Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing Optimizer Pro and others [Solved]

Started by sbrett21 , Sep 30 2014 05:01 PM

  • This topic is locked This topic is locked

#1
sbrett21
Posted 30 September 2014 - 05:01 PM

sbrett21

    Member

  • Member
  • PipPip
  • 13 posts

I can't get rid of Optimizer Pro.  It seems to add more viruses.  I use Avast.  It tried to remove a bad search engine, had no effect.  I tried Avast Safe Mode, didn't help.  Not sure what to next.  Here is the OTL Log:  

 

OTL logfile created on: 9/30/2014 5:41:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sbrett21\Desktop\MISC
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.46 Gb Total Physical Memory | 3.69 Gb Available Physical Memory | 67.60% Memory free
6.33 Gb Paging File | 4.23 Gb Available in Paging File | 66.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 219.88 Gb Free Space | 78.68% Space Free | Partition Type: NTFS
Drive D: | 397.87 Gb Total Space | 397.16 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
 
Computer Name: STEPHANIE | User Name: Sbrett21 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/30 17:40:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sbrett21\Desktop\MISC\OTL.exe
PRC - [2014/09/16 02:00:13 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/09/16 01:59:20 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/09/12 19:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/08/29 21:49:43 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/08/21 11:03:44 | 000,421,832 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/06 18:07:46 | 001,612,784 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
PRC - [2012/10/31 14:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/10/26 16:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/10/17 21:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/10/05 17:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/09/18 14:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/09/14 15:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/09/11 16:01:34 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/09/11 16:01:30 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/08/31 21:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/10 19:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/07/25 11:53:18 | 001,558,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/05/28 12:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012/03/28 20:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/21 16:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/08/04 20:21:58 | 000,030,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/30 17:23:01 | 000,043,008 | ---- | M] () -- c:\Users\Sbrett21\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm4hxkd.dll
MOD - [2014/09/16 02:16:35 | 000,975,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\270a200e4a55f281235dcbde07450912\System.Configuration.ni.dll
MOD - [2014/09/16 02:16:27 | 018,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\d96c3e36abc8c0676be9ea0756c6a5cb\PresentationFramework.ni.dll
MOD - [2014/09/16 02:16:01 | 011,021,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\65b3f39148fe1fcac216b1430a7efece\PresentationCore.ni.dll
MOD - [2014/09/16 02:15:46 | 003,941,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fa7822975c29eda31e6b416ab8ad774b\WindowsBase.ni.dll
MOD - [2014/09/16 02:15:22 | 010,051,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dfb8b0724c39cdbbfcbb6f83a5be22cc\System.ni.dll
MOD - [2014/09/16 01:59:22 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/09/16 01:59:21 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/09/12 19:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/08/29 21:49:41 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppgooglenaclpluginchrome.dll
MOD - [2014/08/29 21:49:40 | 014,669,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
MOD - [2014/08/29 21:49:38 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
MOD - [2014/08/29 21:49:33 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
MOD - [2014/08/29 21:49:31 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
MOD - [2014/08/29 21:49:30 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
MOD - [2014/07/03 17:11:30 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2014/07/03 17:11:30 | 002,056,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2014/05/26 17:12:07 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2014/05/26 17:12:07 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2014/05/26 17:12:07 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2014/05/26 17:12:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2014/05/26 17:12:05 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2014/05/26 17:12:04 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2014/02/25 18:10:32 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/02/19 00:46:27 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\61be23d6a688188e3419a1eb46fc9d9d\System.Drawing.ni.dll
MOD - [2014/02/19 00:46:14 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\d3abe72a65b16c5ca129dd4509450190\PresentationFramework.Aero2.ni.dll
MOD - [2014/02/19 00:45:10 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/10/08 21:23:11 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/09/11 16:01:28 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2009/08/04 20:23:16 | 000,063,032 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
MOD - [2009/08/04 20:23:02 | 000,075,320 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/16 01:59:20 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/05/29 18:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/29 03:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/12/19 14:56:02 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/11/27 12:57:56 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/11/27 12:57:26 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/26 19:27:57 | 000,126,880 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2012/07/25 22:08:39 | 000,051,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/06/06 18:07:46 | 001,612,784 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2012/11/27 12:57:26 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/10/05 17:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/08/10 20:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/08/10 19:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/24 13:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/16 01:59:57 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/09/16 01:59:25 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/09/16 01:59:25 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/09/16 01:59:25 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/09/16 01:59:25 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/09/16 01:59:25 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/09/16 01:59:25 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/09/16 01:59:24 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/09/08 13:23:44 | 000,061,080 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys -- ({5eeb83d0-96ea-4249-942c-beead6847053}Gw64)
DRV:64bit: - [2014/03/28 14:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/23 17:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/21 21:27:31 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/21 01:46:04 | 000,104,184 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/19 15:48:50 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 14:32:56 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/27 12:57:26 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/11/27 12:57:26 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/31 14:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/18 14:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/09/16 14:41:02 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/09/16 14:41:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/09/14 00:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/08/22 22:18:40 | 003,624,960 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/08/10 20:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/10 20:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 20:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 20:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 20:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 20:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 20:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 20:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/08/01 22:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/30 11:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/23 18:24:52 | 015,283,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/06/02 09:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 09:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 09:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/30 22:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2011/09/07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...r=822417380&ir=
IE:64bit: - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
IE - HKCU\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...r=822417380&ir=
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 17:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/09/16 01:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://asus13.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - default_search_provider: EA1B121FE5E28FE299D05F9301CF3628EBDC8EC0B29F0BA02EDEC47E067F8F77 (Enabled)
CHR - default_search_provider: search_url = EEAFBA1186B6490F0C117DF40BBB4CD6C3233456850B95FB72A2F6EC7F4B3560
CHR - default_search_provider: suggest_url = 
CHR - homepage: 6225AF0FF201EC3093A3C4E2D72CD37F8C380B954D14F4F202E33D91CE863AC4
CHR - Extension: Google Drive = C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: Sidewise Tree Style Tabs = C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiammgklaefagjclmnlialkmaemifgo\113\
CHR - Extension: YouTube = C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Form Filler = C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo\181\
CHR - Extension: Google Search = C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: Google Wallet = C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (SiaalesMaagnet) - {181362E6-D453-9E7D-4FE3-1A89C9F5C03C} - C:\ProgramData\SiaalesMaagnet\msTi3x.x64.dll ()
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SoftCoup) - {ABB41D36-4185-A866-AAED-2218DAC59B9F} - C:\ProgramData\SoftCoup\erZiuEl1.x64.dll ()
O2 - BHO: (PrinceCOuepponu) - {04C5B37D-D579-8AAB-7DCA-C013BCD36D4A} - C:\ProgramData\PrinceCOuepponu\PWNWVqH3Rh.dll ()
O2 - BHO: (SiaalesMaagnet) - {181362E6-D453-9E7D-4FE3-1A89C9F5C03C} - C:\ProgramData\SiaalesMaagnet\msTi3x.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SoftCoup) - {ABB41D36-4185-A866-AAED-2218DAC59B9F} - C:\ProgramData\SoftCoup\erZiuEl1.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - Startup: C:\Users\Sbrett21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FAA262E-FE16-476D-8F1D-D1590A895922}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD613E49-6B11-4084-B19C-8BC30309B0CD}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{47b63da4-0703-11e3-be95-6c71d97ca53c}\Shell - "" = AutoRun
O33 - MountPoints2\{47b63da4-0703-11e3-be95-6c71d97ca53c}\Shell\AutoRun\command - "" = "G:\SISetup.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/24 02:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftCoup
[2014/09/23 16:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SiaalesMaagnet
[2014/09/18 00:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\GoldenCoupon
[2014/09/16 02:32:53 | 000,000,000 | R--D | C] -- C:\Users\Sbrett21\Dropbox
[2014/09/16 02:31:26 | 000,000,000 | ---D | C] -- C:\Users\Sbrett21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/09/16 02:29:47 | 000,000,000 | ---D | C] -- C:\Users\Sbrett21\AppData\Roaming\Dropbox
[2014/09/16 01:59:23 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/09/16 00:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PrinceCOuepponu
[2014/09/14 00:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\LuckyyShuoPpeer
[2014/09/12 00:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\QueeNCOUpon
[2014/09/11 01:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\cb194563ee44ec1
[2014/09/09 01:06:57 | 000,000,000 | ---D | C] -- C:\Users\Sbrett21\AppData\Roaming\Optimizer Pro
[2014/09/09 01:06:53 | 000,061,080 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys
[2014/09/09 01:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmarterPower
[2014/09/09 01:01:55 | 000,000,000 | ---D | C] -- C:\Users\Sbrett21\AppData\Roaming\WSE_Astromenda
[2014/09/09 01:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/09/09 01:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/30 17:22:39 | 000,000,500 | ---- | M] () -- C:\Users\Sbrett21\AppData\Roaming\sp_data.sys
[2014/09/30 17:22:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/30 17:21:56 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/24 23:37:19 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/09/24 23:37:15 | 392,851,455 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/24 23:03:28 | 002,353,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/24 23:03:28 | 000,797,120 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2014/09/24 23:03:28 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/24 23:03:28 | 000,432,016 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2014/09/24 23:03:28 | 000,162,488 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2014/09/24 23:03:28 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/24 23:03:28 | 000,132,686 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2014/09/24 23:03:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/23 17:02:03 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\WSE_Astromenda.job
[2014/09/23 17:02:03 | 000,000,067 | ---- | M] () -- C:\Users\Sbrett21\AppData\Roaming\WB.CFG
[2014/09/18 00:22:37 | 000,001,016 | ---- | M] () -- C:\Users\Sbrett21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/18 00:22:10 | 000,000,990 | ---- | M] () -- C:\Users\Sbrett21\Desktop\Dropbox.lnk
[2014/09/18 00:19:02 | 000,000,004 | ---- | M] () -- C:\Users\Sbrett21\AppData\Roaming\appdataFr2.bin
[2014/09/16 02:00:41 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/09/16 01:59:57 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/09/16 01:59:25 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/09/16 01:59:25 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/09/16 01:59:25 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/09/16 01:59:25 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/09/16 01:59:25 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/09/16 01:59:25 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/09/16 01:59:25 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/09/16 01:59:24 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/09/16 01:59:23 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/09/09 01:01:56 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/08 13:23:44 | 000,061,080 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys
[2014/09/06 00:53:18 | 000,462,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/09/18 00:19:02 | 000,000,004 | ---- | C] () -- C:\Users\Sbrett21\AppData\Roaming\appdataFr2.bin
[2014/09/16 02:32:53 | 000,000,990 | ---- | C] () -- C:\Users\Sbrett21\Desktop\Dropbox.lnk
[2014/09/16 02:32:41 | 000,001,016 | ---- | C] () -- C:\Users\Sbrett21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/12 01:09:40 | 000,010,450 | ---- | C] () -- C:\Windows\SysNative\autoconfig.cab
[2014/09/09 02:02:05 | 000,000,067 | ---- | C] () -- C:\Users\Sbrett21\AppData\Roaming\WB.CFG
[2014/09/09 01:02:17 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\WSE_Astromenda.job
[2013/09/18 01:26:46 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/07/23 20:29:00 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2013/07/21 10:35:51 | 000,000,500 | ---- | C] () -- C:\Users\Sbrett21\AppData\Roaming\sp_data.sys
[2013/05/05 08:38:51 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/05/05 08:38:51 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/05/05 08:38:51 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/05/05 08:33:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/27 13:26:00 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/11/27 13:26:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/11/27 13:26:00 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
 
========== ZeroAccess Check ==========
 
[2013/12/20 19:22:10 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 03:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 01:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/21 10:36:00 | 000,000,000 | ---D | M] -- C:\Users\Sbrett21\AppData\Roaming\ASUS WebStorage
[2013/11/29 02:47:38 | 000,000,000 | ---D | M] -- C:\Users\Sbrett21\AppData\Roaming\AVAST Software
[2014/01/11 13:04:51 | 000,000,000 | ---D | M] -- C:\Users\Sbrett21\AppData\Roaming\Canon
[2013/07/23 20:10:02 | 000,000,000 | ---D | M] -- C:\Users\Sbrett21\AppData\Roaming\DAEMON Tools Lite
[2014/09/30 17:23:26 | 000,000,000 | ---D | M] -- C:\Users\Sbrett21\AppData\Roaming\Dropbox
[2013/12/28 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\Sbrett21\AppData\Roaming\KeePass
[2014/09/09 01:06:57 | 000,000,000 | ---D | M] -- C:\Users\Sbrett21\AppData\Roaming\Optimizer Pro
[2014/09/09 01:02:15 | 000,000,000 | ---D | M] -- C:\Users\Sbrett21\AppData\Roaming\WSE_Astromenda
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
pystryker
Posted 01 October 2014 - 07:23 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to GeeksToGo! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.


aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log
  • 0

#3
sbrett21
Posted 03 October 2014 - 09:51 AM

sbrett21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thank you so much for the help.  Here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Sbrett21 (administrator) on STEPHANIE on 03-10-2014 10:32:47
Running from C:\Users\Sbrett21\Desktop\MISC
Loaded Profile: Sbrett21 (Available profiles: Sbrett21)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll 
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [1612784 2013-06-06] (GlavSoft LLC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-16] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKU\S-1-5-21-3625402026-119437590-2456876942-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-3625402026-119437590-2456876942-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [146888 2014-08-21] (PC Utilities Software Limited)
HKU\S-1-5-21-3625402026-119437590-2456876942-1001\...\MountPoints2: {47b63da4-0703-11e3-be95-6c71d97ca53c} - "G:\SISetup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Sbrett21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...r=822417380&ir=
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...r=822417380&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: SiaalesMaagnet -> {181362E6-D453-9E7D-4FE3-1A89C9F5C03C} -> C:\ProgramData\SiaalesMaagnet\msTi3x.x64.dll ()
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SoftCoup -> {ABB41D36-4185-A866-AAED-2218DAC59B9F} -> C:\ProgramData\SoftCoup\erZiuEl1.x64.dll ()
BHO-x32: PrinceCOuepponu -> {04C5B37D-D579-8AAB-7DCA-C013BCD36D4A} -> C:\ProgramData\PrinceCOuepponu\PWNWVqH3Rh.dll ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: SoftCoup -> {ABB41D36-4185-A866-AAED-2218DAC59B9F} -> C:\ProgramData\SoftCoup\erZiuEl1.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-21]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://asus13.msn.com/
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_37_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtCtBtA0C0ByDtD0DyCtCtN0D0Tzu0SzyzztBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzzyC0EtD0FtB0DtGtByC0DtAtG0B0CzytCtG0C0B0DyDtGtByCtByEzy0Bzy0B0ByB0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyByBzy0DtC0E0CtG0DyDyD0FtGyEtDzz0AtG0ByByB0AtGtD0A0CyDtA0B0EyEzyyCtCtB2Q&cr=822417380&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-14]
CHR Extension: (Sidewise Tree Style Tabs) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiammgklaefagjclmnlialkmaemifgo [2014-09-24]
CHR Extension: (YouTube) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-21]
CHR Extension: (Form Filler) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-23]
CHR Extension: (Google Search) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-21]
CHR Extension: (avast! Online Security) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-16]
CHR StartMenuInternet: Google Chrome - chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3541448 2014-09-09] ()
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-07-23] () [File not signed]
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-16] (AVAST Software)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [1612784 2013-06-06] (GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 Update SmarterPower; "C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe" [X]
S2 Util SmarterPower; "C:\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-16] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [104184 2012-12-21] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-07-21] (Disc Soft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R1 {5eeb83d0-96ea-4249-942c-beead6847053}Gw64; C:\Windows\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys [61080 2014-09-08] (StdLib)
U0 msahci; No ImagePath
U4 Sepu3b_an; drv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-03 10:32 - 2014-10-03 10:32 - 00000000 ____D () C:\FRST
2014-09-24 02:24 - 2014-09-24 02:24 - 00000000 ____D () C:\ProgramData\SoftCoup
2014-09-23 16:56 - 2014-10-01 01:31 - 00000000 ____D () C:\ProgramData\SiaalesMaagnet
2014-09-18 00:19 - 2014-09-18 00:19 - 00000004 _____ () C:\Users\Sbrett21\AppData\Roaming\appdataFr2.bin
2014-09-18 00:18 - 2014-09-18 00:18 - 00000000 ____D () C:\ProgramData\GoldenCoupon
2014-09-16 02:32 - 2014-10-03 10:22 - 00000000 ___RD () C:\Users\Sbrett21\Dropbox
2014-09-16 02:32 - 2014-09-18 00:22 - 00000990 _____ () C:\Users\Sbrett21\Desktop\Dropbox.lnk
2014-09-16 02:31 - 2014-09-18 00:22 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-16 02:29 - 2014-10-03 10:22 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\Dropbox
2014-09-16 01:59 - 2014-09-16 01:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-16 01:59 - 2014-08-09 03:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-16 01:59 - 2014-08-09 03:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-16 00:24 - 2014-09-23 23:20 - 00000000 ____D () C:\ProgramData\PrinceCOuepponu
2014-09-14 00:00 - 2014-09-24 00:55 - 00000000 ____D () C:\ProgramData\LuckyyShuoPpeer
2014-09-12 01:50 - 2013-05-14 08:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 01:49 - 2014-08-16 04:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 01:49 - 2014-08-16 04:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 01:49 - 2014-08-16 04:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-12 01:49 - 2014-08-16 04:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 01:49 - 2014-08-16 04:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 01:49 - 2014-08-16 04:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 01:49 - 2014-08-16 04:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 01:49 - 2014-08-16 04:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 01:49 - 2014-08-16 02:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 01:49 - 2014-08-16 02:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 01:49 - 2014-08-16 02:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 01:09 - 2014-08-20 18:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-12 01:09 - 2014-08-20 12:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-12 01:09 - 2014-08-20 12:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-12 01:09 - 2014-08-20 12:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-12 01:09 - 2014-08-20 12:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-12 01:09 - 2014-08-20 12:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-12 01:09 - 2014-06-24 02:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-12 01:09 - 2014-06-24 01:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-12 01:09 - 2014-06-24 01:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-12 01:09 - 2014-06-24 01:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-12 01:09 - 2014-06-24 01:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-12 01:09 - 2014-06-23 23:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-12 01:09 - 2014-06-23 23:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-12 01:09 - 2014-06-23 23:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-12 00:47 - 2014-09-24 00:55 - 00000000 ____D () C:\ProgramData\QueeNCOUpon
2014-09-12 00:47 - 2014-07-31 18:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-12 00:46 - 2014-08-28 06:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 00:46 - 2014-08-28 01:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-12 00:46 - 2014-08-28 01:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-12 00:46 - 2014-08-28 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-12 00:46 - 2014-08-28 01:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-12 00:46 - 2014-08-28 01:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-12 00:46 - 2014-08-28 01:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-12 00:46 - 2014-06-04 20:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-12 00:46 - 2014-06-03 18:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-12 00:42 - 2014-09-04 17:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 00:42 - 2014-09-02 20:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 00:42 - 2014-07-23 22:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-12 00:42 - 2014-07-23 22:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-11 01:14 - 2014-09-24 02:24 - 00000000 ____D () C:\ProgramData\cb194563ee44ec1
2014-09-09 02:02 - 2014-10-01 09:02 - 00000065 _____ () C:\Users\Sbrett21\AppData\Roaming\WB.CFG
2014-09-09 01:10 - 2014-09-09 01:10 - 18607792 _____ (Adobe Systems Incorporated) C:\Users\Sbrett21\Downloads\install_flash_player_ax.exe
2014-09-09 01:06 - 2014-09-30 17:51 - 00003258 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-09 01:06 - 2014-09-09 01:06 - 00004034 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-09 01:06 - 2014-09-09 01:06 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\Optimizer Pro
2014-09-09 01:06 - 2014-09-08 13:23 - 00061080 _____ (StdLib) C:\Windows\system32\Drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys
2014-09-09 01:03 - 2014-09-11 00:51 - 00000000 ____D () C:\Program Files (x86)\SmarterPower
2014-09-09 01:02 - 2014-10-01 10:02 - 00000324 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-09-09 01:02 - 2014-09-09 01:02 - 00002662 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-09-09 01:01 - 2014-09-09 01:02 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\WSE_Astromenda
2014-09-09 01:01 - 2014-09-09 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-09-09 01:01 - 2014-09-09 01:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-03 10:32 - 2013-07-21 11:43 - 00000000 ____D () C:\Users\Sbrett21\Desktop\MISC
2014-10-03 10:22 - 2013-07-21 10:35 - 00000500 _____ () C:\Users\Sbrett21\AppData\Roaming\sp_data.sys
2014-10-03 10:21 - 2013-07-21 10:44 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 10:17 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 10:28 - 2013-07-21 10:32 - 01586993 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 10:03 - 2013-07-21 10:44 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 10:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-01 09:59 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-01 09:53 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-09-24 23:36 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-24 23:03 - 2012-08-02 03:40 - 00432016 _____ () C:\Windows\system32\prfh0804.dat
2014-09-24 23:03 - 2012-08-02 03:40 - 00132686 _____ () C:\Windows\system32\prfc0804.dat
2014-09-24 23:03 - 2012-08-02 03:35 - 00797120 _____ () C:\Windows\system32\perfh00A.dat
2014-09-24 23:03 - 2012-08-02 03:35 - 00162488 _____ () C:\Windows\system32\perfc00A.dat
2014-09-24 23:03 - 2012-07-26 02:28 - 02353978 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 02:14 - 2013-08-11 20:51 - 00000000 ____D () C:\Users\Sbrett21\Documents\Design
2014-09-24 00:32 - 2013-07-21 11:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-23 16:15 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-16 02:32 - 2013-07-21 10:32 - 00000000 ____D () C:\Users\Sbrett21
2014-09-16 02:02 - 2012-08-01 20:20 - 00124134 _____ () C:\Windows\PFRO.log
2014-09-16 02:00 - 2013-07-21 11:01 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-16 01:59 - 2014-06-22 01:38 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-16 01:59 - 2014-06-22 01:38 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-16 01:59 - 2013-07-21 11:01 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-14 00:37 - 2014-07-09 00:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-14 00:37 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-14 00:37 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-12 12:19 - 2013-07-23 19:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 01:49 - 2013-08-17 00:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 01:44 - 2013-07-22 22:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 00:50 - 2012-07-26 00:26 - 00000301 _____ () C:\Windows\win.ini
2014-09-09 01:01 - 2013-07-21 10:46 - 00002173 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-06 00:53 - 2014-07-18 22:29 - 00462672 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Sbrett21\AppData\Local\Temp\APNSetup.exe
C:\Users\Sbrett21\AppData\Local\Temp\CloudBackup4855.exe
C:\Users\Sbrett21\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm5ftaw.dll
C:\Users\Sbrett21\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Sbrett21\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Sbrett21\AppData\Local\Temp\optprosetup.exe
C:\Users\Sbrett21\AppData\Local\Temp\tfcokdmf.dll
C:\Users\Sbrett21\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Sbrett21\AppData\Local\Temp\xwb_h8l9.dll
C:\Users\Sbrett21\AppData\Local\Temp\zxan8mpn.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-01 08:50
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by Sbrett21 at 2014-10-03 10:33:55
Running from C:\Users\Sbrett21\Desktop\MISC
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Illustrator CS (HKLM-x32\...\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}) (Version: 11 - Adobe Systems, Inc.)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{16B50E0B-0243-FD0C-7B14-F538CF1E3E2B}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GoldenCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - GoldenCoupon) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 1.23 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.23 - Dominik Reichl)
LuckyyShuoPpeer (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version:  - LuckaYSHoppere)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PrinceCOuepponu (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version:  - PPrincECoupOn) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QueeNCOUpon (HKLM-x32\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version:  - QueenCoupaonn) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SiaalesMaagnet (HKLM-x32\...\{3119AFD3-545C-0955-573A-494F62E61990}) (Version:  - SalEsMaagnEt)
SoftCoup (HKLM-x32\...\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}) (Version:  - SoftCCoup)
TightVNC (HKLM-x32\...\{967FE692-A933-45CF-AF62-4E7862006042}) (Version: 2.7.7.0 - GlavSoft LLC.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3625402026-119437590-2456876942-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625402026-119437590-2456876942-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625402026-119437590-2456876942-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625402026-119437590-2456876942-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625402026-119437590-2456876942-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625402026-119437590-2456876942-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625402026-119437590-2456876942-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625402026-119437590-2456876942-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625402026-119437590-2456876942-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
16-09-2014 06:56:18 avast! antivirus system restore point
23-09-2014 21:15:21 Windows Update
30-09-2014 22:53:41 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D617F87-9855-484A-80EB-A25A2836E52B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {18DAFEC0-0D7F-4A00-8404-062287FDDACF} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {42A0C1F3-788E-4C3A-B595-8FD77D8401C7} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {4B867BA1-1CDC-48E0-87AC-D7467B5931A9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-16] (AVAST Software)
Task: {55FB359E-2CAC-4154-B8EC-FE053F94EE30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21] (Google Inc.)
Task: {5C78FC83-4522-4E41-9540-21C804E8D875} - System32\Tasks\WSE_Astromenda => C:\Users\Sbrett21\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-09-09] ()
Task: {6D568248-028C-4E0C-A255-410B19AFC3DD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {73242366-07AB-48C7-8D23-296E01CF9681} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {8652B2BB-7699-49C1-A39F-606280C73CD9} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-08-21] (PC Utilities Software Limited) <==== ATTENTION
Task: {8AC43AA5-6626-488D-AF37-A28AFAE6013D} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\Windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {A0C3A2AF-4875-4830-BEDD-F86AE8F5C9D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B3299547-80C0-44CB-B704-101FF9D9FF72} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E1F908F4-CCA1-4744-939D-0A7D19189A8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-12] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Sbrett21\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-20 19:24 - 2012-08-31 18:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2013-12-20 19:24 - 2012-08-31 18:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-08-10 20:28 - 2012-08-10 20:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-09-16 01:59 - 2014-09-16 01:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-30 17:21 - 2014-09-30 17:21 - 02867712 _____ () C:\Program Files\AVAST Software\Avast\defs\14093001\algo.dll
2014-10-03 10:19 - 2014-10-03 10:19 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100300\algo.dll
2014-09-09 01:01 - 2014-09-09 01:01 - 03541448 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-09-05 23:26 - 2014-08-29 21:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-05 23:26 - 2014-08-29 21:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-05 23:27 - 2014-08-29 21:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-05 23:27 - 2014-08-29 21:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-05 23:26 - 2014-08-29 21:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2012-09-11 16:01 - 2012-09-11 16:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-10-03 10:22 - 2014-10-03 10:22 - 00043008 _____ () c:\users\sbrett21\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm5ftaw.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-16 01:59 - 2014-09-16 01:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-08-04 20:23 - 2009-08-04 20:23 - 00063032 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
2009-08-04 20:23 - 2009-08-04 20:23 - 00075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
2014-09-05 23:27 - 2014-08-29 21:49 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3625402026-119437590-2456876942-500 - Administrator - Disabled)
Guest (S-1-5-21-3625402026-119437590-2456876942-501 - Limited - Disabled)
Sbrett21 (S-1-5-21-3625402026-119437590-2456876942-1001 - Administrator - Enabled) => C:\Users\Sbrett21
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/30/2014 05:23:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Stephanie)
Description: Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2014 05:23:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Stephanie)
Description: App Microsoft.BingNews_8wekyb3d8bbwe!AppexNews did not launch within its allotted time.
 
Error: (09/11/2014 01:33:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Stephanie)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/10/2014 00:05:51 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
 
Error: (08/10/2014 00:05:51 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: Outlook8
 
Error: (08/08/2014 10:59:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KeePass.exe, version: 1.23.0.0, time stamp: 0x4ff02944
Faulting module name: combase.dll, version: 6.2.9200.16420, time stamp: 0x505a976e
Exception code: 0xc0000005
Fault offset: 0x0001334f
Faulting process id: 0x1484
Faulting application start time: 0xKeePass.exe0
Faulting application path: KeePass.exe1
Faulting module path: KeePass.exe2
Report Id: KeePass.exe3
Faulting package full name: KeePass.exe4
Faulting package-relative application ID: KeePass.exe5
 
Error: (07/22/2014 01:14:04 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000150,0x00530194,0000000000000000,0,0000007C5E651090,4096,[0]).
 
 
Operation:
   Query Shadow Copies
 
Error: (07/09/2014 00:06:24 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/27/2014 08:23:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Stephanie)
Description: Activation of app Microsoft.FreshPaint_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/27/2014 08:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Stephanie)
Description: App Microsoft.FreshPaint_8wekyb3d8bbwe!App did not launch within its allotted time.
 
 
System errors:
=============
Error: (10/03/2014 10:17:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util SmarterPower service failed to start due to the following error: 
%%2
 
Error: (10/03/2014 10:17:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update SmarterPower service failed to start due to the following error: 
%%2
 
Error: (10/03/2014 10:16:46 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (10/01/2014 08:53:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2807986).
 
Error: (09/30/2014 05:57:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2807986).
 
Error: (09/24/2014 11:39:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util SmarterPower service failed to start due to the following error: 
%%2
 
Error: (09/24/2014 11:39:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update SmarterPower service failed to start due to the following error: 
%%2
 
Error: (09/24/2014 11:37:07 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (09/24/2014 11:36:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2807986).
 
Error: (09/24/2014 02:02:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util SmarterPower service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 38%
Total physical RAM: 5588.32 MB
Available physical RAM: 3433.14 MB
Total Pagefile: 6484.32 MB
Available Pagefile: 4089.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:225.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:397.87 GB) (Free:397.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 115DA0F7)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-03 10:38:38
-----------------------------
10:38:38.346    OS Version: Windows x64 6.2.9200 
10:38:38.347    Number of processors: 4 586 0x1001
10:38:38.348    ComputerName: STEPHANIE  UserName: Sbrett21
10:38:39.781    Initialize success
10:38:39.781    VM: initialized successfully
10:38:39.785    VM: Amd CPU supported virtualized 
10:38:59.528    VM: supported disk I/O storport.sys
10:39:02.535    AVAST engine defs: 14100300
10:40:22.529    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003a
10:40:22.534    Disk 0 Vendor: Hitachi_HTS547575A9E384 JE4OA60A Size: 715404MB BusType: 11
10:40:22.660    Disk 0 MBR read successfully
10:40:22.664    Disk 0 MBR scan
10:40:22.670    Disk 0 unknown MBR code
10:40:22.687    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
10:40:22.803    Disk 0 scanning C:\Windows\system32\drivers
10:40:33.471    Service scanning
10:41:01.312    Modules scanning
10:41:01.323    Disk 0 trace - called modules:
10:41:01.351    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
10:41:01.357    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c7e060]
10:41:01.363    3 CLASSPNP.SYS[fffff88001309e0a] -> nt!IofCallDriver -> [0xfffffa8006a0d040]
10:41:01.368    5 amd_xata.sys[fffff88001271634] -> nt!IofCallDriver -> \Device\0000003a[0xfffffa8006a11060]
10:41:02.632    AVAST engine scan C:\Windows
10:41:04.875    AVAST engine scan C:\Windows\system32
10:43:36.048    AVAST engine scan C:\Windows\system32\drivers
10:43:54.127    AVAST engine scan C:\Users\Sbrett21
10:47:28.824    AVAST engine scan C:\ProgramData
10:48:58.969    File: C:\ProgramData\SoftCoup\erZiuEl1.x64.dll  **INFECTED** Win64:Adware-gen [Adw]
10:48:59.322    Scan finished successfully
10:50:02.592    Disk 0 MBR has been saved successfully to "C:\Users\Sbrett21\Desktop\MISC\MBR.dat"
10:50:02.600    The log file has been saved successfully to "C:\Users\Sbrett21\Desktop\MISC\aswMBR.txt"
 

  • 0

#4
pystryker
Posted 03 October 2014 - 05:27 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Quote
Thank you so much for the help. Here are the logs.

You're quite welcome, let's start clearing away the rubbish. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls

Please uninstall the following programs from your machine as the are adware/malware related programs or can interfere with fixes.

  • GoldenCoupon - Adware/Malware Program
  • Optimizer Pro v3.2 - Malware Program
  • SiaalesMaagnet - Adware/Malware Program
  • PrinceCOuepponu - Adware/Malware Program
  • QueeNCOUpon - Adware/Malware Program
  • SoftCoup - Adware/Malware Program
  • LuckyyShuoPpeer - Adware/Malware Program
  • Daemon Tools Lite - Must be uninstalled as it can interfere with fixes.

Step 2: Fix with Farbar's Recovery Scan Tool


Note: Before running this step, please move FRST64.exe from C:\Users\Sbrett21\Desktop\MISC to your Desktop or the fix will not work.
  • Open notepad (Start =&gt;All Programs =&gt; Accessories =&gt; Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Quote
Start
Task: {6D568248-028C-4E0C-A255-410B19AFC3DD} - System32\Tasks\LaunchSignup =&gt; C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe &lt;==== ATTENTION
Task: {8652B2BB-7699-49C1-A39F-606280C73CD9} - System32\Tasks\Optimizer Pro Schedule =&gt; C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-08-21] (PC Utilities Software Limited) &lt;==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job =&gt; C:\Users\Sbrett21\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE &lt;==== ATTENTION
c:\Program Files (x86)\Optimizer Pro
C:\ProgramData\SoftCoup
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
HKLM-x32\...\Run: [] =&gt; [X]
HKU\S-1-5-21-3625402026-119437590-2456876942-1001\...\Run: [Optimizer Pro] =&gt; C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [146888 2014-08-21] (PC Utilities Software Limited)
HKU\S-1-5-21-3625402026-119437590-2456876942-1001\...\MountPoints2: {47b63da4-0703-11e3-be95-6c71d97ca53c} - "G:\SISetup.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...2417380&#38;ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...2417380&#38;ir=
BHO: SoftCoup -&gt; {ABB41D36-4185-A866-AAED-2218DAC59B9F} -&gt; C:\ProgramData\SoftCoup\erZiuEl1.x64.dll ()
BHO-x32: PrinceCOuepponu -&gt; {04C5B37D-D579-8AAB-7DCA-C013BCD36D4A} -&gt; C:\ProgramData\PrinceCOuepponu\PWNWVqH3Rh.dll ()
C:\ProgramData\PrinceCOuepponu
BHO: SiaalesMaagnet -&gt; {181362E6-D453-9E7D-4FE3-1A89C9F5C03C} -&gt; C:\ProgramData\SiaalesMaagnet\msTi3x.x64.dll ()
C:\ProgramData\SiaalesMaagnet
BHO-x32: SoftCoup -&gt; {ABB41D36-4185-A866-AAED-2218DAC59B9F} -&gt; C:\ProgramData\SoftCoup\erZiuEl1.dll ()
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
CHR StartupUrls: Default -&gt; "hxxp://astromenda.com/?f=7&amp;a=ast_dnldstr_14_37_ch&amp;cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtCtBtA0C0ByDtD0DyCtCtN0D0Tzu0SzyzztBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzzyC0EtD0FtB0DtGtByC0DtAtG0B0CzytCtG0C0B0DyDtGtByCtByEzy0Bzy0B0ByB0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyByBzy0DtC0E0CtG0DyDyD0FtGyEtDzz0AtG0ByByB0AtGtD0A0CyDtA0B0EyEzyyCtCtB2Q&amp;cr=822417380&amp;ir="
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction &lt;======= ATTENTION
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3541448 2014-09-09] ()
2014-09-24 02:24 - 2014-09-24 02:24 - 00000000 ____D () C:\ProgramData\SoftCoup
2014-09-23 16:56 - 2014-10-01 01:31 - 00000000 ____D () C:\ProgramData\SiaalesMaagnet
2014-09-18 00:18 - 2014-09-18 00:18 - 00000000 ____D () C:\ProgramData\GoldenCoupon
2014-09-16 00:24 - 2014-09-23 23:20 - 00000000 ____D () C:\ProgramData\PrinceCOuepponu
2014-09-14 00:00 - 2014-09-24 00:55 - 00000000 ____D () C:\ProgramData\LuckyyShuoPpeer
C:\ProgramData\QueeNCOUpon
2014-09-09 01:06 - 2014-09-30 17:51 - 00003258 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-09 01:06 - 2014-09-09 01:06 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\Optimizer Pro
2014-09-09 01:06 - 2014-09-08 13:23 - 00061080 _____ (StdLib) C:\Windows\system32\Drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys
2014-09-09 01:02 - 2014-10-01 10:02 - 00000324 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-09-09 01:02 - 2014-09-09 01:02 - 00002662 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-09-09 01:01 - 2014-09-09 01:02 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\WSE_Astromenda
2014-09-09 01:01 - 2014-09-09 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-09-09 01:01 - 2014-09-09 01:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Hosts:
Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each log as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log
  • 0

#5
sbrett21
Posted 03 October 2014 - 07:59 PM

sbrett21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Everything uninstalled except Optimizer Pro.  It gave me this error:  Runtime Error (at -1:0):Cannot import dll: <utf8>c:\ProgramFiles (x86)\OptimizerPro\OptProHelper.dll.

 

Here are the logs.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Sbrett21 at 2014-10-03 20:19:12 Run:1
Running from C:\Users\Sbrett21\Desktop
Loaded Profile: Sbrett21 (Available profiles: Sbrett21)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Quote
Start
Task: {6D568248-028C-4E0C-A255-410B19AFC3DD} - System32\Tasks\LaunchSignup =&gt; C:\PROGRAM Files (x86)\MyPC Backup\Signup WIZARD.exe &lt;==== ATTENTION
Task: {8652B2BB-7699-49C1-A39F-606280C73CD9} - System32\Tasks\Optimizer Pro Schedule =&gt; C:\PROGRAM Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-08-21] (PC Utilities Software Limited) &lt;==== ATTENTION
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job =&gt; C:\Users\Sbrett21\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE &lt;==== ATTENTION
c:\Program Files (x86)\Optimizer Pro
C:\ProgramData\SoftCoup
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
HKLM-x32\...\Run: [] =&gt; [X]
HKU\S-1-5-21-3625402026-119437590-2456876942-1001\...\Run: [Optimizer Pro] =&gt; C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [146888 2014-08-21] (PC Utilities Software Limited)
HKU\S-1-5-21-3625402026-119437590-2456876942-1001\...\MountPoints2: {47b63da4-0703-11e3-be95-6c71d97ca53c} - "G:\SISetup.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...2417380&#38;ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...2417380&#38;ir=
BHO: SoftCoup -&gt; {ABB41D36-4185-A866-AAED-2218DAC59B9F} -&gt; C:\ProgramData\SoftCoup\erZiuEl1.x64.dll ()
BHO-x32: PrinceCOuepponu -&gt; {04C5B37D-D579-8AAB-7DCA-C013BCD36D4A} -&gt; C:\ProgramData\PrinceCOuepponu\PWNWVqH3Rh.dll ()
C:\ProgramData\PrinceCOuepponu
BHO: SiaalesMaagnet -&gt; {181362E6-D453-9E7D-4FE3-1A89C9F5C03C} -&gt; C:\ProgramData\SiaalesMaagnet\msTi3x.x64.dll ()
C:\ProgramData\SiaalesMaagnet
BHO-x32: SoftCoup -&gt; {ABB41D36-4185-A866-AAED-2218DAC59B9F} -&gt; C:\ProgramData\SoftCoup\erZiuEl1.dll ()
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
CHR StartupUrls: Default -&gt; "hxxp://astromenda.com/?f=7&amp;a=ast_dnldstr_14_37_ch&amp;cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BtCtBtA0C0ByDtD0DyCtCtN0D0Tzu0SzyzztBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzzyC0EtD0FtB0DtGtByC0DtAtG0B0CzytCtG0C0B0DyDtGtByCtByEzy0Bzy0B0ByB0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyByBzy0DtC0E0CtG0DyDyD0FtGyEtDzz0AtG0ByByB0AtGtD0A0CyDtA0B0EyEzyyCtCtB2Q&amp;cr=822417380&amp;ir="
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction &lt;======= ATTENTION
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3541448 2014-09-09] ()
2014-09-24 02:24 - 2014-09-24 02:24 - 00000000 ____D () C:\ProgramData\SoftCoup
2014-09-23 16:56 - 2014-10-01 01:31 - 00000000 ____D () C:\ProgramData\SiaalesMaagnet
2014-09-18 00:18 - 2014-09-18 00:18 - 00000000 ____D () C:\ProgramData\GoldenCoupon
2014-09-16 00:24 - 2014-09-23 23:20 - 00000000 ____D () C:\ProgramData\PrinceCOuepponu
2014-09-14 00:00 - 2014-09-24 00:55 - 00000000 ____D () C:\ProgramData\LuckyyShuoPpeer
C:\ProgramData\QueeNCOUpon
2014-09-09 01:06 - 2014-09-30 17:51 - 00003258 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-09 01:06 - 2014-09-09 01:06 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\Optimizer Pro
2014-09-09 01:06 - 2014-09-08 13:23 - 00061080 _____ (StdLib) C:\Windows\system32\DRIVERS\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys
2014-09-09 01:02 - 2014-10-01 10:02 - 00000324 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-09-09 01:02 - 2014-09-09 01:02 - 00002662 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-09-09 01:01 - 2014-09-09 01:02 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\WSE_Astromenda
2014-09-09 01:01 - 2014-09-09 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-09-09 01:01 - 2014-09-09 01:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Hosts:
Emptytemp:
End
*****************
 
Quote => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D568248-028C-4E0C-A255-410B19AFC3DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D568248-028C-4E0C-A255-410B19AFC3DD}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup =&gt; C:\PROGRAM Files (x86)\MyPC Backup\Signup WIZARD.exe &lt;==== ATTENTION not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup =&gt; C:\PROGRAM Files (x86)\MyPC Backup\Signup WIZARD.exe &lt;==== ATTENTION" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8652B2BB-7699-49C1-A39F-606280C73CD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8652B2BB-7699-49C1-A39F-606280C73CD9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule =&gt; C:\PROGRAM Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-08-21] (PC Utilities Software Limited) &lt;==== ATTENTION not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule =&gt; C:\PROGRAM Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-08-21] (PC Utilities Software Limited) &lt;==== ATTENTION" => Key not found.
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job =&gt; C:\Users\Sbrett21\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE &lt;==== ATTENTION not found.
c:\Program Files (x86)\Optimizer Pro => Moved successfully.
C:\ProgramData\SoftCoup => Moved successfully.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HKLM-x32\...\Run: [] =&gt; [X] => Value not found.
HKU\S-1-5-21-3625402026-119437590-2456876942-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3625402026-119437590-2456876942-1001\...\Run: [Optimizer Pro] =&gt; C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [146888 2014-08-21] (PC Utilities Software Limited) => Value not found.
"HKU\S-1-5-21-3625402026-119437590-2456876942-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47b63da4-0703-11e3-be95-6c71d97ca53c}" => Key deleted successfully.
"HKCR\CLSID\{47b63da4-0703-11e3-be95-6c71d97ca53c}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: SoftCoup -&gt; {ABB41D36-4185-A866-AAED-2218DAC59B9F} -&gt; C:\ProgramData\SoftCoup\erZiuEl1.x64.dll ()" => Key not found.
"HKCR\CLSID\BHO: SoftCoup -&gt; {ABB41D36-4185-A866-AAED-2218DAC59B9F} -&gt; C:\ProgramData\SoftCoup\erZiuEl1.x64.dll ()" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO-x32: PrinceCOuepponu -&gt; {04C5B37D-D579-8AAB-7DCA-C013BCD36D4A} -&gt; C:\ProgramData\PrinceCOuepponu\PWNWVqH3Rh.dll ()" => Key not found.
"HKCR\Wow6432Node\CLSID\BHO-x32: PrinceCOuepponu -&gt; {04C5B37D-D579-8AAB-7DCA-C013BCD36D4A} -&gt; C:\ProgramData\PrinceCOuepponu\PWNWVqH3Rh.dll ()" => Key not found.
C:\ProgramData\PrinceCOuepponu => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: SiaalesMaagnet -&gt; {181362E6-D453-9E7D-4FE3-1A89C9F5C03C} -&gt; C:\ProgramData\SiaalesMaagnet\msTi3x.x64.dll ()" => Key not found.
"HKCR\CLSID\BHO: SiaalesMaagnet -&gt; {181362E6-D453-9E7D-4FE3-1A89C9F5C03C} -&gt; C:\ProgramData\SiaalesMaagnet\msTi3x.x64.dll ()" => Key not found.
C:\ProgramData\SiaalesMaagnet => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO-x32: SoftCoup -&gt; {ABB41D36-4185-A866-AAED-2218DAC59B9F} -&gt; C:\ProgramData\SoftCoup\erZiuEl1.dll ()" => Key not found.
"HKCR\Wow6432Node\CLSID\BHO-x32: SoftCoup -&gt; {ABB41D36-4185-A866-AAED-2218DAC59B9F} -&gt; C:\ProgramData\SoftCoup\erZiuEl1.dll ()" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
70e6ca8c => Service deleted successfully.
"C:\ProgramData\SoftCoup" => File/Directory not found.
"C:\ProgramData\SiaalesMaagnet" => File/Directory not found.
C:\ProgramData\GoldenCoupon => Moved successfully.
"C:\ProgramData\PrinceCOuepponu" => File/Directory not found.
C:\ProgramData\LuckyyShuoPpeer => Moved successfully.
C:\ProgramData\QueeNCOUpon => Moved successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
C:\Users\Sbrett21\AppData\Roaming\Optimizer Pro => Moved successfully.
C:\Windows\system32\DRIVERS\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys => Moved successfully.
C:\Windows\Tasks\WSE_Astromenda.job => Moved successfully.
C:\Windows\System32\Tasks\WSE_Astromenda => Moved successfully.
C:\Users\Sbrett21\AppData\Roaming\WSE_Astromenda => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 => Moved successfully.
"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 680.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 8 x64
Ran by Sbrett21 on Fri 10/03/2014 at 20:29:46.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Sbrett21\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Sbrett21\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Sbrett21\appdata\local\google\chrome\user data\default\local storage\https_static.livelyrics00.live-lyrics.com_0.localstorage"
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/03/2014 at 20:35:40.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v3.311 - Report created 03/10/2014 at 20:46:12
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Sbrett21 - STEPHANIE
# Running from : C:\Users\Sbrett21\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : {5eeb83d0-96ea-4249-942c-beead6847053}Gw64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\SmarterPower
File Deleted : C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : WSE_Astromenda
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Classes\PPrincECoupOn.PPrincECoupOn
Key Deleted : HKLM\SOFTWARE\Classes\PPrincECoupOn.PPrincECoupOn.1.5
Key Deleted : HKLM\SOFTWARE\Classes\SalEsMaagnEt.SalEsMaagnEt
Key Deleted : HKLM\SOFTWARE\Classes\SalEsMaagnEt.SalEsMaagnEt.1.8
Key Deleted : HKLM\SOFTWARE\Classes\QueenCoupaonn.QueenCoupaonn
Key Deleted : HKLM\SOFTWARE\Classes\QueenCoupaonn.QueenCoupaonn.1.4
Key Deleted : HKLM\SOFTWARE\Classes\SoftCCoup.SoftCCoup
Key Deleted : HKLM\SOFTWARE\Classes\SoftCCoup.SoftCCoup.3.12
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04C5B37D-D579-8AAB-7DCA-C013BCD36D4A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{181362E6-D453-9E7D-4FE3-1A89C9F5C03C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2ED95684-669F-EB65-0221-72DB2C71BF15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ABB41D36-4185-A866-AAED-2218DAC59B9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04C5B37D-D579-8AAB-7DCA-C013BCD36D4A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB41D36-4185-A866-AAED-2218DAC59B9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04C5B37D-D579-8AAB-7DCA-C013BCD36D4A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{181362E6-D453-9E7D-4FE3-1A89C9F5C03C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2ED95684-669F-EB65-0221-72DB2C71BF15}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ABB41D36-4185-A866-AAED-2218DAC59B9F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{04C5B37D-D579-8AAB-7DCA-C013BCD36D4A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{181362E6-D453-9E7D-4FE3-1A89C9F5C03C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2ED95684-669F-EB65-0221-72DB2C71BF15}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{ABB41D36-4185-A866-AAED-2218DAC59B9F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{181362E6-D453-9E7D-4FE3-1A89C9F5C03C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB41D36-4185-A866-AAED-2218DAC59B9F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5798 octets] - [03/10/2014 20:42:54]
AdwCleaner[S0].txt - [5359 octets] - [03/10/2014 20:46:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5419 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Sbrett21 (administrator) on STEPHANIE on 03-10-2014 20:51:14
Running from C:\Users\Sbrett21\Desktop
Loaded Profile: Sbrett21 (Available profiles: Sbrett21)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
 
 

  • 0

#6
pystryker
Posted 03 October 2014 - 08:06 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hi :)

Everything is looking good so far. We've removed the Optimizer Pro via the fixes, so no worries that it wouldn't uninstall. However, the fresh FRST log is incomplete. Please repost that log, located here C:\Users\Sbrett21\Desktop and we can continue. :thumbsup:
  • 0

#7
sbrett21
Posted 04 October 2014 - 08:53 AM

sbrett21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I'm at work all day and will reply asap on Sunday, thanks for the help.


  • 0

#8
pystryker
Posted 04 October 2014 - 09:02 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
No worries. We will do this on the schedule that works best for you. :)
  • 0

#9
sbrett21
Posted 05 October 2014 - 10:34 AM

sbrett21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here it is again...didn't realize I missed some of it.  It wouldn't copy part of the Registry Whitelisted Section, so I pieced it together for you.  Here is the problem row:

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA
\RAVCpl64.exe -s ram Files (x86)\Bluetooth Suite\BtTray.exe
[764032 2012-08-10] (Qualcomm Atheros)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Sbrett21 (administrator) on STEPHANIE on 03-10-2014 20:51:14
Running from C:\Users\Sbrett21\Desktop
Loaded Profile: Sbrett21 (Available profiles: Sbrett21)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
 
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA
\RAVCpl64.exe -s ram Files (x86)\Bluetooth Suite\BtTray.exe
[764032 2012-08-10] (Qualcomm Atheros)
 
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [1612784 2013-06-06] (GlavSoft LLC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-16] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Sbrett21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sbrett21\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-21]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-14]
CHR Extension: (Sidewise Tree Style Tabs) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiammgklaefagjclmnlialkmaemifgo [2014-09-24]
CHR Extension: (YouTube) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-21]
CHR Extension: (Form Filler) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-23]
CHR Extension: (Google Search) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-21]
CHR Extension: (avast! Online Security) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-07-23] () [File not signed]
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-16] (AVAST Software)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [1612784 2013-06-06] (GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 Update SmarterPower; "C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe" [X]
S2 Util SmarterPower; "C:\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-16] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [104184 2012-12-21] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
U0 msahci; No ImagePath
U4 Sepu3b_an; drv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-03 20:51 - 2014-10-03 20:51 - 00017254 _____ () C:\Users\Sbrett21\Desktop\FRST.txt
2014-10-03 20:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-03 20:41 - 2014-10-03 20:46 - 00000000 ____D () C:\AdwCleaner
2014-10-03 20:40 - 2014-10-03 20:41 - 01375089 _____ () C:\Users\Sbrett21\Desktop\AdwCleaner.exe
2014-10-03 20:35 - 2014-10-03 20:35 - 00001494 _____ () C:\Users\Sbrett21\Desktop\JRT.txt
2014-10-03 20:27 - 2014-10-03 20:27 - 01702068 _____ (Thisisu) C:\Users\Sbrett21\Desktop\JRT.exe
2014-10-03 10:32 - 2014-10-03 20:51 - 00000000 ____D () C:\FRST
2014-10-03 10:30 - 2014-10-03 10:30 - 02109440 _____ (Farbar) C:\Users\Sbrett21\Desktop\FRST64.exe
2014-09-18 00:19 - 2014-09-18 00:19 - 00000004 _____ () C:\Users\Sbrett21\AppData\Roaming\appdataFr2.bin
2014-09-16 02:32 - 2014-10-03 20:50 - 00000000 ___RD () C:\Users\Sbrett21\Dropbox
2014-09-16 02:32 - 2014-09-18 00:22 - 00000990 _____ () C:\Users\Sbrett21\Desktop\Dropbox.lnk
2014-09-16 02:31 - 2014-09-18 00:22 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-16 02:29 - 2014-10-03 20:50 - 00000000 ____D () C:\Users\Sbrett21\AppData\Roaming\Dropbox
2014-09-16 01:59 - 2014-09-16 01:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-16 01:59 - 2014-08-09 03:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-16 01:59 - 2014-08-09 03:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-12 01:50 - 2013-05-14 08:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 01:49 - 2014-08-16 04:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 01:49 - 2014-08-16 04:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 01:49 - 2014-08-16 04:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-12 01:49 - 2014-08-16 04:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 01:49 - 2014-08-16 04:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 01:49 - 2014-08-16 04:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 01:49 - 2014-08-16 04:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 01:49 - 2014-08-16 04:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 01:49 - 2014-08-16 04:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 01:49 - 2014-08-16 02:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 01:49 - 2014-08-16 02:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 01:49 - 2014-08-16 02:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 01:49 - 2014-08-16 02:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 01:09 - 2014-08-20 18:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-12 01:09 - 2014-08-20 12:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-12 01:09 - 2014-08-20 12:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-12 01:09 - 2014-08-20 12:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-12 01:09 - 2014-08-20 12:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-12 01:09 - 2014-08-20 12:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-12 01:09 - 2014-06-24 02:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-12 01:09 - 2014-06-24 01:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-12 01:09 - 2014-06-24 01:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-12 01:09 - 2014-06-24 01:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-12 01:09 - 2014-06-24 01:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-12 01:09 - 2014-06-23 23:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-12 01:09 - 2014-06-23 23:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-12 01:09 - 2014-06-23 23:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-12 00:47 - 2014-07-31 18:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-12 00:46 - 2014-08-28 06:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 00:46 - 2014-08-28 01:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-12 00:46 - 2014-08-28 01:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-12 00:46 - 2014-08-28 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-12 00:46 - 2014-08-28 01:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-12 00:46 - 2014-08-28 01:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-12 00:46 - 2014-08-28 01:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 00:46 - 2014-08-28 01:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-12 00:46 - 2014-06-04 20:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-12 00:46 - 2014-06-03 18:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-12 00:42 - 2014-09-04 17:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 00:42 - 2014-09-02 20:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 00:42 - 2014-07-23 22:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-12 00:42 - 2014-07-23 22:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-11 01:14 - 2014-09-24 02:24 - 00000000 ____D () C:\ProgramData\cb194563ee44ec1
2014-09-09 02:02 - 2014-10-03 11:02 - 00000062 _____ () C:\Users\Sbrett21\AppData\Roaming\WB.CFG
2014-09-09 01:10 - 2014-09-09 01:10 - 18607792 _____ (Adobe Systems Incorporated) C:\Users\Sbrett21\Downloads\install_flash_player_ax.exe
2014-09-09 01:06 - 2014-09-09 01:06 - 00004034 _____ () C:\Windows\System32\Tasks\LaunchSignup
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-03 20:49 - 2013-07-21 10:44 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 20:49 - 2013-07-21 10:35 - 00000500 _____ () C:\Users\Sbrett21\AppData\Roaming\sp_data.sys
2014-10-03 20:49 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 20:48 - 2012-08-01 20:20 - 00156636 _____ () C:\Windows\PFRO.log
2014-10-03 20:37 - 2013-07-21 10:40 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3625402026-119437590-2456876942-1001
2014-10-03 20:31 - 2013-07-21 10:46 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-03 20:21 - 2013-07-21 10:32 - 01662259 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 20:21 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-03 20:14 - 2013-07-21 11:43 - 00000000 ____D () C:\Users\Sbrett21\Desktop\MISC
2014-10-03 20:03 - 2013-07-21 10:44 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 20:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-03 12:04 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-01 09:53 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-09-24 23:03 - 2012-08-02 03:40 - 00432016 _____ () C:\Windows\system32\prfh0804.dat
2014-09-24 23:03 - 2012-08-02 03:40 - 00132686 _____ () C:\Windows\system32\prfc0804.dat
2014-09-24 23:03 - 2012-08-02 03:35 - 00797120 _____ () C:\Windows\system32\perfh00A.dat
2014-09-24 23:03 - 2012-08-02 03:35 - 00162488 _____ () C:\Windows\system32\perfc00A.dat
2014-09-24 23:03 - 2012-07-26 02:28 - 02353978 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 02:14 - 2013-08-11 20:51 - 00000000 ____D () C:\Users\Sbrett21\Documents\Design
2014-09-24 00:32 - 2013-07-21 11:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-23 16:15 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-16 02:32 - 2013-07-21 10:32 - 00000000 ____D () C:\Users\Sbrett21
2014-09-16 02:00 - 2013-07-21 11:01 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-16 01:59 - 2014-06-22 01:38 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-16 01:59 - 2014-06-22 01:38 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-16 01:59 - 2013-07-21 11:01 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-16 01:59 - 2013-07-21 11:01 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-14 00:37 - 2014-07-09 00:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-14 00:37 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-14 00:37 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-12 12:19 - 2013-07-23 19:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 01:49 - 2013-08-17 00:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 01:44 - 2013-07-22 22:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 00:50 - 2012-07-26 00:26 - 00000301 _____ () C:\Windows\win.ini
2014-09-06 00:53 - 2014-07-18 22:29 - 00462672 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Some content of TEMP:
====================
C:\Users\Sbrett21\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnvxpk8.dll
C:\Users\Sbrett21\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-01 08:50
 
==================== End Of Log ============================
 

  • 0

#10
pystryker
Posted 05 October 2014 - 11:51 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Here it is again...didn't realize I missed some of it. It wouldn't copy part of the Registry Whitelisted Section, so I pieced it together for you. Here is the problem row:


No worries. :)

That log looks good, just a few items to remove. Let's remove those and run a scan for remnants. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
HKLM-x32\...\Run: [] => [X]
S2 Update SmarterPower; "C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe" [X]
S2 Util SmarterPower; "C:\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe" [X]
C:\Program Files (x86)\SmarterPower
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 2: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 3: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 4: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:

Please post each log as a separate reply to this thread.
  • Fixlog.txt Log
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

Advertisements

#11
sbrett21
Posted 06 October 2014 - 11:02 AM

sbrett21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thank you!  Here are the following logs.  Going to work now.  Will check for next post later tonight.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014
Ran by Sbrett21 at 2014-10-06 09:23:00 Run:2
Running from C:\Users\Sbrett21\Desktop
Loaded Profile: Sbrett21 (Available profiles: Sbrett21)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] => [X]
S2 Update SmarterPower; "C:\PROGRAM Files (x86)\SmarterPower\updateSmarterPower.exe" [X]
S2 Util SmarterPower; "C:\PROGRAM Files (x86)\SmarterPower\bin\utilSmarterPower.exe" [X]
C:\Program Files (x86)\SmarterPower
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
Update SmarterPower => Service deleted successfully.
Util SmarterPower => Service deleted successfully.
"C:\Program Files (x86)\SmarterPower" => File/Directory not found.
 
==== End of Fixlog ====
 
 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=10.00.9200.16384 (win8_rtm.120725-1247)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a6f83bf7ab4fbd4ca07c8aa23fc3f082
# engine=20466
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-06 04:18:38
# local_time=2014-10-06 11:18:38 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 0 176111207 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11897085 72032028 0 0
# scanned=207725
# found=9
# cleaned=0
# scan_time=3809
sh=B053662DF60BC86E87201FFFA40D1784DB85CE9D ft=1 fh=c6a22e88dc88a6c2 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\FRST\Quarantine\c\Program Files (x86)\Optimizer Pro\OptimizerPro.exe"
sh=2EFF65173426CA303DEC447D66028552629836D5 ft=1 fh=c558ef1fba628ede vn="a variant of Win32/SProtector.I potentially unwanted application" ac=I fn="C:\FRST\Quarantine\c\Program Files (x86)\Optimizer Pro\OptProCrash.dll"
sh=E0B82A0B9AFC76932FFDCA4135D8A3F4F5380C60 ft=1 fh=2a6536f89befb737 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\FRST\Quarantine\c\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe"
sh=313FD0EA84441CB6B63B87EE5A32B7DE9DAE8FCD ft=1 fh=c71c001137c197ca vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\FRST\Quarantine\c\ProgramData\PrinceCOuepponu\PWNWVqH3Rh.dll"
sh=0579AA6B1D14FEEE66B3CB9FBF3B7878A3D05B1D ft=1 fh=3561a569b4dced75 vn="a variant of Win64/Adware.MultiPlug.E application" ac=I fn="C:\FRST\Quarantine\c\ProgramData\SiaalesMaagnet\msTi3x.x64.dll"
sh=007253FCA0EDB5BAC9E478ED5FAA8ED1F8750F8E ft=1 fh=c71c00110477771c vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\FRST\Quarantine\c\ProgramData\SoftCoup\erZiuEl1.dll"
sh=2590FE374AB67ED7E85A9B77CE68F95D14D4AEE4 ft=1 fh=7b5cbfe48c397aac vn="a variant of Win64/Adware.MultiPlug.E application" ac=I fn="C:\FRST\Quarantine\c\ProgramData\SoftCoup\erZiuEl1.x64.dll"
sh=CA45A9088B82F931D315F63714451D53CD27FCBA ft=1 fh=f33d21e5bbdb9c64 vn="a variant of Win64/Riskware.NetFilter.F application" ac=I fn="C:\FRST\Quarantine\c\Windows\System32\DRIVERS\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys.xBAD"
sh=08EE476DD3491B0D08ED4074A421187D966DC5E6 ft=1 fh=938a6170142c749c vn="Win32/DownWare.L potentially unwanted application" ac=I fn="C:\Users\Sbrett21\Downloads\DAEMONToolsUltra110-0103.exe"
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/6/2014
Scan Time: 9:31:20 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.06.06
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Sbrett21
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308195
Time Elapsed: 19 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
PUP.Optional.OpenCandy, C:\Users\Sbrett21\Downloads\DTLite4471-0335.exe, Quarantined, [a5e0f6f90873ee484ce1b6842bdaa35d], 
PUP.Optional.Soft32.A, C:\Users\Sbrett21\Downloads\screenhunter free setup.exe, Quarantined, [3e470be483f8ca6c2978e4660cf5916f], 
PUP.Optional.ReMarkable.A, C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Delete-on-Reboot, [bbca3db2f68555e14febe89807fda957], 
PUP.Optional.ReMarkable.A, C:\Users\Sbrett21\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Delete-on-Reboot, [c8bd618e16653600be7c710f9c6824dc], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 

 Results of screen317's Security Check version 0.99.88  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.124  
 Google Chrome update.dll..  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

  • 0

#12
pystryker
Posted 06 October 2014 - 06:47 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

I see one infected file, let's deal with that. Then we'll have some tidying up to do. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Users\Sbrett21\Downloads\DAEMONToolsUltra110-0103.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log
  • 0

#13
sbrett21
Posted 07 October 2014 - 09:03 AM

sbrett21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thank you!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014
Ran by Sbrett21 at 2014-10-07 10:01:34 Run:3
Running from C:\Users\Sbrett21\Desktop
Loaded Profile: Sbrett21 (Available profiles: Sbrett21)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Users\Sbrett21\Downloads\DAEMONToolsUltra110-0103.exe
End
*****************
 
C:\Users\Sbrett21\Downloads\DAEMONToolsUltra110-0103.exe => Moved successfully.
 
==== End of Fixlog ====

  • 0

#14
pystryker
Posted 07 October 2014 - 07:01 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
  • I'll also have some tips and information to help protect you in the future.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Java Warning and Program Updates


Your current version of Java is out of date, however,before you update it, please read the information below.

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa
  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Updating Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the options to uninstall any of the Chrome items.
Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Optional Installation of Unchecky

Do not use P2P programs, as the files downloaded are almost always infected to a varying degree.

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:

Things I need to see in your next post:

Delfix Log
  • 0

#15
sbrett21
Posted 08 October 2014 - 09:30 AM

sbrett21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thanks, that's great news...but I think I still have a problem.  While on this page (trying to write this response) I get a popup message saying "The page at sl30.ststny.com says: warning!!! your java version is outdated, have security risks, please update now!"  I try to close by clicking the x and it goes to a java update page...then I get a big red avast screen that says warning: phishing attack ahead...then avast blocks a harmful web page.

 

Should I do all your instructions, or is there more to do?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP