:11 - 00753184 _____ () C:\Users\Bowplus\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-08-05 15:24 - 2014-08-05 15:39 - 00000000 ____D () C:\Flood-Backup
2014-08-04 14:18 - 2014-08-04 15:26 - 00000000 ___RD () C:\Users\Bowplus\Desktop\Scan
2014-07-31 17:02 - 2014-07-31 17:02 - 00004952 _____ () C:\Users\Bowplus\Downloads\google-Ruben-Munoz.csv
2014-07-30 13:09 - 2014-07-30 13:09 - 00001095 _____ () C:\Windows\setupact.log
2014-07-30 13:09 - 2014-07-30 13:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 14:34 - 2014-07-29 14:34 - 00921135 _____ () C:\Users\Bowplus\Downloads\yahoo_contacts.csv
2014-07-29 12:08 - 2014-07-29 12:37 - 00000000 ___HD () C:\Backup Files
2014-07-29 10:13 - 2014-07-29 10:13 - 01545711 _____ () C:\Users\Bowplus\Downloads\contacts-all-CURRENT-notGoogle.csv
2014-07-29 10:12 - 2014-07-29 10:12 - 03457000 _____ () C:\Users\Bowplus\Downloads\google-all-CURRENT.csv
2014-07-29 09:55 - 2014-07-29 09:55 - 03455044 _____ () C:\Users\Bowplus\Downloads\google-all-([email protected]).csv
2014-07-29 09:23 - 2014-07-29 09:23 - 03230050 _____ () C:\Users\Bowplus\Downloads\google-all-INCOMPLETE.csv
2014-07-28 14:33 - 2014-07-29 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-28 14:33 - 2014-07-29 11:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-28 14:32 - 2014-07-28 14:32 - 01376768 _____ () C:\Users\Bowplus\Downloads\7z920-x64.msi
2014-07-28 13:08 - 2014-07-28 13:08 - 03455044 _____ () C:\Users\Bowplus\Downloads\google-all-latest.csv
2014-07-25 22:54 - 2014-07-25 22:54 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Adobe
2014-07-25 16:25 - 2014-07-25 16:28 - 03400514 _____ () C:\Users\Bowplus\Downloads\google-mycontacts.csv
2014-07-25 16:25 - 2014-07-25 16:25 - 03422034 _____ () C:\Users\Bowplus\Downloads\google-all.csv
2014-07-22 09:37 - 2014-07-22 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 15:17 - 2014-07-21 15:17 - 00000000 ____H () C:\Users\Bowplus\Documents\Default.rdp
2014-07-16 13:13 - 2014-08-06 11:01 - 00000000 ____D () C:\Users\Bowplus\AppData\Temp
2014-07-15 20:03 - 2014-07-15 20:03 - 00000385 _____ () C:\Users\Bowplus\AppData\Roaminguser_gensett.xml
2014-07-15 20:01 - 2014-07-15 20:01 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-07-15 16:24 - 2014-07-15 16:24 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-07-15 15:55 - 2014-07-15 15:55 - 00660470 _____ () C:\ProgramData\1405460800.bdinstall.bin
2014-07-15 15:54 - 2014-07-15 16:13 - 00000000 ____D () C:\ProgramData\BDLogging
2014-07-15 15:54 - 2014-07-15 15:54 - 00002224 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-07-15 15:54 - 2013-12-02 12:58 - 00635392 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-07-15 15:54 - 2013-12-02 12:56 - 00893440 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-07-15 15:54 - 2013-11-19 15:44 - 00098768 _____ (BitDefender LLC) C:\Windows\system32\Drivers\bdfndisf6.sys
2014-07-15 15:54 - 2013-11-04 16:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-07-15 15:54 - 2013-11-04 16:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-07-15 15:54 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2014-07-15 15:54 - 2013-07-30 18:41 - 00079192 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-07-15 15:54 - 2013-07-17 19:31 - 00261496 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-07-15 15:54 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-07-15 15:50 - 2014-07-15 16:13 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\Bitdefender
2014-07-15 15:46 - 2014-07-15 15:55 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-07-15 15:46 - 2014-07-15 15:50 - 00000000 ____D () C:\Program Files\Bitdefender
2014-07-15 15:46 - 2014-07-15 15:46 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\QuickScan
2014-07-15 15:46 - 2013-11-04 16:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-07-15 15:46 - 2013-11-04 16:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-07-15 15:46 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-07-15 15:46 - 2013-08-07 13:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-07-15 15:37 - 2014-07-15 15:46 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-15 15:36 - 2014-07-15 15:36 - 06770080 _____ () C:\Users\Bowplus\Downloads\bitdefender_tsecurity.exe
2014-07-14 16:53 - 2014-07-14 16:53 - 00001766 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-14 16:53 - 2014-07-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 16:52 - 2014-07-14 16:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 16:52 - 2014-07-14 16:53 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 16:52 - 2014-07-14 16:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 16:52 - 2014-07-14 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-07-14 16:21 - 2014-07-14 16:21 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Bowplus\Downloads\mbam-setup(1).exe
2014-07-14 16:17 - 2014-07-14 16:17 - 00000000 ____D () C:\Users\Bowplus\Documents\Autoruns
2014-07-14 16:08 - 2014-07-14 16:08 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (2).lnk
2014-07-14 15:18 - 2014-08-13 10:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 15:17 - 2014-07-14 15:23 - 00001085 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 15:17 - 2014-07-14 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 15:17 - 2014-07-14 15:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 15:17 - 2014-07-14 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 15:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 15:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 15:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 15:16 - 2014-07-14 15:16 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Bowplus\Downloads\mbam-setup.exe
2014-07-14 15:09 - 2014-07-14 15:09 - 00002280 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
2014-07-14 15:08 - 2014-07-14 15:08 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Bowplus\Downloads\Support-LogMeInRescue.exe
2014-07-14 14:23 - 2014-08-13 09:52 - 00083968 ___SH () C:\Users\Bowplus\Downloads\Thumbs.db

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 10:22 - 2014-08-13 10:22 - 00022188 _____ () C:\Users\Bowplus\Desktop\FRST.txt
2014-08-13 10:22 - 2014-08-07 12:02 - 00000000 ____D () C:\FRST
2014-08-13 10:21 - 2014-08-13 10:21 - 00001664 _____ () C:\Users\Bowplus\Desktop\AdwCleaner[S2].txt
2014-08-13 10:21 - 2014-07-08 14:05 - 01054679 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 10:20 - 2014-06-17 09:28 - 00000000 __RDO () C:\Users\Bowplus\OneDrive
2014-08-13 10:20 - 2014-04-18 13:31 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 10:20 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 10:20 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-13 10:19 - 2014-08-06 11:02 - 00003720 _____ () C:\Windows\PFRO.log
2014-08-13 10:18 - 2014-08-05 16:41 - 00000000 ____D () C:\AdwCleaner
2014-08-13 10:18 - 2014-06-17 21:09 - 00001044 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-13 10:18 - 2014-06-13 06:32 - 00000976 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-13 10:18 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-13 10:17 - 2014-07-14 15:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 10:16 - 2014-08-05 16:57 - 00000000 ___RD () C:\Users\Bowplus\Desktop\PC Repair Tools
2014-08-13 10:15 - 2014-08-13 10:16 - 01366203 _____ () C:\Users\Bowplus\Desktop\adwcleaner_3.304.exe
2014-08-13 10:15 - 2014-08-13 10:15 - 01366203 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.304.exe
2014-08-13 10:13 - 2014-08-13 10:13 - 00000758 _____ () C:\Users\Bowplus\Desktop\JRT.txt
2014-08-13 10:02 - 2014-08-13 10:02 - 00448512 _____ (OldTimer Tools) C:\Users\Bowplus\Downloads\TFC.exe
2014-08-13 10:02 - 2014-08-13 10:02 - 00448512 _____ (OldTimer Tools) C:\Users\Bowplus\Desktop\TFC.exe
2014-08-13 10:00 - 2014-07-08 15:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 10:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-13 09:52 - 2014-07-14 14:23 - 00083968 ___SH () C:\Users\Bowplus\Downloads\Thumbs.db
2014-08-13 09:46 - 2014-04-18 13:31 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 09:27 - 2014-06-13 06:37 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-696741958-2862974563-846841340-1001
2014-08-13 09:25 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-13 09:19 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-07 16:13 - 2014-06-26 12:04 - 00073728 ___SH () C:\Users\Bowplus\Desktop\Thumbs.db
2014-08-07 12:42 - 2014-08-07 12:42 - 00000000 _____ () C:\Windows\system32\sfcdetails.txt
2014-08-07 12:17 - 2014-08-13 09:26 - 00002448 _____ () C:\Users\Bowplus\Desktop\aswMBR.txt
2014-08-07 12:01 - 2014-08-07 12:01 - 05185536 _____ (AVAST Software) C:\Users\Bowplus\Downloads\aswmbr.exe
2014-08-07 11:59 - 2014-08-13 09:27 - 02094080 _____ (Farbar) C:\Users\Bowplus\Desktop\FRST64.exe
2014-08-07 11:59 - 2014-08-07 11:59 - 02094080 _____ (Farbar) C:\Users\Bowplus\Downloads\FRST64.exe
2014-08-07 10:50 - 2014-08-07 10:50 - 00001424 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sfc.exe.lnk
2014-08-07 09:06 - 2014-08-07 09:05 - 00000000 ____D () C:\B+Data
2014-08-07 08:54 - 2014-08-06 13:59 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\LogMeIn Rescue Applet
2014-08-06 15:30 - 2014-08-06 15:30 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (5).lnk
2014-08-06 15:26 - 2014-08-06 15:26 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (4).lnk
2014-08-06 15:22 - 2014-08-06 15:22 - 01475072 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.303.exe
2014-08-06 15:04 - 2014-08-06 15:04 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Rescue.lnk
2014-08-06 13:59 - 2014-08-06 13:59 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Bowplus\Downloads\Support-LogMeInRescue(1).exe
2014-08-06 13:59 - 2014-08-06 13:59 - 00002280 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (3).lnk
2014-08-06 13:11 - 2014-07-08 13:16 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\lptmp1170911795
2014-08-06 13:01 - 2014-08-05 16:12 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-08-06 12:58 - 2014-06-17 13:08 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\CrashDumps
2014-08-06 12:27 - 2014-08-06 12:04 - 00014498 _____ () C:\zoek-results.log
2014-08-06 12:27 - 2014-06-13 06:29 - 00000000 ____D () C:\Users\Bowplus
2014-08-06 12:20 - 2014-08-06 12:02 - 00000000 ____D () C:\zoek_backup
2014-08-06 12:02 - 2014-08-06 12:23 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-06 12:01 - 2014-08-06 12:01 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\bdch
2014-08-06 12:01 - 2014-08-06 12:01 - 00000000 ____D () C:\ProgramData\bdch
2014-08-06 11:28 - 2014-08-06 11:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 11:01 - 2014-08-06 11:01 - 00000000 ____D () C:\_OTL
2014-08-06 11:01 - 2014-07-16 13:13 - 00000000 ____D () C:\Users\Bowplus\AppData\Temp
2014-08-06 11:01 - 2013-08-22 07:25 - 00000098 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-08-06 11:00 - 2014-08-06 11:00 - 01288704 _____ () C:\Users\Bowplus\Downloads\zoek.exe
2014-08-06 10:59 - 2014-08-13 10:02 - 01016261 _____ (Thisisu) C:\Users\Bowplus\Desktop\JRT.exe
2014-08-06 10:59 - 2014-08-06 10:59 - 01016261 _____ (Thisisu) C:\Users\Bowplus\Downloads\JRT.exe
2014-08-06 10:57 - 2014-08-06 10:57 - 00602112 _____ (OldTimer Tools) C:\Users\Bowplus\Downloads\OTL.exe
2014-08-06 10:55 - 2014-08-06 10:55 - 00854410 _____ () C:\Users\Bowplus\Downloads\SecurityCheck.exe
2014-08-05 17:14 - 2014-08-05 17:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-05 17:03 - 2014-08-05 17:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-05 17:02 - 2014-08-05 17:01 - 11188736 _____ (SurfRight B.V.) C:\Users\Bowplus\Downloads\HitmanPro_x64.exe
2014-08-05 16:41 - 2014-08-05 16:41 - 01361309 _____ () C:\Users\Bowplus\Downloads\adwcleaner_3.302.exe
2014-08-05 16:12 - 2014-08-05 16:12 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-08-05 16:11 - 2014-08-05 16:11 - 00753184 _____ () C:\Users\Bowplus\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-08-05 15:39 - 2014-08-05 15:24 - 00000000 ____D () C:\Flood-Backup
2014-08-04 18:34 - 2014-06-17 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-04 15:26 - 2014-08-04 14:18 - 00000000 ___RD () C:\Users\Bowplus\Desktop\Scan
2014-07-31 17:02 - 2014-07-31 17:02 - 00004952 _____ () C:\Users\Bowplus\Downloads\google-Ruben-Munoz.csv
2014-07-30 13:09 - 2014-07-30 13:09 - 00001095 _____ () C:\Windows\setupact.log
2014-07-30 13:09 - 2014-07-30 13:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 14:34 - 2014-07-29 14:34 - 00921135 _____ () C:\Users\Bowplus\Downloads\yahoo_contacts.csv
2014-07-29 12:37 - 2014-07-29 12:08 - 00000000 ___HD () C:\Backup Files
2014-07-29 11:36 - 2014-07-28 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-29 11:36 - 2014-07-28 14:33 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-29 10:13 - 2014-07-29 10:13 - 01545711 _____ () C:\Users\Bowplus\Downloads\contacts-all-CURRENT-notGoogle.csv
2014-07-29 10:12 - 2014-07-29 10:12 - 03457000 _____ () C:\Users\Bowplus\Downloads\google-all-CURRENT.csv
2014-07-29 09:55 - 2014-07-29 09:55 - 03455044 _____ () C:\Users\Bowplus\Downloads\google-all-([email protected]).csv
2014-07-29 09:23 - 2014-07-29 09:23 - 03230050 _____ () C:\Users\Bowplus\Downloads\google-all-INCOMPLETE.csv
2014-07-28 14:32 - 2014-07-28 14:32 - 01376768 _____ () C:\Users\Bowplus\Downloads\7z920-x64.msi
2014-07-28 13:08 - 2014-07-28 13:08 - 03455044 _____ () C:\Users\Bowplus\Downloads\google-all-latest.csv
2014-07-25 22:54 - 2014-07-25 22:54 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\Adobe
2014-07-25 16:28 - 2014-07-25 16:25 - 03400514 _____ () C:\Users\Bowplus\Downloads\google-mycontacts.csv
2014-07-25 16:25 - 2014-07-25 16:25 - 03422034 _____ () C:\Users\Bowplus\Downloads\google-all.csv
2014-07-22 09:37 - 2014-07-22 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 15:17 - 2014-07-21 15:17 - 00000000 ____H () C:\Users\Bowplus\Documents\Default.rdp
2014-07-16 14:39 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-07-16 13:18 - 2014-03-25 22:52 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-16 13:18 - 2014-03-25 22:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-15 20:03 - 2014-07-15 20:03 - 00000385 _____ () C:\Users\Bowplus\AppData\Roaminguser_gensett.xml
2014-07-15 20:01 - 2014-07-15 20:01 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-07-15 20:00 - 2014-07-08 13:15 - 00000000 ____D () C:\Program Files\Webroot
2014-07-15 16:24 - 2014-07-15 16:24 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-07-15 16:13 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\BDLogging
2014-07-15 16:13 - 2014-07-15 15:50 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\Bitdefender
2014-07-15 15:55 - 2014-07-15 15:55 - 00660470 _____ () C:\ProgramData\1405460800.bdinstall.bin
2014-07-15 15:55 - 2014-07-15 15:46 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-07-15 15:54 - 2014-07-15 15:54 - 00002224 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-07-15 15:50 - 2014-07-15 15:46 - 00000000 ____D () C:\Program Files\Bitdefender
2014-07-15 15:46 - 2014-07-15 15:46 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\QuickScan
2014-07-15 15:46 - 2014-07-15 15:37 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-15 15:43 - 2014-04-18 13:34 - 00000000 ____D () C:\ProgramData\Norton
2014-07-15 15:36 - 2014-07-15 15:36 - 06770080 _____ () C:\Users\Bowplus\Downloads\bitdefender_tsecurity.exe
2014-07-14 16:53 - 2014-07-14 16:53 - 00001766 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-14 16:53 - 2014-07-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 16:53 - 2014-07-14 16:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 16:53 - 2014-07-14 16:52 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 16:53 - 2014-07-14 16:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 16:52 - 2014-07-14 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-07-14 16:52 - 2014-07-08 15:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-14 16:21 - 2014-07-14 16:21 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Bowplus\Downloads\mbam-setup(1).exe
2014-07-14 16:17 - 2014-07-14 16:17 - 00000000 ____D () C:\Users\Bowplus\Documents\Autoruns
2014-07-14 16:08 - 2014-07-14 16:08 - 00002254 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (2).lnk
2014-07-14 16:07 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\addins
2014-07-14 15:23 - 2014-07-14 15:17 - 00001085 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 15:23 - 2014-07-14 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 15:23 - 2014-07-14 15:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 15:17 - 2014-07-14 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 15:16 - 2014-07-14 15:16 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Bowplus\Downloads\mbam-setup.exe
2014-07-14 15:09 - 2014-07-14 15:09 - 00002280 _____ () C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
2014-07-14 15:08 - 2014-07-14 15:08 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Bowplus\Downloads\Support-LogMeInRescue.exe

Some content of TEMP:
====================
C:\Users\Bowplus\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-13 08:54

==================== End Of Log ============================


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looking good :thumbsup: Let's run a scan for remnants and check for out of date programs.

How is the machine running?

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#9
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/14/2014
Scan Time: 9:10:04 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.14.08
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Bowplus

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294296
Time Elapsed: 9 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

ESET will not work. Says something about if I've configured proxy settings :no:


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

ESET will not work. Says something about if I've configured proxy settings :no:


Ok, no worries, let's let Panda Cloud have a go at it.


Scan with Panda Cloud Cleaner

Download Panda Cloud Cleaner and save it to your desktop.

Alternate download sites are here and here.
  • Double-click on PandaCloudCleaner.exe >> when the Setup - Panda Cloud Cleaner window has loaded >> Next > >> Next >
  • Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
  • Please be patient as the scan may take some time to complete depending on your system's specifications.
  • Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
  • Now within the GUI click on the >(or any or them if multiple) tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
  • Save this to your desktop and post the contents in your next reply.
  • Then click on Back >> Exit
Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.


Things I need to see in your next post:

Panda Cloud Scanner Log

  • 0

Advertisements


#11
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Ok. I will not have access to this computer until Monday. Thank you for your patience.


  • 0

#12
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Here's the log:

 

Unknown. FILE: C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP\AMAZON1BUTTONTASKBARAPP.EXE to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk to be deleted.

Unknown. FILE: C:\Users\Bowplus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk to be deleted.

Unknown. REGKEY: HKLM\Software\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\wow6432Node\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\wow6432Node\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}. Key to be deleted.

Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE.

Suspicious Policy. POLICY: HKLM\SOFTWARE\CLASSES\REGFILE\SHELL\OPEN\COMMAND to be changed to: regedit.exe "%1"

Suspicious Policy. POLICY: HKLM\SOFTWARE\CLASSES\REGFILE\SHELL\OPEN\COMMAND to be changed to: regedit.exe "%1"

Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLECMD]. Value: DISABLECMD To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLECMD]. Value: DISABLECMD To be deleted.
 


  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Looking good, please run Step #3 in Post #8 and we'll continue. :)


  • 0

#14
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Here you go:

 

Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Bitdefender Antivirus   
Windows Defender        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Panda Cloud Cleaner   
 Adobe Flash Player     14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2015 vsserv.exe  
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender SafeBox safeboxservice.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
 Bitdefender Bitdefender 2015 Antispam32 bdwtxapps.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • I also have some tips and information to protect you in the future.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner and Panda Cloud Cleaner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Optional Installation of FileHippo


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information and Optional Installation of Unchecky


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:

Are there any further issues I can assist you with?
  • 0






Similar Topics


Also tagged with one or more of these keywords: Tuvaro, Goobzo, iWebar, ShopperPro, Adware, Virus, Search, GBUpdate, YTDownloader

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP