Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How to get rid of URL:MAL [Solved]

URL:MAL

  • This topic is locked This topic is locked

#16
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I can't figure out how to post a screen shot. But the last warning I got today was:

 

URL: http://8941180.secur...d=254&lid 10107

 

Infection: URL:Mal

 

Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


  • 0

Advertisements


#17
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
HiHelen, I believe that we can narrow this down even more with the help of the files you provided.
 
First, uninstall some programs
 

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

pdfforge Toolbar v9.3
Shopping InContext
Smilebox



To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.a fres


Second, a fresh set of FRST logs

If you still have a Addition.txt log file on your desktop, please delete it now.

Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator".

The tool will start to run.

When the tool opens click Yes to disclaimer. (If it does.)

The tool will check for an updated version and auto-update itself if there is one. Please allow this to happen and the tool will inform you of when it is ready to run.

Select Additional.txt in the Optional Scans section of FRST64.

Press Scan button.

It will make two logs (FRST.txt and addition.txt) on your Desktop. Please open the logs in notepad (FRST should do this for you automatically at the end of the scan), copy the logs and paste them in a reply message here.
 
 
Information to Reply with >>>>
  • How did the uninstalls go?  Did all of them uninstall without a error?
  • The FRST.txt log text.
  • The Addition.txt log text.
  • Any questions or concerns?  How is the system running now?

  • 0

#18
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I'm still getting Threat Detected Warnings. Even when I'm not using the web browser, it's open, but I'm working in Quickbooks, I still get warnings.

 

It wouldn't let me uninstall pdffordge Toolbar v9.3. Windows Installer opens and says I need the CD-ROM or other removable disk or finding pdfforge Toolbar.msi in a folder, which I didn't find through search.

 

I uninstalled Shopping InContext and Smilebox and restarted my computer.

 

Here's the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Nakamoto (administrator) on NAKAMOTO-PC on 16-12-2014 07:00:28
Running from C:\Users\Nakamoto\Desktop
Loaded Profile: Nakamoto (Available profiles: Nakamoto)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Dropbox, Inc.) C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-12-08] (Simply Super Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650536 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-13] (SUPERAntiSpyware)
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Nakamoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [a_MiMediaFiles_MonitoredFolder] -> {C00213B1-77A8-4F0E-B740-0B36FBF7FAE7} => C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll (MiMedia)
ShellIconOverlayIdentifiers: [a_MiMediaFiles_SynchronizationPending] -> {FAD5EA38-2D1D-485D-9B07-D35EB72B922E} => C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll (MiMedia)
ShellIconOverlayIdentifiers: [a_MiMediaFiles_Synchronized] -> {69DE75F6-60E6-4E55-B416-171941A5C73E} => C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll (MiMedia)
ShellIconOverlayIdentifiers-x32: [_MiMediaFiles_MonitoredFolder] -> {C00213B1-77A8-4F0E-B740-0B36FBF7FAE7} => C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [_MiMediaFiles_SynchronizationPending] -> {FAD5EA38-2D1D-485D-9B07-D35EB72B922E} => C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [_MiMediaFiles_Synchronized] -> {69DE75F6-60E6-4E55-B416-171941A5C73E} => C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll (TODO: <Company name>)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {37B0E162-0ECD-4FF8-B1CB-139434BB2D5C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {37B0E162-0ECD-4FF8-B1CB-139434BB2D5C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000 -> {0A0AAFDF-1D7E-4A8A-BEC7-C1423D1D6917} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000 -> {37B0E162-0ECD-4FF8-B1CB-139434BB2D5C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Tcpip\Parameters: [DhcpNameServer] 24.25.227.55 209.18.47.61 24.25.227.53
 
FireFox:
========
FF ProfilePath: C:\Users\Nakamoto\AppData\Roaming\Mozilla\Firefox\Profiles\5g2iigem.default-1416507301759
FF DefaultSearchEngine: Google (avast)
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3728143812-4245075021-3154152335-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Nakamoto\AppData\Roaming\Mozilla\Firefox\Profiles\5g2iigem.default-1416507301759\searchplugins\google-avast.xml
FF Extension: Bitdefender QuickScan - C:\Users\Nakamoto\AppData\Roaming\Mozilla\Firefox\Profiles\5g2iigem.default-1416507301759\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-11-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-07]
FF Extension: No Name - [email protected] [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.yahoo.co...st&type=odc179"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Nakamoto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Profile: C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-26]
CHR Extension: (YouTube) - C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-29]
CHR Extension: (Google Search) - C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-29]
CHR Extension: (Chromebleed) - C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-16]
CHR Extension: (Avast Online Security) - C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Users\Nakamoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-07]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-07-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-07] (AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-12] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-07-21] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-10] (Enigma Software Group USA, LLC.)
S2 SearchProtectionService; "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-07] (AVAST Software)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-05-25] (EldoS Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-12] (Emsisoft GmbH)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-10] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-11-10] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2008-01-15] (PixArt Imaging Inc.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1041000 2012-01-31] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-09] ()
R3 xMrMini64; C:\Windows\System32\DRIVERS\xMrMini64.sys [282752 2010-01-25] (Magic Control Technology Corp.)
R3 xVGAMINI64; C:\Windows\System32\DRIVERS\xVgaMini64.sys [286336 2010-01-25] (Magic Control Technology Corp.)
S3 xVGAUSB64; C:\Windows\System32\drivers\xvgausb64.sys [52224 2010-01-25] (Magic Control Technology Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-14 15:20 - 2014-12-14 15:20 - 02166272 _____ () C:\Users\Nakamoto\Desktop\AdwCleaner.exe
2014-12-13 11:40 - 2014-12-13 11:40 - 00000000 ____D () C:\Users\Nakamoto\Desktop\FRST-OlderVersion
2014-12-11 18:54 - 2014-12-16 07:00 - 00028259 _____ () C:\Users\Nakamoto\Desktop\FRST.txt
2014-12-11 18:53 - 2014-12-16 07:00 - 00000000 ____D () C:\FRST
2014-12-11 18:45 - 2014-12-13 11:40 - 02119168 _____ (Farbar) C:\Users\Nakamoto\Desktop\FRST64.exe
2014-12-11 09:52 - 2014-12-11 09:52 - 00088096 _____ () C:\Users\Nakamoto\Desktop\Extras.Txt
2014-12-11 09:51 - 2014-12-11 09:51 - 00163700 _____ () C:\Users\Nakamoto\Desktop\OTL.Txt
2014-12-11 08:33 - 2014-12-11 08:38 - 00602112 _____ (OldTimer Tools) C:\Users\Nakamoto\Desktop\OTL.exe
2014-12-11 07:51 - 2014-12-11 08:00 - 00000000 ___DC () C:\Users\Nakamoto\AppData\Local\MigWiz
2014-12-10 13:30 - 2014-12-10 13:47 - 00000000 ____D () C:\Users\Nakamoto\Desktop\TrendMicro AntiThreat Toolkit
2014-12-10 10:21 - 2014-12-10 10:24 - 00000000 ___SD () C:\ComboFix
2014-12-10 04:12 - 2014-12-10 04:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:26 - 2014-10-17 16:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:26 - 2014-10-17 15:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:26 - 2014-07-06 16:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:26 - 2014-07-06 16:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:26 - 2014-07-06 16:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:26 - 2014-07-06 16:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:26 - 2014-07-06 15:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:26 - 2014-07-06 15:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:26 - 2014-07-06 15:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:26 - 2014-07-06 15:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 17:43 - 2014-12-03 16:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 17:43 - 2014-12-03 16:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 17:43 - 2014-12-03 16:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 17:43 - 2014-12-03 16:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 17:43 - 2014-12-03 16:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 17:43 - 2014-12-03 16:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 17:43 - 2014-12-03 16:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 17:43 - 2014-12-01 13:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 17:42 - 2014-11-26 15:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 17:42 - 2014-11-21 17:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 17:42 - 2014-11-21 16:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 17:42 - 2014-11-21 16:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 17:42 - 2014-11-21 16:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 17:42 - 2014-11-21 16:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 17:42 - 2014-11-21 15:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 17:42 - 2014-11-21 15:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 17:42 - 2014-11-21 15:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 17:42 - 2014-11-21 15:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 17:42 - 2014-11-21 14:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 17:42 - 2014-11-10 17:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 17:42 - 2014-11-10 16:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 17:42 - 2014-11-10 15:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 17:41 - 2014-11-26 15:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 17:41 - 2014-11-21 17:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 17:41 - 2014-11-21 17:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 17:41 - 2014-11-21 16:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 17:41 - 2014-11-21 16:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 17:41 - 2014-11-21 16:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 17:41 - 2014-11-21 16:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 17:41 - 2014-11-21 16:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 17:41 - 2014-11-21 16:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 17:41 - 2014-11-21 16:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 17:41 - 2014-11-21 16:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 17:41 - 2014-11-21 16:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 17:41 - 2014-11-21 16:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 17:41 - 2014-11-21 16:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 17:41 - 2014-11-21 16:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 17:41 - 2014-11-21 16:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 17:41 - 2014-11-21 16:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 17:41 - 2014-11-21 16:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 17:41 - 2014-11-21 16:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 17:41 - 2014-11-21 16:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 17:41 - 2014-11-21 16:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 17:41 - 2014-11-21 16:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 17:41 - 2014-11-21 16:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 17:41 - 2014-11-21 16:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 17:41 - 2014-11-21 15:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 17:41 - 2014-11-21 15:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 17:41 - 2014-11-21 15:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 17:41 - 2014-11-21 15:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 17:41 - 2014-11-21 15:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 17:41 - 2014-11-21 15:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 17:41 - 2014-11-21 15:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 17:41 - 2014-11-21 15:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 17:41 - 2014-11-21 15:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 17:41 - 2014-11-21 15:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 17:41 - 2014-11-21 15:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 17:41 - 2014-11-21 15:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 17:41 - 2014-11-21 15:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 17:41 - 2014-11-21 15:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 17:41 - 2014-11-21 15:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 17:41 - 2014-11-21 15:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 17:41 - 2014-11-21 15:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 17:41 - 2014-11-21 15:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 17:41 - 2014-11-21 15:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 17:41 - 2014-11-21 15:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 17:41 - 2014-11-21 14:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 17:39 - 2014-11-07 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 17:39 - 2014-11-07 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 17:39 - 2014-10-29 16:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 17:39 - 2014-10-29 15:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 17:39 - 2014-10-02 16:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 17:39 - 2014-10-02 16:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 17:39 - 2014-10-02 16:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 17:39 - 2014-10-02 16:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 17:39 - 2014-10-02 16:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 17:39 - 2014-10-02 15:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 17:39 - 2014-10-02 15:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 17:39 - 2014-10-02 15:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 17:39 - 2014-10-02 15:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 17:39 - 2014-10-02 15:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 18:22 - 2014-12-08 18:22 - 00000000 ____D () C:\Quarantine
2014-12-08 18:18 - 2014-12-08 18:18 - 00000000 ____D () C:\Program Files\McAfee
2014-12-08 18:16 - 2014-12-08 20:56 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-12-08 17:02 - 2014-12-08 17:02 - 00125488 _____ () C:\Users\Nakamoto\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-08 16:50 - 2014-12-08 16:57 - 00000000 ____D () C:\Users\Nakamoto\AppData\Roaming\Wise Registry Cleaner
2014-12-08 16:50 - 2014-12-08 16:50 - 00001233 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-12-08 16:50 - 2014-12-08 16:50 - 00000000 ____D () C:\Users\Nakamoto\Documents\Simply Super Software
2014-12-08 16:50 - 2014-12-08 16:50 - 00000000 ____D () C:\Users\Nakamoto\AppData\Roaming\Simply Super Software
2014-12-08 16:50 - 2014-12-08 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-12-08 16:50 - 2014-12-08 16:50 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-08 16:48 - 2014-12-08 16:48 - 00001115 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-12-08 16:48 - 2014-12-08 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-12-08 16:47 - 2014-12-08 16:51 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-12-08 16:47 - 2014-12-08 16:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-12-08 12:38 - 2014-12-08 12:38 - 00001878 _____ () C:\Users\Nakamoto\Desktop\aswMBR.txt
2014-12-08 12:38 - 2014-12-08 12:38 - 00000512 _____ () C:\Users\Nakamoto\Desktop\MBR.dat
2014-12-08 08:57 - 2014-12-08 08:59 - 00003488 _____ () C:\Windows\RegBootClean.CFG
2014-12-08 06:25 - 2014-12-08 06:25 - 00000000 ____D () C:\Users\Nakamoto\AppData\Roaming\AVAST Software
2014-12-07 23:37 - 2014-12-07 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-07 23:36 - 2014-12-16 06:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-07 23:34 - 2014-12-07 23:33 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-07 23:34 - 2014-12-07 23:33 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-07 23:34 - 2014-12-07 23:33 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-07 23:34 - 2014-12-07 23:33 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-07 23:34 - 2014-12-07 23:33 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-07 23:34 - 2014-12-07 23:33 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-07 23:33 - 2014-12-07 23:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-07 23:33 - 2014-12-07 23:33 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-07 23:33 - 2014-12-07 23:33 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-07 23:32 - 2014-12-07 23:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-07 23:19 - 2014-12-07 23:19 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-07 22:15 - 2014-12-08 16:56 - 00001859 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-12-07 15:28 - 2014-12-16 06:47 - 00000896 _____ () C:\Windows\setupact.log
2014-12-07 15:28 - 2014-12-15 07:10 - 00440626 _____ () C:\Windows\PFRO.log
2014-12-07 15:28 - 2014-12-07 15:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-06 15:49 - 2014-12-06 21:50 - 00000000 ____D () C:\Users\Nakamoto\AppData\Local\CUSTPDF Writer
2014-12-06 07:16 - 2014-12-07 23:09 - 00000550 _____ () C:\AdwCleanerDebug.txt
2014-12-05 15:32 - 2014-12-05 15:32 - 673054875 _____ () C:\Windows\MEMORY.DMP
2014-12-05 12:12 - 2014-12-10 08:31 - 00004554 _____ () C:\Users\Nakamoto\Desktop\Rkill.txt
2014-12-04 07:58 - 2014-12-04 07:58 - 00116016 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\08263055.sys
2014-12-03 10:47 - 2014-12-03 10:47 - 00007602 _____ () C:\Users\Nakamoto\AppData\Local\Resmon.ResmonCfg
2014-11-25 11:52 - 2014-11-25 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-21 12:20 - 2014-11-21 12:42 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-21 12:20 - 2014-11-21 12:42 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-20 09:18 - 2014-12-11 18:38 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-20 09:18 - 2014-11-20 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-18 08:52 - 2014-11-10 17:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 08:52 - 2014-11-10 17:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 08:52 - 2014-11-10 16:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 08:52 - 2014-11-10 16:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 12:28 - 2014-11-12 19:41 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20141117-122819.backup
2014-11-16 17:24 - 2014-11-16 17:24 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-16 17:23 - 2014-11-16 17:23 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-16 17:23 - 2014-11-16 17:23 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-16 17:23 - 2014-11-16 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-16 17:22 - 2014-12-07 07:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-16 17:22 - 2014-11-16 17:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-16 17:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-16 06:56 - 2010-09-23 08:43 - 02043989 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 06:55 - 2014-11-10 18:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 06:55 - 2009-07-13 18:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 06:55 - 2009-07-13 18:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 06:52 - 2012-04-03 12:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 06:49 - 2012-08-15 13:11 - 00000000 ___RD () C:\Users\Nakamoto\Dropbox
2014-12-16 06:49 - 2012-08-15 13:08 - 00000000 ____D () C:\Users\Nakamoto\AppData\Roaming\Dropbox
2014-12-16 06:47 - 2011-01-08 16:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-16 06:47 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 06:45 - 2011-01-08 16:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-16 06:33 - 2013-02-02 12:03 - 00000000 ____D () C:\Users\Nakamoto\AppData\Local\Unity
2014-12-16 06:23 - 2014-11-15 17:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-15 06:56 - 2014-11-08 16:02 - 00000000 ____D () C:\AdwCleaner
2014-12-15 06:45 - 2012-05-10 03:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-15 06:45 - 2012-05-10 03:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-15 06:18 - 2011-01-08 16:38 - 00000000 ____D () C:\Users\Nakamoto\AppData\Roaming\Skype
2014-12-14 07:54 - 2011-11-30 11:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-14 07:54 - 2011-01-09 10:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-14 03:06 - 2012-05-10 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 16:02 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 11:47 - 2014-10-24 07:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-13 11:42 - 2011-01-08 14:13 - 00000000 ____D () C:\Users\Nakamoto
2014-12-13 11:41 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-12 18:58 - 2012-02-06 21:06 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNakamoto
2014-12-12 18:58 - 2012-02-06 21:06 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForNakamoto.job
2014-12-12 11:57 - 2012-08-15 13:11 - 00001033 _____ () C:\Users\Nakamoto\Desktop\Dropbox.lnk
2014-12-12 11:57 - 2012-08-15 13:09 - 00000000 ____D () C:\Users\Nakamoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 08:04 - 2012-01-10 20:03 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-11 07:54 - 2013-06-27 16:43 - 00000422 _____ () C:\Users\Nakamoto\Sti_Trace.log
2014-12-10 21:55 - 2014-11-11 20:47 - 00000000 ____D () C:\EEK
2014-12-10 14:58 - 2011-01-28 14:41 - 00000000 ____D () C:\Users\Nakamoto\AppData\Local\CrashDumps
2014-12-10 10:40 - 2014-08-22 09:50 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-10 10:22 - 2014-11-12 19:17 - 00000000 ____D () C:\Qoobox
2014-12-10 10:21 - 2014-10-22 08:32 - 00000000 ____D () C:\Program Files\PDFCreator
2014-12-10 06:50 - 2010-08-27 15:14 - 00000000 ____D () C:\ProgramData\Temp
2014-12-10 06:31 - 2014-11-07 11:52 - 00000000 ____D () C:\Users\Nakamoto\AppData\Roaming\QuickScan
2014-12-10 04:27 - 2013-08-27 09:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 04:12 - 2014-05-06 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 04:12 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 04:12 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:52 - 2013-07-17 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:35 - 2011-01-08 17:16 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 22:52 - 2012-04-03 12:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 22:52 - 2012-04-03 12:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 22:52 - 2011-06-01 10:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-08 16:52 - 2014-11-06 09:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-12-08 08:59 - 2014-11-08 07:17 - 00181776 _____ () C:\Windows\RegBootClean.exe
2014-12-07 23:09 - 2014-11-11 20:48 - 00000745 _____ () C:\Users\Nakamoto\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-07 22:48 - 2014-11-10 22:36 - 00000000 ____D () C:\ProgramData\WRData
2014-12-07 22:15 - 2014-11-15 07:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-12-07 09:18 - 2014-05-21 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2014-12-07 09:18 - 2012-05-22 12:28 - 00000000 ____D () C:\Windows\Minidump
2014-12-07 09:18 - 2010-08-27 15:04 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2014-12-07 09:18 - 2009-07-13 17:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-07 09:18 - 2009-07-13 17:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-06 09:32 - 2014-11-12 08:12 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 09:32 - 2014-11-10 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 09:32 - 2014-11-10 18:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 16:51 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-30 01:59 - 2014-11-15 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-26 11:41 - 2012-05-03 08:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-24 14:04 - 2011-07-07 15:11 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-24 11:05 - 2012-01-23 19:48 - 00000000 ____D () C:\Users\Nakamoto\Desktop\Ebay
2014-11-24 10:42 - 2009-07-13 19:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 06:14 - 2014-11-10 18:32 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-11-10 18:32 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-11-10 18:32 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 09:17 - 2011-01-08 16:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-20 08:15 - 2014-10-04 17:28 - 00000000 ____D () C:\Users\Nakamoto\Desktop\Old Firefox Data
2014-11-16 14:11 - 2012-03-29 21:00 - 00000000 ____D () C:\ProgramData\Recovery
2014-11-16 07:10 - 2014-10-22 08:31 - 00000000 ____D () C:\Program Files (x86)\PDF Creator
 
Some content of TEMP:
====================
C:\Users\Nakamoto\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_lkco.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 16:04
 
==================== End Of Log ============================
 
 
Here is the addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014
Ran by Nakamoto at 2014-12-16 07:01:30
Running from C:\Users\Nakamoto\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Ad-Aware Web Companion (x32 Version: 1.0.788.1475 - Lavasoft) Hidden
Adobe Acrobat 7.1.0 Standard (HKLM-x32\...\Adobe Acrobat 7.0 Standard - V) (Version: 7.1.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.1 - Belkin International, Inc.)
Canon MF Toolbox 4.9.1.1.mf13 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf13 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.0 - CANON INC.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Presentation Server Client (HKLM-x32\...\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}) (Version: 10.00.52110 - Citrix Systems, Inc.)
CollageIt 1.9.0 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version:  - PearlMountain Technology Co., Ltd)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Global fx Components (HKLM-x32\...\InstallShield_{F781195B-8662-432D-AB76-6F024A3CF31C}) (Version: 12.12.1219.1536 - CCH Tax and Accounting. A WoltersKluwer Company.)
Global fx Components (x32 Version: 12.12.1219.1536 - CCH Tax and Accounting. A WoltersKluwer Company.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 4.8.0.723 (HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\HuluDesktop) (Version: 0.9.10 - Hulu LLC)
JC-AM100 (HKLM-x32\...\{B8909A6F-E372-4ABE-8882-91F8D13D81F1}) (Version: 1.0.0.22 - jWIN)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.0.20.17316 - LeapFrog)
LeapFrog Connect (x32 Version: 5.0.20.17316 - LeapFrog) Hidden
LeapFrog Connect (x32 Version: 5.1.5.17469 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.0.19.17305 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.1.5.17469 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}) (Version: 1.18.17.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
MightyUninstaller (HKLM-x32\...\{91A02C6C-1FAA-49FA-957F-6ACF30D6B47D}_is1) (Version: 2.5.0.1 - MightyUninstaller.com)
MiMedia (HKLM\...\{AC2D7118-4F5C-4EB9-B8D4-AE5959B3E1D8}) (Version: 1.0.46.3234 - MiMedia LLC)
MiMedia (HKLM\...\MiMedia) (Version: 1.0.66.3574 - MiMedia, LLC)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation)
pdfforge Toolbar v9.3 (HKLM-x32\...\{BF5A8895-5DF8-42F0-80DC-50DD1AA2DD23}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks File Doctor (HKLM-x32\...\{7E458862-3A7F-4412-AD2F-EC96F688A393}) (Version: 3.6.5 - Intuit)
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.26.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
ShareFile Desktop Widget (HKLM-x32\...\ShareFileDesktop.17AF2FD64D6611D25BF6B31FA23B5F4BC1AA06EC.1) (Version: 2.21 - Novel Labs, Inc)
ShareFile Desktop Widget (x32 Version: 2.21 - Novel Labs, Inc) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.0.0.4 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.0.0 - Shutterfly, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
System Files (x32 Version: 20.12.1022.1524 - CCH Tax and Accounting. A Wolters Kluwer Company.) Hidden
Trojan Remover 6.9.1.2932 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1.2932 - Simply Super Software)
USB 2.0 VGA Device (Multiple) 10.02.0324.0153 (HKLM-x32\...\{04A1E855-4EBF-417D-87FF-2F085CA534A0}) (Version: 10.02.0324.0153 - MCT Corp.)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Web Companion (HKLM-x32\...\{0AB46A9E-1335-46CC-81A2-F34AB8DCAD62}_WebCompanion) (Version: 1.0.788.1475 - Lavasoft)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinX HD Video Converter Deluxe 3.10.3 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software,Inc.)
Wise Registry Cleaner 8.26 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.26 - WiseCleaner.com, Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
17-11-2014 03:05:30 Windows Update
20-11-2014 13:00:49 Windows Update
21-11-2014 21:36:24 avast! antivirus system restore point
23-11-2014 23:57:05 Windows Update
24-11-2014 23:05:23 LavasoftWeCompanion
27-11-2014 02:44:51 Windows Update
30-11-2014 17:15:05 Windows Update
04-12-2014 17:13:51 Windows Update
07-12-2014 17:50:49 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
07-12-2014 18:04:24 Windows Update
08-12-2014 07:05:30 avast! antivirus system restore point
09-12-2014 03:32:32 Removed Java 8 Update 25
10-12-2014 13:11:23 Windows Update
10-12-2014 20:21:47 Removed Java 8 Update 20
10-12-2014 20:34:09 Removed Java 8 Update 20
10-12-2014 20:38:01 Removed Java 7 Update 67
10-12-2014 21:31:13 Windows Backup
11-12-2014 08:00:59 Windows Backup
11-12-2014 17:33:16 Windows Backup
11-12-2014 18:00:54 Windows Backup
12-12-2014 16:40:24 AA11
13-12-2014 09:50:15 Windows Backup
13-12-2014 13:00:31 Windows Update
14-12-2014 13:00:43 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 16:34 - 2014-11-26 11:38 - 00000021 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00FB8777-9075-4208-94B3-7C91F168BE46} - System32\Tasks\{77127DFC-5C12-48EE-B69F-9C5DACE52A0D} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe [2013-07-23] (LeapFrog Enterprises, Inc.)
Task: {01520BFC-D720-4E41-9B65-DFC69FAB8022} - System32\Tasks\{DC63CD6F-FF31-49D5-8894-F436E0C41DBF} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe [2013-07-23] (LeapFrog Enterprises, Inc.)
Task: {09563AC8-185C-47D6-B11F-7898E71F499B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0D8B22A3-BC04-4FE8-99D9-D445287D5463} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0E059C20-09E3-4419-8DFF-B205E9CAD9C3} - System32\Tasks\{45A4B727-87A7-405D-A8EF-B7A4CE6E646D} => C:\Program Files (x86)\Ralink\Common\RaUI.exe
Task: {10C74263-3E1C-480A-9D24-E08454A60593} - System32\Tasks\{44C77295-4D49-44AD-B662-BBFE8C6BD281} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {1489A980-D1D5-4366-B7F0-143ED4E9C524} - System32\Tasks\{B4C94903-402A-41B3-97AF-B0423F2B9B7E} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe [2013-07-23] (LeapFrog Enterprises, Inc.)
Task: {1A4F0DB1-75FA-47A9-A9EA-A247F0DE95A9} - System32\Tasks\{B0420684-AC2A-4265-B6ED-3048D500AA28} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {29EF024D-6D0A-4260-9FB6-4A70AD9042F4} - System32\Tasks\{575B3CA9-8DCE-45C7-9DFB-52E0A657034B} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe [2013-07-23] (LeapFrog Enterprises, Inc.)
Task: {30ADE63C-1AFE-4FDB-9E9C-CC5E05537B45} - System32\Tasks\{103C8664-F93A-48CF-90AA-2B8DFCBE9DB2} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe [2013-07-23] (LeapFrog Enterprises, Inc.)
Task: {44D8B6E9-3678-4529-B67A-93D5EC3BF048} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-07] (AVAST Software)
Task: {45744EA7-63BE-4DD1-A6A1-97E3563C543A} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {5304B577-45A1-4A89-ABD8-9C00880CDB29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {5C0775D8-AE05-4DFE-97D0-44962FEE8B6C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5D088ED5-50B3-4F68-B619-37F306B82983} - System32\Tasks\{30347E5A-EDA8-418A-A593-716014E555B4} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {5FAF769E-4366-44F0-B724-00700F969CDE} - System32\Tasks\{A5580F54-CE58-4E8B-8870-7929CE5EE27A} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {6273DF32-458C-43B5-8179-B963A2B40F21} - System32\Tasks\{B8D5ABE9-043B-47F7-A21D-00CF4DA078CE} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe [2013-07-23] (LeapFrog Enterprises, Inc.)
Task: {664CC9AD-4A54-43D6-8513-2F599DCCB0AD} - System32\Tasks\{6DD605EB-01DD-4428-A208-15395A024792} => pcalua.exe -a C:\Users\Nakamoto\Downloads\avast-browser-cleanup.exe -d C:\Users\Nakamoto\Downloads
Task: {69499373-F228-4C3D-93AA-5E0FA50C5D36} - System32\Tasks\{5D50E94A-8823-421F-ACAF-D82230AE1F99} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {6CB4CF58-58FE-4A96-AAFF-4B4DDC4C823F} - System32\Tasks\{E2DB79CC-F2FF-4961-86E7-CF98A58AFEEC} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe [2013-07-23] (LeapFrog Enterprises, Inc.)
Task: {6EAD5A5A-0919-4E59-B5B3-E37DC2D380D8} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {84FB87D4-EA96-495A-B4D1-B5CED72E38CF} - System32\Tasks\{F8523CED-D42F-4CFB-917B-485BA8A75E69} => C:\Program Files (x86)\Ralink\Common\RaUI.exe
Task: {873A9006-852A-4F3E-84EA-D0932C30B1CF} - System32\Tasks\{CA3DB9EA-D282-473A-BCEB-3DA1A5094908} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {8CDCE77B-6107-4176-86A3-7A0C39F8302B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {9128E2BD-0A60-432C-9113-4A7E927B503D} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {95B23F23-C7B8-4663-90C8-BF590BBC4654} - System32\Tasks\{FB6C916C-31E5-4447-B427-2E9F71B42B6D} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {A04AB478-96D3-4D99-AE42-121EF3A1283A} - System32\Tasks\{8BAFBCD0-3278-4609-AFDF-D0C68386B6BA} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {A0B230BC-F38D-4662-AAB6-6E77CE28AB77} - System32\Tasks\{6116E31C-DD54-4EEB-965F-6EFFD6087DBC} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {A30EA9EA-1224-4A73-8C75-AB7F48FFAAD4} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {A484FCED-EFE5-4B58-9DE7-5F299D68BFF2} - System32\Tasks\{668A1A78-C3F8-4F1E-AECB-E4BE3BE3CB50} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {AAC0C116-1D5E-4AF2-99A1-08BA5A789A46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN15IJ14XT05HR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {B03FDA6E-4B4C-4975-8343-B1EC54D12BFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BF86E9FF-1B40-4853-BEDB-4B04D2ACB010} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C2BB4F7F-4D5F-472B-A9DB-69C71257F376} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {CF5322B4-A094-40AF-9853-A5CE4E046F0A} - System32\Tasks\{682FFCE6-BB5C-43B4-BDBC-DCB5002203D7} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {D12B1A82-2E73-4C9E-A0D7-89818BBC4D6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E0288723-5FA1-4015-8D9F-5FF90355756C} - System32\Tasks\{FD226090-ADA2-4521-B539-C6E9134AED84} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {F0081978-1B68-449F-A584-8663E90C6B94} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {F247E569-BA65-444E-AC4C-158D6FE0990F} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {F304B592-D6B4-4448-9F93-9775C157EB6D} - System32\Tasks\{D0D6456E-61EC-4A2B-A377-080665E21693} => C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {F50551AF-B4D4-4311-9DE3-00CEBF5188AD} - System32\Tasks\HPCeeScheduleForNakamoto => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {FB78BA03-BD69-4E76-9E29-82D070F44119} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNakamoto.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-06-15 09:18 - 2012-06-15 09:18 - 00638904 _____ () C:\Program Files\MiMedia LLC\MiMedia\sqlite3-x64.dll
2009-09-14 13:17 - 2009-09-14 13:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-12-16 06:23 - 2014-12-16 06:23 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121600\algo.dll
2014-11-16 17:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-16 17:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-16 17:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-16 17:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-16 17:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-06-07 15:48 - 2011-06-07 15:48 - 00453000 _____ () C:\Program Files\MiMedia LLC\MiMedia\sqlite3.dll
2014-06-15 23:40 - 2014-06-15 23:40 - 02124256 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 07422144 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 02453696 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00192704 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00794816 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2014-12-07 23:31 - 2014-12-07 23:32 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-03 20:42 - 2014-02-03 20:42 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2014-02-03 20:43 - 2014-02-03 20:43 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2014-02-03 20:42 - 2014-02-03 20:42 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2014-02-03 20:43 - 2014-02-03 20:43 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2014-02-03 20:42 - 2014-02-03 20:42 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2014-02-03 20:43 - 2014-02-03 20:43 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2014-10-21 14:22 - 2014-10-21 14:22 - 00750080 _____ () C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-16 06:49 - 2014-12-16 06:49 - 00043008 _____ () c:\users\nakamoto\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_lkco.dll
2014-10-21 14:22 - 2014-10-21 14:22 - 00047616 _____ () C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 14:22 - 2014-10-21 14:22 - 00863744 _____ () C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 14:22 - 2014-10-21 14:22 - 00200704 _____ () C:\Users\Nakamoto\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2010-02-09 15:58 - 2010-02-09 15:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 15:58 - 2010-02-09 15:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 15:58 - 2010-02-09 15:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 15:58 - 2010-02-09 15:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 15:58 - 2010-02-09 15:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 15:58 - 2010-02-09 15:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 15:58 - 2010-02-09 15:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-09 15:58 - 2010-02-09 15:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Nakamoto\Desktop\Hanahouoli Magazine.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Nakamoto\Desktop\QEP Preschool Yearbook.jpeg:3or4kl4x13tuuug3Byamue2s4b
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Nakamoto^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3728143812-4245075021-3154152335-500 - Administrator - Disabled)
Guest (S-1-5-21-3728143812-4245075021-3154152335-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3728143812-4245075021-3154152335-1002 - Limited - Enabled)
Nakamoto (S-1-5-21-3728143812-4245075021-3154152335-1000 - Administrator - Enabled) => C:\Users\Nakamoto
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/16/2014 06:49:14 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/16/2014 06:49:14 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/16/2014 06:49:14 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:12:24 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:12:24 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:12:24 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/15/2014 06:48:15 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
 
System errors:
=============
Error: (12/16/2014 06:51:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (12/16/2014 06:51:04 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (12/16/2014 06:51:03 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (12/16/2014 06:48:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/16/2014 06:47:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/16/2014 06:45:58 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (12/15/2014 07:40:19 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D51B7456-C396-4CEC-A045-6B606A57811F} because another computer on the network has the same name.  The server could not start.
 
Error: (12/15/2014 05:55:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (12/15/2014 07:37:47 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (12/15/2014 07:11:40 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Security Scan Service service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (12/16/2014 06:49:14 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (12/16/2014 06:49:14 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (12/16/2014 06:49:14 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:12:24 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:12:24 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:12:24 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (12/15/2014 07:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (12/15/2014 06:48:15 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-12 19:40:02.429
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-12 19:40:02.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 635 Processor
Percentage of memory in use: 40%
Total physical RAM: 3838.49 MB
Available physical RAM: 2275.64 MB
Total Pagefile: 7675.16 MB
Available Pagefile: 5494.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:584.38 GB) (Free:379.2 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.68 GB) (Free:1.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:3.81 GB) (Free:2.49 GB) FAT32
Drive l: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive m: () (Removable) (Total:1.9 GB) (Free:0.39 GB) FAT
Drive n: (Elements) (Fixed) (Total:931.48 GB) (Free:665.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0CAF551F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 7 (Size: 3.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#19
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Thanks for the logs and the uninstalls update. I am still checking into the pdfforge toolbar removal and will get that information back as soon as it can be confirmed. In the meantime, we need a second opinion look at your file so can you run the following scan please?

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here. Also, please note that this scan can take a while to run.
  • Please go here to run the scan and click on Run ESET Online Scanner
  • abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps
  • The next screen will be the ESET Online Scanner installer
  • Getinstallerpopup_zps569f8772.png
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and select Save File
  • downloadsave_zpsb758563f.png
  • Save the file to your desktop; you should see a file like this when the download is finished
  • desktopfile_zps98a1ee89.png Double click on this to start the installation of the ESET Online Scanner
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • TOU_zps4ecd3406.png
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Enable detection of potentially unwanted applications is selected.
  • Now click on Advanced Settings and configure the options as follows:
    • Remove found threats is Not checked
    • Scan archives is checked
    • Scan for potentially unsafe applications is checked
    • Enable Anti-Stealth Technology is checked
  • Now click on: Start
  • Loadsettings_2014-08-23_zps3f2d0c88.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • Downloadingsignatures_zps36c38587.png
  • When completed the Online Scan will begin automatically.
  • Scanningdisplay_zpsec3aac14.png
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if any malware was detected, the summary screen will show a warning.
  • Threatsfound_zpsfe95fb4e.png
  • On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
  • Exporttotextfile_zps16cb487f.png
  • Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
  • UninstallcheckedandFinish_zps6fb26ad8.pn
  • Use Notepad to open the logfile you save on your desktop.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#20
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

It's been running for 7+ hours and is only 33% through the scan. Should it be taking this long?


  • 0

#21
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

My monitor also keeps going to sleep so I've been hitting the space bar to wake it up and I think it's causing the scan to stop. If I leave it, how will the monitor wake up to let me know the scan is done?


  • 0

#22
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Okay I figured out how to make my monitor and computer not go to sleep.

 

The scan found no threats, so no log was generated.


  • 0

#23
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Yes, the ESET scan can take a long time to finish (I have seen it take over 24 hours on some systems). Thanks for being patient with that scan.

HitmanPro 3.7

I see that you have HitmanPro 3.7 on the system. Is this a paid version or a trial installed to help with this Url:Mal problem? Can you please uninstall it for the time being as there is some controversy over the drivers used by this product; in some cases they have seemed to cause more damage than good.

ComboFix

I notice that this has been run on the system recently. Can you provide the logs from the runs of ComboFix? The logs should be located in the C:\Qoobox folder.

Clean Boot of Windows

A Clean Boot of Windows will allow us to see if the malware is a setting / registry of the OS or a corrupt file being loaded.

Clean Boot - Windows 7 & Vista
  • Log on to the computer by using an account that has administrator rights.
  • Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.
    Note If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
    2440068.png
  • On the General tab, click the Selective startup option, and then click to clear the Load startup items check box. (The Use Original Boot.ini check box is unavailable.)
    2440069.png
  • On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all (this actually means Disable all that are showing; the hidden services will remain checked and will load as they normally do). You must do these 3 steps in their entirety so that all services other than Microsoft OS services are not running on the next start of your system. (If you want, you can leave the Avast services checked so that your system will be protected after the next restart.)
    2440071.png
    Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points.
  • Click OK, and then click Restart.
Test your system at this point and see if the Url:Mal popups / warning still happen and / or are the same.


When you want to go back to the normal start up >>>>
  • Click Start, type msconfig.exe in the Start Search box, and then press Enter.
  • Note If you are prompted for an administrator password or for confirmation, you should type the password or click Continue.
  • On the General tab, click the Normal Startup option, and then click OK.
  • When you are prompted to restart the computer, click Restart.
Information to Reply with >>>>
  • The status of HitmanPro 3.7
  • The ComboFix logs
  • The Clean Boot results and were you able to return to normal mode?

  • 0

#24
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

HitmanPro 3.7 was a free trial I installed to deal with the URL:MAL problem. I uninstalled it.

 

Here are the logs from the Combo fix runs:

 

ComboFix-quarantined-files:

 

2014-11-13 05:45:09 . 2014-11-13 05:45:09              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-11-13 05:44:13 . 2014-11-13 05:44:13            1,240 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-PDF Creator Packages.reg.dat
2014-11-13 05:43:48 . 2014-11-13 05:43:48              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-CleanHlp.sys.reg.dat
2014-11-13 05:43:48 . 2014-11-13 05:43:48              542 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-CleanHlp.reg.dat
2014-11-13 05:43:38 . 2014-11-13 05:43:38              153 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-SPMTray.reg.dat
2014-11-13 05:41:26 . 2012-11-02 20:39:44               59 ----a-w-  C:\Qoobox\Quarantine\N\autorun.inf.vir
2014-11-13 05:37:03 . 2014-11-15 18:38:57           13,717 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-11-13 05:22:59 . 2014-11-15 18:29:19              204 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2014-11-06 20:22:52 . 2014-11-06 20:22:49          628,480 ----a-w-  C:\Qoobox\Quarantine\C\Users\Nakamoto\AppData\Local\nsp24F2.tmp.vir
2014-11-06 19:26:27 . 2014-11-06 19:26:21          613,042 ----a-w-  C:\Qoobox\Quarantine\C\Users\Nakamoto\AppData\Local\nst8039.tmp.vir
2013-02-18 13:37:54 . 2013-02-18 13:36:16              577 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\95f567698be8a182.fb.vir
2013-02-18 13:37:54 . 2013-02-18 13:36:16              636 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\26c630d098e22dd5.fb.vir
2013-02-18 13:37:54 . 2013-02-18 13:36:17           10,783 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\efb3cf2408e6f734.fb.vir
2013-02-10 13:24:56 . 2013-02-10 13:24:28           10,993 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\8282c5a1c692da91.fb.vir
2013-01-22 10:23:41 . 2013-01-22 10:22:56           10,511 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\91d9945e8bb4bba1.fb.vir
2012-11-16 08:16:52 . 2012-11-16 08:16:11           10,936 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\1315498faaf67bf9.fb.vir
2012-08-30 21:24:57 . 2012-08-30 21:25:16           11,246 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\234ed592d6a0a348.fb.vir
2012-07-17 03:44:29 . 2013-02-18 13:36:16              639 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\590ba23ce359fd0c.fb.vir
2012-07-17 03:44:29 . 2013-02-18 13:36:16              630 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\272512937d9e61a4.fb.vir
2012-07-17 03:44:29 . 2013-02-18 13:36:16              398 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\6c59ac5e7e7a3ad0.fb.vir
2012-07-17 03:44:29 . 2012-11-16 08:16:09              669 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\a8556537add6dfc5.fb.vir
2012-07-17 03:44:29 . 2013-02-18 13:36:16              627 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\651c5d3cdbfb8bd1.fb.vir
2012-07-17 03:44:29 . 2013-02-18 13:36:16            1,045 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\d201ef9910cd39de.fb.vir
2012-07-17 03:44:29 . 2013-02-18 13:36:16              586 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\c4d28dca2e7648be.fb.vir
2012-07-17 03:44:29 . 2013-02-18 13:36:16              663 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\c1fa887b03019701.fb.vir
2012-07-17 03:44:29 . 2013-02-18 13:36:16              668 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\6d03dad1035885d3.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16            1,071 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\f998975c9cc711ee.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16              661 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\32c84fe32bb74d60.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16              366 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\ad10a52aff5e038d.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16              622 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\287204568329e189.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16              628 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\31a0997e9a5b5eb3.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16              365 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\610289e025a3ee9a.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16              627 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\d79b9dfe81484ec4.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16              567 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\d2e94710a5708128.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16            1,022 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\3917078cb68ec657.fb.vir
2012-07-17 03:44:28 . 2012-08-30 21:25:16              633 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\2c53092c95605355.fb.vir
2012-07-17 03:44:28 . 2013-02-18 13:36:16            1,291 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\28bc8f716fd76a47.fb.vir
2012-07-17 03:44:28 . 2012-07-17 03:44:16           11,070 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\571d59037de817b3.fb.vir
2011-09-28 07:00:49 . 2011-09-28 07:00:50           72,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\Nakamoto\g2mdlhlpx.exe.vir
 
 
ComboFix2:
 
ComboFix 14-11-12.01 - Nakamoto 11/12/2014  19:49:28.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3838.1805 [GMT -10:00]
Running from: c:\users\Nakamoto\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-13 to 2014-11-13  )))))))))))))))))))))))))))))))
.
.
2014-11-13 05:56 . 2014-11-13 05:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-11-13 05:56 . 2014-11-13 05:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-11-13 05:56 . 2014-11-13 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-13 04:32 . 2014-11-13 04:32 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E0ABC9E-2BBB-4682-95B5-8CAC70638413}\offreg.dll
2014-11-13 01:52 . 2014-11-13 01:52 4918960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-12 18:15 . 2014-11-12 18:15 -------- d-----w- c:\program files\HitmanPro
2014-11-12 18:11 . 2014-11-12 18:47 -------- d-----w- c:\programdata\HitmanPro
2014-11-12 17:35 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E0ABC9E-2BBB-4682-95B5-8CAC70638413}\mpengine.dll
2014-11-12 06:47 . 2014-11-13 04:16 -------- d-----w- C:\EEK
2014-11-11 18:04 . 2014-11-11 18:04 -------- d-----w- c:\windows\ERUNT
2014-11-11 17:23 . 2014-09-17 14:10 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9DB1F82-C9A6-4756-AC92-53D3F763BC8E}\gapaengine.dll
2014-11-11 17:22 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-11 08:36 . 2014-11-13 05:00 -------- d-----w- c:\programdata\WRData
2014-11-11 04:32 . 2014-11-13 04:17 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-11 04:32 . 2014-10-01 21:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-11 04:32 . 2014-10-01 21:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-11 04:32 . 2014-10-01 21:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 04:32 . 2014-11-12 18:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-11 04:32 . 2014-11-11 04:32 -------- d-----w- c:\programdata\Malwarebytes
2014-11-11 00:51 . 2014-11-11 00:51 -------- d-----w- c:\users\Nakamoto\AppData\Roaming\Enigma Software Group
2014-11-11 00:50 . 2014-11-11 00:50 -------- d-----w- C:\sh4ldr
2014-11-06 19:11 . 2014-11-06 19:11 -------- d-----w- c:\programdata\Licenses
2014-11-06 17:19 . 2014-11-06 17:19 -------- d-----w- c:\users\Nakamoto\AppData\Local\Programs
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-10-31 19:32 . 2014-10-31 19:33 -------- d-----w- c:\program files (x86)\QuickTime
2014-10-31 19:32 . 2014-10-31 19:32 -------- d-----w- c:\programdata\Apple Computer
2014-10-22 21:00 . 2014-10-22 21:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-22 18:32 . 2011-10-04 20:43 87552 ----a-w- c:\windows\system32\custmon64i.dll
2014-10-22 18:32 . 2014-10-22 18:32 -------- d-----w- c:\program files (x86)\GPLGS
2014-10-22 18:32 . 2014-10-22 18:32 -------- d-----w- c:\program files\PDFCreator
2014-10-22 18:31 . 2014-10-22 18:32 -------- d-----w- c:\program files (x86)\PDF Creator
2014-10-16 06:19 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-16 06:19 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-16 06:17 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-16 06:17 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-16 06:17 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 01:53 . 2012-04-03 22:07 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-13 01:53 . 2011-06-01 20:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-30 11:25 . 2011-07-08 01:11 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-22 20:59 . 2014-08-22 19:50 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 13:01 . 2011-01-09 03:16 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-03 00:23 . 2014-10-03 00:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-03 00:23 . 2014-10-03 00:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2014-09-25 02:08 . 2014-10-01 07:47 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 07:47 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-17 14:10 . 2012-02-10 06:55 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 22:11 . 2014-09-24 00:18 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 00:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-28 13:23 . 2010-06-24 21:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 10:04 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 10:04 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-07-23 23:56 . 2013-07-23 23:55 14880256 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2011-06-08 01:48 930184 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2011-06-08 01:48 930184 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2011-06-08 01:48 930184 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-31 313472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-02 21650536]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2014-06-16 202080]
"GoogleChromeAutoLaunch_60EA7750A28D7E08EDBB1AF56902F43E"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-22 854344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-09-30 3761464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-07-31 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-08 507776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-03 421888]
.
c:\users\Nakamoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2013-1-17 25214]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid [email protected] [2013-7-23 14880256]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2013-7-23 14880256]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-11-27 6274360]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-2-3 1157448]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE -silent [2014-2-3 1179464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update AdvanceElite;Update AdvanceElite;c:\program files (x86)\AdvanceElite\updateAdvanceElite.exe;c:\program files (x86)\AdvanceElite\updateAdvanceElite.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 xVGAUSB64;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb64.sys;c:\windows\SYSNATIVE\drivers\xvgausb64.sys [x]
R4 MCTUISvr;MCTUISvr; [x]
R4 RalinkRegistryWriter64;RalinkRegistryWriter64; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\BIN\a2ddax64.sys;c:\eek\BIN\a2ddax64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
S3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8192cu;Belkin Wireless Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 xMrMini64;xMrMini64;c:\windows\system32\DRIVERS\xMrMini64.sys;c:\windows\SYSNATIVE\DRIVERS\xMrMini64.sys [x]
S3 xVGAMINI64;xVGAMINI64;c:\windows\system32\DRIVERS\xVgaMini64.sys;c:\windows\SYSNATIVE\DRIVERS\xVgaMini64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 67684437
*NewlyCreated* - AWRDIKOW
*NewlyCreated* - HITMANPRO37
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 67684437
*Deregistered* - aswMBR
*Deregistered* - awrdikow
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 16:36 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 01:53]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-09 07:28]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-09 07:28]
.
2014-11-10 c:\windows\Tasks\HPCeeScheduleForNakamoto.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-11 21:54 634872 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2012-06-15 19:18 752056 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2012-06-15 19:18 752056 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2012-06-15 19:18 752056 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-23 1331288]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-22 21720]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Nakamoto\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Nakamoto\AppData\LocalLow\LastPass\context.html?cmd=fillforms
Trusted Zone: cchgroup.com
Trusted Zone: completax.com
Trusted Zone: prosystemfx.com
Trusted Zone: prosystemfx.com\office
Trusted Zone: taxnotebook.com
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
FF - ProfilePath - c:\users\Nakamoto\AppData\Roaming\Mozilla\Firefox\Profiles\afmx460k.default-1412479732793\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LeapFrog Connect Device Service]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MCTUISvr]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RalinkRegistryWriter]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RalinkRegistryWriter64]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-12  19:59:10
ComboFix-quarantined-files.txt  2014-11-13 05:59
ComboFix2.txt  2014-11-13 05:45
.
Pre-Run: 490,110,779,392 bytes free
Post-Run: 489,803,714,560 bytes free
.
- - End Of File - - FCE4F9B0549B4B7E5A2BD7CE2AAB6534
AF00FC1920E1CF861B39B90A4375EDF3
 

 

ComboFix3:

 

ComboFix 14-11-12.01 - Nakamoto 11/12/2014  19:26:20.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3838.1510 [GMT -10:00]
Running from: c:\users\Nakamoto\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nakamoto\AppData\Local\nsp24F2.tmp
c:\users\Nakamoto\AppData\Local\nst8039.tmp
c:\users\Nakamoto\AppData\Local\Temp\tmpE4E2.tmp
c:\users\Nakamoto\AppData\Local\Temp\tmpE5DD.tmp
c:\users\Nakamoto\AppData\Roaming\Local
c:\users\Nakamoto\g2mdlhlpx.exe
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\1315498faaf67bf9.fb
c:\windows\SysWow64\Cache\234ed592d6a0a348.fb
c:\windows\SysWow64\Cache\26c630d098e22dd5.fb
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\2c53092c95605355.fb
c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\571d59037de817b3.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
c:\windows\SysWow64\Cache\8282c5a1c692da91.fb
c:\windows\SysWow64\Cache\91d9945e8bb4bba1.fb
c:\windows\SysWow64\Cache\95f567698be8a182.fb
c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\c1fa887b03019701.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\efb3cf2408e6f734.fb
c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
N:\autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-13 to 2014-11-13  )))))))))))))))))))))))))))))))
.
.
2014-11-13 05:41 . 2014-11-13 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-13 04:32 . 2014-11-13 04:32 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E0ABC9E-2BBB-4682-95B5-8CAC70638413}\offreg.dll
2014-11-13 01:52 . 2014-11-13 01:52 4918960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-12 18:15 . 2014-11-12 18:15 -------- d-----w- c:\program files\HitmanPro
2014-11-12 18:11 . 2014-11-12 18:47 -------- d-----w- c:\programdata\HitmanPro
2014-11-12 17:35 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E0ABC9E-2BBB-4682-95B5-8CAC70638413}\mpengine.dll
2014-11-12 06:47 . 2014-11-13 04:16 -------- d-----w- C:\EEK
2014-11-11 18:04 . 2014-11-11 18:04 -------- d-----w- c:\windows\ERUNT
2014-11-11 17:23 . 2014-09-17 14:10 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9DB1F82-C9A6-4756-AC92-53D3F763BC8E}\gapaengine.dll
2014-11-11 17:22 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-11 08:36 . 2014-11-13 05:00 -------- d-----w- c:\programdata\WRData
2014-11-11 04:32 . 2014-11-13 04:17 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-11 04:32 . 2014-10-01 21:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-11 04:32 . 2014-10-01 21:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-11 04:32 . 2014-10-01 21:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 04:32 . 2014-11-12 18:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-11 04:32 . 2014-11-11 04:32 -------- d-----w- c:\programdata\Malwarebytes
2014-11-11 00:51 . 2014-11-11 00:51 -------- d-----w- c:\users\Nakamoto\AppData\Roaming\Enigma Software Group
2014-11-11 00:50 . 2014-11-11 00:50 -------- d-----w- C:\sh4ldr
2014-11-06 19:11 . 2014-11-06 19:11 -------- d-----w- c:\programdata\Licenses
2014-11-06 17:19 . 2014-11-06 17:19 -------- d-----w- c:\users\Nakamoto\AppData\Local\Programs
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-31 19:33 . 2014-10-31 19:33 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-10-31 19:32 . 2014-10-31 19:33 -------- d-----w- c:\program files (x86)\QuickTime
2014-10-31 19:32 . 2014-10-31 19:32 -------- d-----w- c:\programdata\Apple Computer
2014-10-22 21:00 . 2014-10-22 21:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-22 18:32 . 2011-10-04 20:43 87552 ----a-w- c:\windows\system32\custmon64i.dll
2014-10-22 18:32 . 2014-10-22 18:32 -------- d-----w- c:\program files (x86)\GPLGS
2014-10-22 18:32 . 2014-10-22 18:32 -------- d-----w- c:\program files\PDFCreator
2014-10-22 18:31 . 2014-10-22 18:32 -------- d-----w- c:\program files (x86)\PDF Creator
2014-10-16 06:19 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-16 06:19 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-16 06:17 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-16 06:17 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-16 06:17 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 01:53 . 2012-04-03 22:07 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-13 01:53 . 2011-06-01 20:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-30 11:25 . 2011-07-08 01:11 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-22 20:59 . 2014-08-22 19:50 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 13:01 . 2011-01-09 03:16 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-03 00:23 . 2014-10-03 00:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-03 00:23 . 2014-10-03 00:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2014-09-25 02:08 . 2014-10-01 07:47 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 07:47 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-17 14:10 . 2012-02-10 06:55 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 22:11 . 2014-09-24 00:18 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 00:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-28 13:23 . 2010-06-24 21:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 10:04 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 10:04 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-07-23 23:56 . 2013-07-23 23:55 14880256 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2011-06-08 01:48 930184 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2011-06-08 01:48 930184 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2011-06-08 01:48 930184 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-31 313472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-02 21650536]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2014-06-16 202080]
"GoogleChromeAutoLaunch_60EA7750A28D7E08EDBB1AF56902F43E"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-22 854344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-09-30 3761464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-07-31 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-08 507776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-03 421888]
.
c:\users\Nakamoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2013-1-17 25214]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid [email protected] [2013-7-23 14880256]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2013-7-23 14880256]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-11-27 6274360]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-2-3 1157448]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE -silent [2014-2-3 1179464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update AdvanceElite;Update AdvanceElite;c:\program files (x86)\AdvanceElite\updateAdvanceElite.exe;c:\program files (x86)\AdvanceElite\updateAdvanceElite.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 xVGAUSB64;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb64.sys;c:\windows\SYSNATIVE\drivers\xvgausb64.sys [x]
R4 MCTUISvr;MCTUISvr; [x]
R4 RalinkRegistryWriter64;RalinkRegistryWriter64; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\BIN\a2ddax64.sys;c:\eek\BIN\a2ddax64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
S3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8192cu;Belkin Wireless Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 xMrMini64;xMrMini64;c:\windows\system32\DRIVERS\xMrMini64.sys;c:\windows\SYSNATIVE\DRIVERS\xMrMini64.sys [x]
S3 xVGAMINI64;xVGAMINI64;c:\windows\system32\DRIVERS\xVgaMini64.sys;c:\windows\SYSNATIVE\DRIVERS\xVgaMini64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 67684437
*NewlyCreated* - AWRDIKOW
*NewlyCreated* - HITMANPRO37
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 67684437
*Deregistered* - aswMBR
*Deregistered* - awrdikow
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 16:36 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 01:53]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-09 07:28]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-09 07:28]
.
2014-11-10 c:\windows\Tasks\HPCeeScheduleForNakamoto.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-11 21:54 634872 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2012-06-15 19:18 752056 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2012-06-15 19:18 752056 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2012-06-15 19:18 752056 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Nakamoto\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-23 1331288]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-22 21720]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Nakamoto\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Nakamoto\AppData\LocalLow\LastPass\context.html?cmd=fillforms
Trusted Zone: cchgroup.com
Trusted Zone: completax.com
Trusted Zone: prosystemfx.com
Trusted Zone: prosystemfx.com\office
Trusted Zone: taxnotebook.com
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
FF - ProfilePath - c:\users\Nakamoto\AppData\Roaming\Mozilla\Firefox\Profiles\afmx460k.default-1412479732793\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-PDF Creator Packages - c:\users\Nakamoto\AppData\Roaming\1H1Q\PDF Creator Packages\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LeapFrog Connect Device Service]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MCTUISvr]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RalinkRegistryWriter]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RalinkRegistryWriter64]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-12  19:45:08
ComboFix-quarantined-files.txt  2014-11-13 05:45
.
Pre-Run: 485,403,426,816 bytes free
Post-Run: 490,038,439,936 bytes free
.
- - End Of File - - F27A75E8F842B7EF62B6F483E445DE15
AF00FC1920E1CF861B39B90A4375EDF3

  • 0

#25
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I've gotten one URL:MAL warning since doing the Clean Boot.

 

When should I go back to normal start up?


  • 0

Advertisements


#26
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

The URL:MAL warning (during Clean Boot); was this from Chrome or ??


  • 0

#27
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

yes, in Chrome process.


  • 0

#28
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

HiHelen,

Thanks for the logs and reporting on the Clean Boot operations. I had actually hoped that would correct the error but it seems something is 'stuck' in Chrome and or the default profile for Chrome. Let's try the profile first.

Also, if you are not doing so already (as the Clean Boot was just a test to see if the URL:MAL was related to the programs / services that were temporarily disabled) please return to normal booting.

To create a fresh profile in Chrome:

Enter the keyboard shortcut Windows key +E to open Windows Explorer.
 
In the Windows Explorer window that appears enter the following in the address bar.
Windows XP: %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\
Windows Vista/ Windows 7/ Windows 8: %LOCALAPPDATA%\Google\Chrome\User Data\

 

Locate the folder called "Default" in the directory window that opens and rename it as "Backup default."

 

Try opening Google Chrome again. A new "Default" folder is automatically created as you start using the browser.

Please test this and see if the URL:MAL returns (to or from Google Chrome that is).


  • 0

#29
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Returned to normal booting, restarted the computer, and created a fresh profile in Chrome.


  • 0

#30
HiHelen

HiHelen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Just got a URL:MAL threat detected in Chrome process. :(


  • 0






Similar Topics


Also tagged with one or more of these keywords: URL:MAL

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP