Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Hijacker removal


  • Please log in to reply

#1
RiffRaffCat75

RiffRaffCat75

    Member

  • Member
  • PipPipPip
  • 142 posts

OK guys, I've tried eveything I can think of and then some. I've used all the regular known ways to get this laptop back to working again and nothing has worked. All my browsers are still hijacked and I am redirected to other websites and have lots of pop ups. Please help!

I have tried;

1. RKill, it found nothing

2. Kaspersky TDSSkiller, it found nothing

3. HitmanPro, and it found a few things, and got rid of them, but I still have the same issues

4. Malwarebytes, it found nothing

5. Super Antispyware, it found nothing

6. Comodo Internet Security, it found nothing

 

I ran them all in normal windows 7 mode and in safe mode, but nothing changed after all the scans. I also ran all the scan as admin, but that did nothing either. As you can see, I'm at a loss on this one. Any help would be grately appreciated.


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Lets start with basic adware scans

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    Thanks
    Joe :)

  • 0

#3
RiffRaffCat75

RiffRaffCat75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts

Ok, here are the reports. I did the AdwClearner and when it did a restart, the machine was all messed up. Couple different services were off, no internet at all, no internet security software, some windows services and some other stuff that I don't remember. The last time it did this same thing I had to do a system restore to get it to work again.

 

# AdwCleaner v4.106 - Report created 28/12/2014 at 22:04:59
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tara - TARA-PC
# Running from : E:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : YahooAUService

***** [ Files / Folders ] *****

File Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bukg6d0w.default-1391961009061\user.js
Folder Found : C:\ProgramData\15319530837096859451
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Uniblue\DriverScanner
Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
Folder Found : C:\Users\Tara\AppData\Roaming\catalina – print savings
Folder Found : C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
Folder Found : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bukg6d0w.default-1391961009061\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.searchoholic.info/?pid=21073&r=2014/12/26&hid=16142306429875775313&lg=EN&cc=US&unqvl=72

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[bukg6d0w.default-1391961009061] - Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[bukg6d0w.default-1391961009061] - Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.searchoholic.info/?pid=21073&r=2014/12/26&hid=16142306429875775313&lg=EN&cc=US&unqvl=72&l=1&q=");
[bukg6d0w.default-1391961009061] - Line Found : user_pref("browser.search.order.1", "WebSearch");
[bukg6d0w.default-1391961009061] - Line Found : user_pref("browser.search.order.1,S", "WebSearch");
[bukg6d0w.default-1391961009061] - Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[bukg6d0w.default-1391961009061] - Line Found : user_pref("extensions.9TgMw57f4zU6CIS1.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[bukg6d0w.default-1391961009061] - Line Found : user_pref("extensions.R5SATeA6TFbZgl8k.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]

-\\ Google Chrome v39.0.2171.95

[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bbmegnmpleoagolcnjnejdacakedpcgd
[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : iflpcokdamgefbghpdipcibmhlkdopop

*************************

AdwCleaner[R0].txt - [7231 octets] - [28/12/2014 22:04:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7291 octets] ##########
# AdwCleaner v4.106 - Report created 29/12/2014 at 21:03:04
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tara - TARA-PC
# Running from : E:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : YahooAUService

***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\15319530837096859451
Folder Found : C:\Users\Tara\AppData\Roaming\catalina – print savings
Folder Found : C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
Folder Found : C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bukg6d0w.default-1391961009061\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.searchoholic.info/?pid=21073&r=2014/12/26&hid=16142306429875775313&lg=EN&cc=US&unqvl=72

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[bukg6d0w.default-1391961009061] - Line Found : user_pref("extensions.9TgMw57f4zU6CIS1.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[bukg6d0w.default-1391961009061] - Line Found : user_pref("extensions.R5SATeA6TFbZgl8k.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]

-\\ Google Chrome v39.0.2171.95

[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [12614 octets] - [28/12/2014 22:04:59]
AdwCleaner[S0].txt - [7305 octets] - [28/12/2014 22:07:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12735 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tara on Mon 12/29/2014 at 20:03:57.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1859080137-3721507021-1121226713-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Tara\AppData\Roaming\mozilla\firefox\profiles\bukg6d0w.default-1391961009061\prefs.js

user_pref("extensions.9TgMw57f4zU6CIS1.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.R5SATeA6TFbZgl8k.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/29/2014 at 20:43:55.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Here is the RKill report too. Did know if it would be of any use so decided to post just in case. It was ran before all the others.

 

 

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 12/29/2014 07:12:18 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/29/2014 07:14:54 PM
Execution time: 0 hours(s), 2 minute(s), and 35 seconds(s)
 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

In the adwCleaner exercise, you only did a scan

# AdwCleaner v4.106 - Report created 29/12/2014 at 21:03:04
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tara - TARA-PC
# Running from : E:\AdwCleaner.exe <[------ Please download tools to the desktop so they run from there.
# Option : Scan


Please run adwcleaner again, click scan, click report, click clean.

Post that log, it will show the deletions, your first log only shows what was found, we need to delete by running the clean option.
  • 0

#5
RiffRaffCat75

RiffRaffCat75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts

That's what I did and that's the report it gave me.


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
OK,

This has to be download to the desktop or it will not work, post both log reports please.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#7
RiffRaffCat75

RiffRaffCat75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts

OK I see how what I did and what you said are 2 different things. I forgot to copy it to the desktop, but I ran it again and got this report after it rebooted. This would be the second report, from the second scan.

 

# AdwCleaner v4.106 - Report created 29/12/2014 at 22:36:46
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tara - TARA-PC
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[bukg6d0w.default-1391961009061\prefs.js] - Line Deleted : user_pref("extensions.9TgMw57f4zU6CIS1.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[bukg6d0w.default-1391961009061\prefs.js] - Line Deleted : user_pref("extensions.R5SATeA6TFbZgl8k.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

-\\ Google Chrome v39.0.2171.95

[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [12832 octets] - [28/12/2014 22:04:59]
AdwCleaner[R1].txt - [1874 octets] - [29/12/2014 22:14:09]
AdwCleaner[S0].txt - [12221 octets] - [28/12/2014 22:07:58]
AdwCleaner[S1].txt - [1589 octets] - [29/12/2014 22:36:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1649 octets] ##########
 


  • 0

#8
RiffRaffCat75

RiffRaffCat75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts

OK working on it now.


  • 0

#9
RiffRaffCat75

RiffRaffCat75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts

First log;

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Tara (administrator) on TARA-PC on 29-12-2014 22:53:55
Running from C:\Users\Tara\Desktop
Loaded Profile: Tara (Available profiles: Tara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(BitTorrent Inc.) C:\Users\Tara\AppData\Roaming\uTorrent\uTorrent.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-09] (COMODO)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-12-28] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\Run: [uTorrent] => C:\Users\Tara\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-11] (BitTorrent Inc.)
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\RunOnce: [Adobe Speed Launcher] => 1419911359
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {1788e690-2e4e-11e1-9c98-002622f6b188} - E:\iStudio.exe
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {3c56e40e-1de1-11e1-8b5b-002622f6b188} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {4ea64971-cded-11e2-97f8-002622f6b188} - F:\LaunchU3.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {04DA5C94-177F-4D4D-83E1-6CD897866D6E} URL = http://www.google.co...&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {823AF490-3221-41B8-B2C5-E41DF9A0AC7F} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL =
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bukg6d0w.default-1391961009061
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1859080137-3721507021-1121226713-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Tara\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-1859080137-3721507021-1121226713-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Tara\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bukg6d0w.default-1391961009061\Extensions\[email protected] [2014-11-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-01-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-01-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Web) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2014-12-16]
CHR Extension: (bokeha2) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgelifppepplifgopjhicenilabkedg [2014-06-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-17]
CHR Extension: (eBay) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-06-13]
CHR Extension: (Google Cast) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-02-09]
CHR Extension: (Facebook) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-06-13]
CHR Extension: (Books of the Day) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdmgncnkffeankemamkodegfhijldpn [2014-06-17]
CHR Extension: (Google Search) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-17]
CHR Extension: (Netflix) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-06-17]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-09-24]
CHR Extension: (Pandora) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-06-13]
CHR Extension: (Free Nook Books) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcfladddnnnjkjdfbfjcpgljdclaibfc [2014-06-17]
CHR Extension: (My Browser Page) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2014-06-13]
CHR Extension: (Pinterest ™ ) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldekkfiehnegbjkcmalkfcgfecambndd [2014-06-17]
CHR Extension: (Browse Save Win) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-12-26]
CHR Extension: (Google Maps) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-17]
CHR Extension: (Google Mail Checker) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-07-07]
CHR Extension: (WeatherBug) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-17]
CHR Extension: (Show Apps in new tab) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip [2014-06-17]
CHR Extension: (Adblock Pro) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-11-11]
CHR Extension: (My Chrome Theme) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-06-13]
CHR Extension: (Picasa) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-06-13]
CHR Extension: (Instagram for Chrome) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-22]
CHR Extension: (Gmail) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR Extension: (Send Link by Email or Gmail) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcgkgghkdfgfhiidfjkhmainebgmklf [2014-07-19]
CHR Extension: (App Launcher Customizer for Google™) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm [2014-06-13]
CHR Extension: (UnisaleS) - C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf\ [2014-06-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-28] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
S4 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-08-13] (Macrovision Europe Ltd.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
S2 MCSTRM; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2010-09-28] (Apple, Inc.) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 22:53 - 2014-12-29 22:55 - 00021797 _____ () C:\Users\Tara\Desktop\FRST.txt
2014-12-29 22:53 - 2014-12-29 22:53 - 02123264 _____ (Farbar) C:\Users\Tara\Desktop\FRST64.exe
2014-12-29 22:53 - 2014-12-29 22:53 - 00000000 ____D () C:\FRST
2014-12-29 22:52 - 2014-12-29 22:52 - 00001090 _____ () C:\Users\Tara\Desktop\AdwCleaner[S2].txt
2014-12-29 22:41 - 2014-12-29 22:41 - 02173952 _____ () C:\Users\Tara\Desktop\AdwCleaner.exe
2014-12-29 22:40 - 2014-12-29 22:40 - 00001733 _____ () C:\Users\Tara\Desktop\AdwCleaner[S1].txt
2014-12-29 21:14 - 2014-12-29 21:14 - 00012832 _____ () C:\Users\Tara\Desktop\AdwCleaner[R0].txt
2014-12-29 20:43 - 2014-12-29 20:43 - 00002020 _____ () C:\Users\Tara\Desktop\JRT.txt
2014-12-29 00:41 - 2014-12-29 00:41 - 00000000 ____D () C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0
2014-12-29 00:38 - 2014-12-29 00:38 - 04909382 _____ () C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip
2014-12-28 23:24 - 2014-12-28 23:50 - 00000000 ____D () C:\Users\Tara\Doctor Web
2014-12-28 22:28 - 2014-12-28 22:28 - 00000000 ____D () C:\windows\ERUNT
2014-12-28 22:04 - 2014-12-29 22:45 - 00000000 ____D () C:\AdwCleaner
2014-12-28 21:48 - 2014-12-28 23:13 - 00009890 _____ () C:\windows\system32\.crusader
2014-12-28 21:30 - 2014-12-28 21:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-28 21:24 - 2014-12-29 19:14 - 00002040 _____ () C:\Users\Tara\Desktop\Rkill.txt
2014-12-28 21:22 - 2014-12-28 21:22 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-28 21:21 - 2014-12-28 21:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-28 21:20 - 2014-12-28 21:20 - 00638888 _____ (Oracle Corporation) C:\Users\Tara\Downloads\chromeinstall-8u25.exe
2014-12-28 20:12 - 2014-12-28 20:12 - 00000000 __SHD () C:\Users\Tara\AppData\Local\EmieBrowserModeList
2014-12-28 18:35 - 2014-12-28 18:35 - 00000000 ____D () C:\Users\Tara\Downloads\new_patient_forms
2014-12-27 23:49 - 2014-12-28 20:21 - 00000000 ____D () C:\NPE
2014-12-27 23:00 - 2014-12-28 21:22 - 00000000 ____D () C:\Users\Tara\AppData\Local\NPE
2014-12-27 22:59 - 2014-12-27 23:00 - 03060320 ____N (Symantec Corporation) C:\Users\Tara\Downloads\NPE.exe
2014-12-27 21:08 - 2014-12-27 21:08 - 00017153 _____ () C:\Users\Tara\Documents\CisReport_x64_v8.0.0.4344_20141227-210803.zip
2014-12-27 20:57 - 2014-12-27 20:57 - 00016802 _____ () C:\Users\Tara\Documents\CisReport_x64_v8.0.0.4344_20141227-205705.zip
2014-12-27 19:37 - 2014-12-27 19:37 - 00000276 _____ () C:\windows\Tasks\Uninstaller_SkipUac_Tara.job
2014-12-27 19:16 - 2014-12-29 22:45 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-12-27 19:16 - 2014-12-27 19:16 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-12-27 19:16 - 2014-12-27 19:16 - 00000000 ____D () C:\windows\System32\Tasks\COMODO
2014-12-27 19:16 - 2014-12-27 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-12-27 19:15 - 2014-12-27 19:15 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-27 19:15 - 2014-12-27 19:15 - 00000000 ____D () C:\Program Files\COMODO
2014-12-27 19:13 - 2014-12-27 19:16 - 00000000 ____D () C:\ProgramData\Comodo
2014-12-27 19:13 - 2014-12-27 19:13 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-12-27 19:12 - 2014-12-27 19:12 - 00000000 ____D () C:\windows\pss
2014-12-27 18:57 - 2014-12-29 22:46 - 00072582 _____ () C:\windows\PFRO.log
2014-12-27 18:57 - 2014-12-29 22:46 - 00000560 _____ () C:\windows\setupact.log
2014-12-27 18:57 - 2014-12-27 18:57 - 00000000 _____ () C:\windows\setuperr.log
2014-12-27 01:02 - 2014-12-27 01:04 - 17011275 _____ () C:\Users\Tara\Downloads\Attachments_20141227.zip
2014-12-26 02:21 - 2014-12-26 02:21 - 00000000 ____D () C:\windows\SysWOW64\X86
2014-12-26 02:21 - 2014-12-26 02:21 - 00000000 ____D () C:\windows\SysWOW64\AMD64
2014-12-26 02:20 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\Browse Save Win
2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\YoUtubeeAAdBBloccke
2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\unIsuales
2014-12-26 02:18 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\UnisaleS
2014-12-26 02:18 - 2014-12-26 02:18 - 00000000 ____D () C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf
2014-12-24 23:51 - 2014-12-24 23:51 - 04277052 _____ () C:\Users\Tara\Downloads\new_patient_forms.zip
2014-12-24 18:33 - 2014-12-24 18:33 - 00000498 _____ () C:\Users\Tara\Desktop\sdfbsfb.txt
2014-12-24 18:33 - 2014-12-24 18:33 - 00000233 _____ () C:\Users\Tara\Desktop\mvlskfn.txt
2014-12-23 19:55 - 2014-12-23 19:55 - 00000000 ____D () C:\Users\Tara\Downloads\collagesetcatherinealise20x24
2014-12-23 19:41 - 2014-12-23 19:55 - 195454418 _____ () C:\Users\Tara\Downloads\collagesetcatherinealise20x24.zip
2014-12-22 15:38 - 2014-12-22 15:38 - 00000000 ____D () C:\Users\Tara\Downloads\ChristmasSeries
2014-12-22 15:35 - 2014-12-22 15:37 - 92095222 _____ () C:\Users\Tara\Downloads\ChristmasSeries.zip
2014-12-22 00:03 - 2014-12-22 00:05 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-12-22 00:02 - 2014-12-22 00:02 - 00002048 _____ () C:\Users\Public\Desktop\Canon My Image Garden.lnk
2014-12-20 23:47 - 2014-12-20 23:48 - 00000000 ____D () C:\Users\Tara\Desktop\digital backdrops
2014-12-20 23:06 - 2014-12-28 19:29 - 00000000 ____D () C:\Users\Tara\Desktop\slide show folder
2014-12-20 20:20 - 2014-12-20 20:20 - 00000000 ____D () C:\Users\Tara\Documents\Version Cue
2014-12-20 20:20 - 2014-12-20 20:20 - 00000000 ____D () C:\Users\Tara\Documents\AdobeStockPhotos
2014-12-20 16:17 - 2014-12-20 16:18 - 16530461 _____ () C:\Users\Tara\Downloads\Attachments_20141220.zip
2014-12-18 20:31 - 2014-12-18 20:31 - 00000000 ____D () C:\Users\Tara\AppData\Local\Apple Computer
2014-12-17 21:37 - 2014-12-20 02:17 - 00000000 ____D () C:\Users\Tara\AppData\Local\Adobe
2014-12-17 20:56 - 2014-12-17 20:56 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-17 20:56 - 2014-12-17 20:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-17 16:47 - 2014-12-17 16:47 - 00000000 ____D () C:\Users\Tara\AppData\Local\Apple
2014-12-12 10:46 - 2014-12-12 10:46 - 00000000 ____H () C:\asc_rdflag
2014-12-09 22:09 - 2014-12-09 22:09 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-09 16:48 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-09 16:48 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-09 16:48 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-09 16:48 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-09 16:48 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-09 16:48 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-09 16:48 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-09 16:48 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-09 16:48 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-09 16:48 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-09 16:42 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-09 16:42 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-09 16:42 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-09 16:42 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-09 16:42 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-09 16:42 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-09 16:42 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-09 16:42 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-09 16:42 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-09 16:42 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-09 16:42 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-09 16:42 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-09 16:42 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 16:42 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-09 16:42 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-09 16:42 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-09 16:42 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-09 16:42 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-09 16:42 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-09 16:42 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-09 16:42 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-09 16:42 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-09 16:42 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-09 16:42 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-09 16:42 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-09 16:42 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 16:42 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-09 16:42 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-09 16:42 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-09 16:42 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-09 16:42 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-09 16:42 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-09 16:42 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-09 16:42 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-09 16:42 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-09 16:41 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-09 16:41 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-09 16:41 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-09 16:41 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-09 16:41 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-09 16:41 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-09 16:41 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-09 16:41 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-09 16:41 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-09 16:41 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-09 16:41 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-09 16:41 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-09 16:41 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-09 16:41 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-09 16:41 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-09 16:41 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-09 16:41 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-09 16:41 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-09 16:41 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-09 16:41 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-09 16:41 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-09 16:41 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-09 16:41 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-09 16:41 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-09 16:41 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-09 16:41 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-09 16:41 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-09 16:41 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-09 16:41 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-09 16:41 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-09 16:39 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-09 16:39 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-09 16:38 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-09 16:38 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-09 16:38 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-09 16:38 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-09 16:38 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-09 16:38 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-09 16:38 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-09 16:38 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-09 16:38 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 16:38 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-09 16:38 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-09 16:38 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 00:20 - 2014-12-09 00:20 - 00792648 _____ (COMODO) C:\windows\system32\Drivers\cmdguard.sys
2014-12-09 00:20 - 2014-12-09 00:20 - 00437792 _____ (COMODO) C:\windows\system32\guard64.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00354520 _____ (COMODO) C:\windows\system32\cmdvrt64.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00352272 _____ (COMODO) C:\windows\SysWOW64\guard32.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00286424 _____ (COMODO) C:\windows\SysWOW64\cmdvrt32.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00104608 _____ (COMODO) C:\windows\system32\Drivers\inspect.sys
2014-12-09 00:20 - 2014-12-09 00:20 - 00045880 _____ (COMODO) C:\windows\system32\Drivers\cmdhlp.sys
2014-12-09 00:20 - 2014-12-09 00:20 - 00045784 _____ (COMODO) C:\windows\system32\cmdkbd64.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00040736 _____ (COMODO) C:\windows\system32\cmdcsr.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00040664 _____ (COMODO) C:\windows\SysWOW64\cmdkbd32.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00020184 _____ (COMODO) C:\windows\system32\Drivers\cmderd.sys
2014-12-08 13:50 - 2014-12-08 13:51 - 00000000 ____D () C:\Users\Tara\Downloads\9 zip files
2014-12-08 13:50 - 2014-12-08 13:50 - 00000000 ____D () C:\Users\Tara\Downloads\8 digi backgrounds N overlays
2014-12-08 13:44 - 2014-12-08 13:45 - 00000000 ____D () C:\Users\Tara\Downloads\1 movies
2014-12-06 22:48 - 2014-12-06 22:51 - 00000000 ____D () C:\Users\Tara\Desktop\Witches of East End

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 22:54 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 22:54 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 22:53 - 2012-03-31 21:23 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 22:53 - 2011-01-19 19:38 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\uTorrent
2014-12-29 22:51 - 2014-06-19 12:21 - 01301205 _____ () C:\windows\WindowsUpdate.log
2014-12-29 22:48 - 2010-01-27 22:37 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 22:47 - 2013-06-30 20:46 - 00000198 _____ () C:\windows\Tasks\AutoKMS.job
2014-12-29 22:46 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-29 21:31 - 2014-08-26 19:12 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 21:27 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-29 21:24 - 2014-11-18 18:13 - 00002156 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2014-12-29 21:23 - 2010-01-27 20:35 - 00000000 ____D () C:\Users\Tara
2014-12-29 20:23 - 2010-01-27 22:37 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 19:46 - 2010-01-28 18:42 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-29 19:07 - 2013-06-30 20:46 - 00000202 _____ () C:\windows\Tasks\AutoKMSDaily.job
2014-12-29 00:42 - 2014-08-03 10:44 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-28 23:50 - 2013-03-24 17:41 - 00000000 ____D () C:\Users\Tara\Documents\Tools
2014-12-28 22:21 - 2014-06-19 12:08 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\ProductData
2014-12-28 22:21 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-28 22:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-12-28 21:25 - 2009-07-14 00:13 - 00920378 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-28 21:21 - 2013-10-21 20:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-28 00:09 - 2014-06-19 12:07 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-27 23:00 - 2009-12-08 07:09 - 00000000 ____D () C:\ProgramData\Norton
2014-12-27 22:55 - 2011-12-24 01:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-26 01:26 - 2013-08-30 21:15 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\vlc
2014-12-24 18:33 - 2014-07-28 16:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-22 00:03 - 2013-07-16 12:21 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\Canon
2014-12-21 23:58 - 2014-07-29 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-12-21 23:57 - 2011-04-16 15:35 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-12-21 01:45 - 2013-05-14 21:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-20 23:02 - 2013-03-24 11:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-20 23:02 - 2013-03-24 11:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-20 20:20 - 2010-01-27 20:45 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\Adobe
2014-12-16 11:36 - 2013-03-24 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 15:03 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-12 20:11 - 2012-05-07 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 19:01 - 2013-01-19 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-12 10:46 - 2014-08-25 22:18 - 48254976 _____ () C:\windows\system32\config\COMPONENTS.iodefrag.bak
2014-12-12 10:46 - 2014-06-29 20:34 - 96129024 _____ () C:\windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-12 10:46 - 2014-06-29 20:34 - 00344064 _____ () C:\windows\system32\config\DEFAULT.iodefrag.bak
2014-12-12 10:46 - 2014-06-29 20:34 - 00057344 _____ () C:\windows\system32\config\SAM.iodefrag.bak
2014-12-12 10:46 - 2014-06-29 20:34 - 00024576 _____ () C:\windows\system32\config\SECURITY.iodefrag.bak
2014-12-09 22:09 - 2014-05-26 21:52 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-09 22:09 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-09 22:09 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-09 17:01 - 2009-12-08 06:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 16:58 - 2013-08-27 22:05 - 00000000 ____D () C:\windows\system32\MRT
2014-12-09 15:15 - 2013-11-17 21:58 - 00002073 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-08 19:21 - 2010-03-06 15:58 - 00000000 ____D () C:\Users\Tara\Documents\My Docs
2014-12-08 19:18 - 2010-03-22 09:18 - 00000000 ____D () C:\Users\Tara\Documents\notepad
2014-12-08 13:49 - 2014-09-15 15:38 - 00000000 ____D () C:\Users\Tara\Downloads\5 software
2014-12-08 13:47 - 2014-07-10 17:04 - 00000000 ____D () C:\Users\Tara\Downloads\2 TV shows
2014-12-08 13:47 - 2014-06-19 11:37 - 00000000 ____D () C:\Users\Tara\Downloads\3 actions
2014-12-04 18:28 - 2014-08-03 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 18:28 - 2014-08-03 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-04 18:28 - 2012-01-01 00:51 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

Some content of TEMP:
====================
C:\Users\Tara\AppData\Local\Temp\Quarantine.exe
C:\Users\Tara\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 00:26

==================== End Of Log ============================

 

 

Second log, addition;

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Tara at 2014-12-29 22:56:13
Running from C:\Users\Tara\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.31 - Piriform)
COMODO Internet Security Premium (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
G-Force (HKLM-x32\...\G-Force) (Version: 3.9.1 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Helium Music Manager 8.6.3 (HKLM-x32\...\{BA722179-62EA-4090-923D-D324CE1A691D}}_is1) (Version: 8.6.3.10770 - Intermedia Software)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 5.5.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 5.5.0 - )
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
Magic DVD Copier V6.0.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version:  - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
OverDrive Media Console (HKLM-x32\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)
[email protected] (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Sansa Updater (HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
SUPERAntiSpyware Free Edition (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.34.0.1000 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.9.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.2 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Utility Common Driver (x32 Version: 1.0.50.26C - TOSHIBA) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)

==================== Restore Points  =========================

17-12-2014 20:55:42 Windows Modules Installer
19-12-2014 18:37:51 Windows Update
22-12-2014 20:06:54 Windows Update
25-12-2014 22:30:03 Windows Update
27-12-2014 19:14:20 Installing COMODO Internet Security Premium
27-12-2014 19:15:52 Device Driver Package Install: COMODO Network Service
28-12-2014 20:56:41 IObit Uninstaller restore point
28-12-2014 21:04:28 IObit Uninstaller restore point
28-12-2014 21:47:01 Checkpoint by HitmanPro
28-12-2014 21:48:04 Checkpoint by HitmanPro
28-12-2014 22:03:20 Checkpoint by HitmanPro
28-12-2014 22:18:48 Restore Operation
28-12-2014 23:13:28 Checkpoint by HitmanPro
29-12-2014 19:32:40 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03F9070A-5A20-40E3-B751-5C21C3891F48} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: {1C5D2BC5-FE07-4F93-9EBD-E6EE923FD22F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {1EC71138-9E7D-4616-BCB0-F698035F9EF3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {47D15932-46E7-4773-B0A2-0DCB921B3662} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49577359-A6B6-49AB-91A2-21684EB026BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {578F1192-1993-4CFB-BE8D-0313179F3C0A} - System32\Tasks\ASC8_SkipUac_Tara => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {58153365-5162-40A0-9C21-8C1177CAB3B1} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {64F13734-F1FB-4772-886A-BAD5126771FE} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {728DFC5B-7877-4328-B355-A02437F8307C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {8E9A080E-70F4-4915-8820-0F219DD6DFA3} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit)
Task: {9A410B12-0A63-4721-9B24-28099D99C093} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {C846FC04-7914-474A-90B6-D53F3F11A11A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-28] (Adobe Systems Incorporated)
Task: {CE05969B-0FC9-45B3-BBBF-01DF0F43A336} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {DD6900B1-4F3D-46F5-BED2-E8B920BFA00B} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {E005A836-F296-442D-B094-F37CE6C45A38} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC91DDAC-E007-4907-A47C-40E02A461AE8} - System32\Tasks\Uninstaller_SkipUac_Tara => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {F7368C04-0816-44B5-A260-8740FCBE8EF3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Uninstaller_SkipUac_Tara.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-11-18 18:13 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-18 18:13 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2014-11-18 18:13 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2014-11-18 18:13 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-11-18 18:13 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
2014-11-18 18:13 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2014-11-18 18:13 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-11-18 18:13 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-11-18 18:13 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AVG Security Toolbar Service => 3
MSCONFIG\Services: avg9emc => 2
MSCONFIG\Services: avg9wd => 2
MSCONFIG\Services: avgfws9 => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: EpsonBidirectionalService => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MemeoBackgroundService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RoxLiveShare10 => 2
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: RoxWatch10 => 2
MSCONFIG\Services: SeagateDashboardService => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WiseBootAssistant => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: AVG9_TRAY => C:\PROGRA~2\AVG\AVG9\avgtray.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Epson Stylus NX620(Network) => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\windows\TEMP\E_SFCC1.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON Stylus Photo R260 Series => C:\windows\system32\spool\DRIVERS\x64\3\E_FATIBNA.EXE /FU "C:\windows\TEMP\E_SD15E.tmp" /EF "HKCU"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_CB0F7EF6A810D47789A3AC93099048CC => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
MSCONFIG\startupreg: Memeo AutoSync => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NapsterShell => C:\Program Files (x86)\Napster\napster.exe /systray
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SansaDispatch => C:\Users\Tara\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SearchProtection => "C:\Users\Tara\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: uTorrent => "C:\Users\Tara\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-1859080137-3721507021-1121226713-500 - Administrator - Disabled)
Guest (S-1-5-21-1859080137-3721507021-1121226713-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1859080137-3721507021-1121226713-1002 - Limited - Enabled)
Tara (S-1-5-21-1859080137-3721507021-1121226713-1001 - Administrator - Enabled) => C:\Users\Tara

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/29/2014 10:47:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC        :20" could not be registered on the interface with IP address 192.168.1.10.
The computer with the IP address 192.168.1.6 did not allow the name to be claimed by
this computer.

Error: (12/29/2014 10:47:23 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{ABBD19A7-87D5-4393-8868-5DFD67803C94} because another computer on the network has the same name.  The server could not start.

Error: (12/29/2014 10:47:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (12/29/2014 10:47:04 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC        :0" could not be registered on the interface with IP address 192.168.1.10.
The computer with the IP address 192.168.1.6 did not allow the name to be claimed by
this computer.

Error: (12/29/2014 10:46:29 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/29/2014 10:46:29 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/29/2014 10:38:51 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC        :20" could not be registered on the interface with IP address 192.168.1.10.
The computer with the IP address 192.168.1.6 did not allow the name to be claimed by
this computer.

Error: (12/29/2014 10:38:51 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{ABBD19A7-87D5-4393-8868-5DFD67803C94} because another computer on the network has the same name.  The server could not start.

Error: (12/29/2014 10:38:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (12/29/2014 10:38:13 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC        :0" could not be registered on the interface with IP address 192.168.1.10.
The computer with the IP address 192.168.1.6 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Turion™ II Dual-Core Mobile M520
Percentage of memory in use: 42%
Total physical RAM: 3838.36 MB
Available physical RAM: 2201.07 MB
Total Pagefile: 7674.9 MB
Available Pagefile: 5785.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105757W0A) (Fixed) (Total:287.7 GB) (Free:99.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (LEXAR) (Removable) (Total:14.61 GB) (Free:14.4 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: D06ABEA8)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.6 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End Of Log ============================


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
AV: Microsoft Security Essentials
AV: COMODO Antivirus

Can't have 2 Anti Virus programs installed, even if one is disabled.

What Anti Virus do you want to keep ?
  • 0

Advertisements


#11
RiffRaffCat75

RiffRaffCat75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts

OK, I'll uninstall the MSE now. I'll keep the comodo.


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
I'd consider uninstalling
Advanced SystemCare 8

Windows does not need these programs they cause nothing but issues, like you're having.


Did you turn off all these programs or stop them from starting ?

MSCONFIG\startupreg: SearchProtection => "C:\Users\Tara\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


  • 0

#13
RiffRaffCat75

RiffRaffCat75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts

Ok MSE has been uninstalled.


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
See my post above I think you missed it, post 12
  • 0

#15
RiffRaffCat75

RiffRaffCat75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts

From what I can tell, they have been turned off.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP