Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Conflicting Protection? [Closed]


  • This topic is locked This topic is locked

#1
Jvescov1

Jvescov1

    Member

  • Member
  • PipPip
  • 59 posts

Hi there i received such great help in another area of the forums i thought id give this a try over here. I've received some help from another site in the past that had me downloading quite a few programs over the years and id basically like to know what is necessary and what i could live without pretty much also would love to get a clean bill of health on my PC if possible. Thanks so much for the Help!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015
Ran by Joseph (administrator) on JOSEPH-PC on 07-06-2015 15:02:16
Running from C:\Users\Joseph\Downloads
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(NETGEAR) C:\Program Files\NETGEAR\WN111v2\WN111v2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
() C:\Windows\Runservice.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe.old
(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Xobni Corporation) C:\Program Files\Xobni\XobniService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-RunApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304 2013-03-06] (AVAST Software)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-14] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [884440 2015-05-07] (BlueStack Systems, Inc.)
HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe [544768 2008-09-19] (Motive Communications, Inc.) <===== ATTENTION
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2012-04-08]
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2013-03-06] (AVAST Software)
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2013-08-2621:04:23&v=18.5.0.909&pid=safeguard&sg=0&sap=hp
SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
SearchScopes: HKLM -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...mrud=08-07-2010
SearchScopes: HKLM -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://startsear.ch/...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = http://search.condui...3082936225&UM=2
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...mrud=08-07-2010
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...E594AB&tsp=5004
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = http://search.condui...3082936225&UM=2
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {34D2BA0D-EE4A-41E8-B176-CB5CD0638CFC} URL = http://www.att.net/s...t2=Search Yahoo
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {675C3109-8FD5-4F4F-BA3E-0CB46B6DA0CA} URL = http://search.condui...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {8E02D41C-5924-4816-9490-33CCD28BEB72} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....fr&d=2013-08-2621:04:23&v=15.6.1.2&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {A8EF7510-0694-4821-81CB-4F8249E441AE} URL = http://search.yahoo....ms}&fr=chr-atty
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://startsear.ch/...q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-06-04] (IObit)
BHO: AccelerateTab -> {48A789BF-F6D6-4930-9C8B-77855A63EDE1} -> C:\Program Files\Secure Speed Dial\IE\SpeedDial.dll [2014-05-26] (Secure Speed Dial)
BHO: No Name -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll [2015-05-14] (AVG Secure Search)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File
BHO: Adblock -> {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} -> C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll [2014-06-17] (Adblock)
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-06] (AVAST Software)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll [2015-05-14] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: javascript - No CLSID Value - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232 2009-08-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default
FF NewTab: hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=4E0C0019D1E594AB&tsp=5004
FF DefaultSearchEngine: 
FF DefaultSearchUrl: 
FF Homepage: hxxp://mysearch.avg.com/?cid={B07D9E15-0CCE-4409-BDE5-174C9E77CA75}&mid=db26c891e11a47d3b6bed15097017d58-e7cb49739f079b51e65b1a425a1abfc0094586e7&lang=en&ds=AVG&pr=fr&d=2013-08-26 21:04:23&v=18.0.5.292&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/O3DPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @tools.google.com/Google Update;version=8 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-19] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF user.js: detected! => C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\user.js [2015-06-05]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aol-search.xml [2012-11-14]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\safeguard-secure-search.xml [2013-08-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF Extension: Delta Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2013-09-13]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-06-04]
FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected](302).net [2014-12-13]
FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]
FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected](303).net [2014-12-13]
FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]
FF Extension: Platinum Hide IP - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2011-08-10]
FF Extension: KeyBar 1.13  - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [2013-08-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-08]
FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-08-18]
FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127) [2009-09-09]
FF Extension: Vafmusic  - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [2013-08-11]
FF Extension: WhiteSmoke New  - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [2013-08-18]
FF Extension: Address Bar Search - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
FF Extension: FreeHDSport.TV - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2012-12-16]
FF Extension: GoPhotoIt - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2012-07-31]
FF Extension: HDvid Codec 3 - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2013-06-30]
FF Extension: Printing Helper - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2008-11-21]
FF Extension: Personas Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2013-04-04]
FF Extension: Adblock Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26]
FF Extension: The Browser Highlighter - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]
FF Extension: InfoAtoms - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]
FF Extension: searchme - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909 [2015-05-14]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-08-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-05-26]
CHR Extension: (InfoAtoms) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk [2013-04-27]
CHR Extension: (Domain Error Assistant) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Slick Savings) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-05-26]
CHR Extension: (AVG SafeGuard) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-04-30]
CHR Extension: (KeyBar 1.13) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\njljkdinboobkmkihgcohanchjnjpgjk [2013-07-13]
CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-05-26]
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [hhbgpoakplhahbklhkcfbpicgjcaoglk] - C:\Program Files\InfoAtoms\Chrome\InfoAtoms.crx [2012-11-13]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\18.0.5.292\avg.crx [2014-03-21]
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-07-11]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-07-11]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-09-10] (Lavasoft)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433880 2015-05-07] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-07] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [806616 2015-05-07] (BlueStack Systems, Inc.)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2009-02-13] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]
R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()
S2 SecureUpdateSvc; C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe [2580304 2014-05-28] () <==== ATTENTION
R2 vToolbarUpdater18.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-14] (AVG Secure Search)
R2 XobniService; C:\Program Files\Xobni\XobniService.exe [44776 2009-07-14] (Xobni Corporation)
S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-03-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-03-06] (AVAST Software)
R1 AswRdr; C:\Windows\system32\Drivers\AswRdr.sys [49760 2013-03-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49248 2013-03-06] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [765736 2013-03-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [368176 2013-03-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [62376 2013-03-06] (AVAST Software)
S3 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [164736 2013-03-06] ()
U1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131288 2015-05-07] (BlueStack Systems)
S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-04] (REALiX™)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32160 2007-10-01] (PCTEL Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1963680 2006-12-05] (Microsoft Corporation)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WinRing0_1_2_0; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-07 15:02 - 2015-06-07 15:04 - 00042485 _____ C:\Users\Joseph\Downloads\FRST.txt
2015-06-07 15:01 - 2015-06-07 15:03 - 00000000 ____D C:\FRST
2015-06-07 15:00 - 2015-06-07 15:00 - 01147904 _____ (Farbar) C:\Users\Joseph\Downloads\FRST.exe
2015-06-07 12:10 - 2015-06-07 12:11 - 05487016 _____ (Microsoft Corporation) C:\Users\Joseph\Downloads\Windows8-UpgradeAssistant.exe
2015-06-07 04:13 - 2015-06-07 04:13 - 00231760 _____ C:\Users\Joseph\Downloads\CrucialScan.exe
2015-06-06 16:02 - 2015-06-06 16:02 - 00689664 _____ C:\Users\Joseph\Downloads\MicrosoftFixit50202.msi
2015-06-05 15:55 - 2015-06-05 15:55 - 00000000 ____D C:\Users\Joseph\AppData\Local\Steam
2015-06-05 13:43 - 2015-06-06 16:10 - 00013618 _____ C:\Windows\PFRO.log
2015-06-05 01:51 - 2015-06-07 01:11 - 00004978 _____ C:\Windows\IE9_main.log
2015-06-05 00:38 - 2015-06-05 00:38 - 00000000 _____ C:\Windows\setuperr.log
2015-06-05 00:38 - 2015-06-05 00:38 - 00000000 _____ C:\Windows\setupact.log
2015-06-05 00:16 - 2015-06-05 00:17 - 14617096 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-06-05 00:16 - 2015-06-05 00:16 - 24053392 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-06-05 00:16 - 2015-06-05 00:16 - 12852784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-05 00:16 - 2015-06-05 00:16 - 08590480 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-05 00:16 - 2015-06-05 00:16 - 01048720 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3235012.dll
2015-06-05 00:16 - 2015-06-05 00:16 - 00912528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3235012.dll
2015-06-05 00:16 - 2015-06-05 00:16 - 00024504 _____ C:\Windows\system32\nvinfo.pb
2015-06-05 00:15 - 2015-06-05 00:15 - 11380728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-05 00:15 - 2015-06-05 00:15 - 02573456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-05 00:13 - 2015-06-05 00:14 - 25374864 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-06-04 23:27 - 2015-06-05 01:24 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-06-04 23:27 - 2015-06-04 23:27 - 00000983 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-06-04 23:27 - 2015-06-04 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-06-04 23:27 - 2015-06-04 23:27 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-06-04 23:27 - 2015-06-04 23:27 - 00000000 ____D C:\Program Files\Common Files\IObit
2015-06-04 23:26 - 2015-06-04 23:26 - 00000925 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-06-04 23:26 - 2015-06-04 23:26 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2015-06-04 23:26 - 2015-06-04 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-06-04 23:26 - 2015-01-10 15:32 - 00109856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-06-04 23:26 - 2014-06-04 15:17 - 00031520 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-06-04 23:26 - 2014-06-04 15:17 - 00018624 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2015-06-04 23:25 - 2015-06-04 23:25 - 00023840 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO32.SYS
2015-06-04 23:25 - 2015-06-04 23:25 - 00001887 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-06-04 23:25 - 2015-06-04 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-06-01 21:40 - 2015-06-01 21:41 - 00000000 ___HD C:\BOL
2015-06-01 21:40 - 2015-06-01 21:40 - 00001684 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnlineClient.lnk
2015-06-01 21:40 - 2015-06-01 21:40 - 00001672 _____ C:\Users\Public\Desktop\BetOnlineClient.lnk
2015-06-01 21:40 - 2015-06-01 21:40 - 00000000 ____D C:\Program Files\BetOnline Client
2015-05-17 02:19 - 2015-06-07 02:24 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 23:44 - 2015-05-12 23:44 - 00000000 ____D C:\Users\Joseph\.android
2015-05-12 23:35 - 2015-05-12 23:35 - 00001638 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-12 23:18 - 2015-05-12 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-12 21:58 - 2015-05-12 21:58 - 00000348 _____ C:\Windows\Tasks\0415tbUpdateInfo.job
2015-05-12 21:58 - 2015-05-12 21:58 - 00000000 ____D C:\ProgramData\Avg_Update_0415tb
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-07 14:55 - 2008-11-15 19:31 - 00002032 _____ C:\Users\Joseph\AppData\Local\d3d9caps.dat
2015-06-07 14:33 - 2006-11-02 05:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 14:33 - 2006-11-02 05:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 14:25 - 2013-04-26 23:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 14:09 - 2012-12-29 01:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-07 13:22 - 2006-11-02 05:52 - 01266082 _____ C:\Windows\WindowsUpdate.log
2015-06-07 08:47 - 2014-03-27 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-07 08:42 - 2013-04-26 23:56 - 00000000 ____D C:\ProgramData\MFAData
2015-06-07 04:18 - 2006-11-02 03:33 - 00759368 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 01:57 - 2011-12-16 03:11 - 00000394 ____H C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
2015-06-06 18:41 - 2006-11-02 05:47 - 06062472 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-06 18:32 - 2014-02-19 20:35 - 00001865 ___SH C:\Windows\system32\mmf.sys
2015-06-06 18:29 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 16:09 - 2006-11-02 06:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-05 20:47 - 2008-11-16 15:49 - 00000000 ___RD C:\Users\Joseph\Desktop\NN  ICONS
2015-06-05 15:58 - 2013-08-18 15:41 - 00000000 ____D C:\Program Files\Steam
2015-06-05 15:56 - 2013-08-18 15:42 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-06-05 15:45 - 2009-09-10 02:08 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Media Player Classic
2015-06-05 14:39 - 2008-12-12 15:06 - 00159744 _____ C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-05 14:20 - 2009-03-05 23:19 - 00000000 ____D C:\Program Files\Common Files\Motive
2015-06-05 14:07 - 2009-02-13 00:20 - 00000000 ____D C:\Program Files\Out of the Park Developments
2015-06-05 14:05 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-06-05 14:04 - 2013-11-24 17:47 - 00000000 ____D C:\ProgramData\ProductData
2015-06-05 14:04 - 2009-08-02 17:12 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Out of the Park Developments
2015-06-05 01:35 - 2008-02-03 17:42 - 00000000 ____D C:\Temp
2015-06-05 01:17 - 2008-11-16 15:41 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-05 01:14 - 2010-07-16 03:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-05 00:37 - 2008-11-15 19:31 - 00000000 ____D C:\Users\Joseph
2015-06-05 00:16 - 2013-04-04 19:25 - 12689400 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-06-05 00:13 - 2007-09-17 09:07 - 02935416 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-06-04 23:28 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-06-04 23:26 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-05-25 19:30 - 2013-04-26 23:52 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-14 00:13 - 2013-04-27 00:04 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2015-05-13 01:18 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-12 23:19 - 2014-12-13 15:30 - 00000000 ____D C:\Program Files\BlueStacks
 
==================== Files in the root of some directories =======
 
2014-01-04 00:19 - 2014-01-04 00:19 - 49940480 _____ () C:\Program Files\GUT95BA.tmp
2015-03-01 23:11 - 2015-03-01 23:11 - 6103040 _____ () C:\Program Files\GUTC582.tmp
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2008-12-12 17:27 - 2013-04-26 23:07 - 0007887 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.cat
2008-12-12 17:27 - 2013-04-26 23:07 - 0001144 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.inf
2013-04-26 23:07 - 2013-04-26 23:07 - 0000033 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.log
2008-12-12 17:27 - 2013-04-26 23:07 - 0047360 _____ (VSO Software) C:\Users\Joseph\AppData\Roaming\pcouffin.sys
2008-11-15 19:38 - 2009-08-05 17:59 - 0023580 _____ () C:\Users\Joseph\AppData\Roaming\UserTile.png
2009-05-23 12:08 - 2010-01-09 12:46 - 0000600 _____ () C:\Users\Joseph\AppData\Roaming\winscp.rnd
2010-11-10 14:38 - 2010-11-10 14:38 - 0000000 _____ () C:\Users\Joseph\AppData\Local\AutobahnAcceleratorInstall.txt
2010-02-21 09:46 - 2010-02-21 09:46 - 0000552 _____ () C:\Users\Joseph\AppData\Local\d3d8caps.dat
2008-11-15 19:31 - 2015-06-07 14:55 - 0002032 _____ () C:\Users\Joseph\AppData\Local\d3d9caps.dat
2008-12-12 15:06 - 2015-06-05 14:39 - 0159744 _____ () C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2013592473-1583479073-1329353095-1000\$afd7bede3b150b7dc33f9425a8f88dba
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$afd7bede3b150b7dc33f9425a8f88dba
 
Files to move or delete:
====================
C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe
C:\ProgramData\LQ20O6T.dat
 
 
Some files in TEMP:
====================
C:\Users\Joseph\AppData\Local\temp\BRSVC_1947906_hlp.exe
C:\Users\Joseph\AppData\Local\temp\InstallHelper.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-07 07:18
 
==================== End of log ============================

Edited by Jvescov1, 07 June 2015 - 04:41 PM.

  • 0

Advertisements


#2
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello and Welcome! :welcome:

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user.  The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.  PLEASE be patient. ;)

I am currently in training, so there will be another person reviewing my work.  This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one... :cool:
 

  • Please note that you should have Administrator rights to perform any fixes.
     
  • Before we proceed, you may wish to print instructions for easy reference during the fix.  Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
     
  • Please understand that malware removal is a complicated, multi-step process.  Therefore please stay with me until I tell you that your system is clean.  
     
  • Please do not make any system or program changes, or run any tools unless I specifically ask you to.  Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean.    If you get stuck or have questions, please stop and ask so I can help you.
     
  • Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk.  While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
     
  • When posting logs, please Copy & Paste the log file contents into a reply.  Use multiple posts if necessary, but please do not attach them or post them on a file hosting site, unless specifically asked to do so.

OK, let's get started...

Please Copy & Paste the contents of your Addition.txt file as well.  I'm reviewing your log and will be back soon with a response.
 

 


  • 0

#3
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Hi! thank you DanoNH for the response this is the only site im working with. here is the info you requested.

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015
Ran by Joseph at 2015-06-07 15:05:39
Running from C:\Users\Joseph\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2013592473-1583479073-1329353095-500 - Administrator - Disabled)
Guest (S-1-5-21-2013592473-1583479073-1329353095-501 - Limited - Disabled)
Joseph (S-1-5-21-2013592473-1583479073-1329353095-1000 - Administrator - Enabled) => C:\Users\Joseph
UpdatusUser (S-1-5-21-2013592473-1583479073-1329353095-1006 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! antivirus (Enabled - Out of date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! antivirus (Enabled - Out of date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2Wire Wireless Manager (HKLM\...\{3CE11B98-C61C-4692-9E0E-59934761C3BE}) (Version: 1.1.8.0 - 2Wire)
2WIREUSBWLANInstaller (HKLM\...\{2EAEB0A6-582A-490B-B075-D837677365C2}) (Version: 1.00.7327 - 2WIRE, Inc.)
AccelerateTab (HKLM\...\AccelerateTab_is1) (Version: 2.6 - AccelerateTab)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.7 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
ATT-HSI (HKLM\...\ATT-HSI) (Version:  - )
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1483.0 - AVAST Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4354 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4354 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.5.0.909 - AVG Technologies)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
BetOnline Client (remove only) (HKLM\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{79809712-A577-4B8C-A9FC-51945690C7DC}) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )
Canon iP4600 series User Registration (HKLM\...\Canon iP4600 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
DiskAid 3.11 (HKLM\...\DiskAid_is1) (Version: 3.11 - DigiDNA)
DnsBasic 1.0 build 111 (HKLM\...\DnsBasic) (Version:  - )
Dream Aquarium (HKLM\...\Dream Aquarium_is1) (Version: 1.0700 - )
Dream Aquarium (HKLM\...\DreamAqua) (Version:  - )
Driver Booster 2.3 (HKLM\...\Driver Booster_is1) (Version: 2.3 - IObit)
DVD Audio Ripper 4 (HKLM\...\DVD Audio Ripper 4) (Version: 4.0.71.0314 - ImTOO)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Talk Plugin (HKLM\...\{37C5A56A-00EA-347B-B7A1-5628BED56702}) (Version: 1.8.0.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HDVidCodec (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION
InfoAtoms (HKLM\...\InfoAtoms) (Version: 1.4.0.0 - InfoAtoms)
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
IObit Malware Fighter 3 (HKLM\...\IObit Malware Fighter_is1) (Version: 3.0 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}) (Version: 10.2.2.14 - Apple Inc.)
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 5.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.1.0 - )
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{06C32EA0-4A22-4919-979A-8700715865B8}) (Version: 1.30.175.0 - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Motorola Driver Installation 4.6.0 (HKLM\...\{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}) (Version: 4.6.0 - Motorola Inc.)
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
Mplayer 0.6.9 (HKLM\...\Mplayer) (Version: 0.6.9 - )
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9728 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Out of the Park Baseball 6 (HKLM\...\Out of the Park Baseball 6) (Version:  - )
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Photoshop Cs4 Ultra 1.1 (HKLM\...\Photoshop Cs4 Ultra 1.1) (Version:  - )
Pixillion Image Converter (HKLM\...\Pixillion) (Version:  - NCH Software)
Portal 2 (HKLM\...\Postal 2_is1) (Version:  - )
Project 64 version 2.0.0.14 (HKLM\...\Project 64_is1) (Version: 2.0.0.14 - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickFreedom 1.1.0 (HKLM\...\{676B241C-AED4-400B-98FF-267773B94B11}_is1) (Version:  - Dancool999)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 2.00.0000 - NETGEAR)
Side 9 Screensaver (HKLM\...\Side 9 Screensaver) (Version:  - )
Skype™ 6.0 (HKLM\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.120 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version:  - )
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamSpeak 3 Client (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TruePoker (High Res) (HKLM\...\TruePoker (High Res)) (Version:  - )
TruePoker (HKLM\...\TruePoker) (Version:  - )
TVersity Codec Pack 1.2 (HKLM\...\TVersity Codec Pack) (Version: 1.2 - TVersity Inc.)
Videora iPod Converter 4.04 (HKLM\...\Videora iPod Converter) (Version: 4.04 - Red Kawa)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
vShare.tv plugin 1.3 (HKLM\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WinAVI Video Converter (HKLM\...\WinAVI Video Converter 10.0_is1) (Version:  - ZJ Computing,Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.2.5 (HKLM\...\winscp3_is1) (Version: 4.2.5 - Martin Prikryl)
WN111v2 (Version: 2.00.0000 - NETGEAR) Hidden
Xobni (HKLM\...\XobniMain) (Version:  - Xobni Corp.)
Xobni Core (Version: 1.0.0 - Xobni, Inc.) Hidden
Yahoo! BrowserPlus 2.7.1 (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
YouTube Downloader App 1.03 (HKLM\...\YouTube Downloader App) (Version: 1.03 - Regensoft)
YouTubeGet 5.2.3 (HKLM\...\YouTubeGet_is1) (Version:  - YouTubeGet Developer Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B0-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B1-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\gtpo3d_host.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\YBPAddon_2.7.1.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
03-06-2015 00:43:33 Scheduled Checkpoint
03-06-2015 01:01:46 Windows Update
04-06-2015 00:00:03 Scheduled Checkpoint
04-06-2015 23:51:32 Driver Booster : Atheros AR5007UG Wireless Network Adapter
05-06-2015 00:33:02 Device Driver Package Install: NVIDIA Display adapters
05-06-2015 01:18:30 Windows Update
05-06-2015 14:22:59 Removed Path of Exile
06-06-2015 16:02:55 Installed Microsoft Fix it 50202
07-06-2015 01:01:23 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-11-16 19:09 - 2012-11-16 20:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe [2015-04-23] (IObit)
Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - System32\Tasks\EPUpdater => C:\Users\Joseph\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {2B2A78B1-8271-46A4-BEE0-727CD138718E} - System32\Tasks\Uninstaller_SkipUac_Joseph => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {33E1ABFC-4A6C-41DC-8332-0B3E70A3EFCE} - System32\Tasks\{F149BD0B-3DD3-4EDB-B4A5-3ECB3FF1DE20} => C:\Program Files\Skype\Phone\Skype.exe [2012-10-19] (Skype Technologies S.A.)
Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2015-03-30] (IObit)
Task: {4413C5A7-8FC0-4C94-B452-AFFA060CEBCB} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{9681F8A7-D422-4F25-B910-F1A75217759D}.exe [2015-05-12] ()
Task: {4B2C630E-74E9-4C07-B649-AEBA7C0AF13A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION
Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"
Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {652595CA-2796-45B2-97C5-1C9C127C24AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {9ED3C95C-BCB8-4C7D-8D3C-482F26049DD8} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {B9B06FAA-8498-4D30-B610-A69F86C00AC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-01] (AVAST Software)
Task: {BC8433A0-0791-4ECD-9445-A2666E0D8780} - System32\Tasks\ASC8_SkipUac_Joseph => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-05-08] (IObit)
Task: {C0D0C629-F3A1-4606-B022-1EBCD5859A50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION
Task: {C314673B-BB0D-4B7A-BE41-C3B3BB8B5B30} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - System32\Tasks\Driver Booster SkipUAC (Joseph) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2015-04-07] (IObit)
Task: {C4B9A509-CC34-4FAA-AFD3-7125C97F596C} - System32\Tasks\{606519EC-1B91-4A4A-891F-A3BED96803D3} => pcalua.exe -a "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" -c /u:PokerStars.net
Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {D21B6FE0-D20C-49BE-A33D-57AE4FB0AF1F} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\system32\OGAExec.exe [2009-08-03] ()
Task: {DC75239F-AA37-4F74-9B3E-926E43D59010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {E148B685-8D01-4E3C-977A-818753DBF65B} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2006-12-05] (Microsoft Corporation)
Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION
Task: {E9B271DD-ED82-4CAF-A49A-61734B52F895} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{7EEFCDCC-47B9-4AF2-AB07-213795E46208}.exe [2014-12-15] ()
Task: {F432B34D-4D54-4C74-BB3D-0659F374FAFD} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe [2006-12-05] (Microsoft Corporation)
Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2015-04-07] (IObit)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{9681F8A7-D422-4F25-B910-F1A75217759D}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{7EEFCDCC-47B9-4AF2-AB07-213795E46208}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-04 23:26 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2015-06-07 12:02 - 2015-06-07 10:15 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15060701\algo.dll
2015-04-13 23:28 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files\IObit\IObit Malware Fighter\sqlite3.dll
2008-11-20 15:13 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2015-06-04 23:26 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Smart Defrag 4\webres.dll
2015-06-04 23:27 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-06-04 23:27 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-06-04 23:27 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2013-04-27 00:04 - 2015-05-14 00:13 - 02510784 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe
2015-05-14 00:13 - 2015-05-14 00:13 - 00526784 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\log4cplusU.dll
2015-06-04 23:26 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-04-13 23:27 - 2015-01-09 18:46 - 00182048 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
2015-04-13 23:27 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
2009-02-13 00:24 - 2009-02-13 00:24 - 00002560 _____ () C:\Windows\runservice.exe
2009-02-13 00:24 - 2009-08-02 17:28 - 00048640 _____ () C:\Windows\mmfs.dll
2011-05-15 01:43 - 2010-04-29 11:30 - 00091456 _____ () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
2015-05-14 00:13 - 2015-05-14 00:13 - 00166848 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
2015-06-04 23:27 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2015-06-04 23:27 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2015-06-04 23:27 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-03-01 23:35 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-03-01 23:35 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-05-25 19:30 - 2015-05-22 13:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\motive.com -> hxxps://patttbc.att.motive.com
 
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com=CoolWebSearch -> 008i.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com=CoolWebSearch -> 008k.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com=CoolWebSearch -> 00hq.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com=0190 Dialers -> 0190-dialers.com=0190 Dialers
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net=CoolWebSearch -> 0calories.net=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
 
There are 6352 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
HKU\S-1-5-21-2013592473-1583479073-1329353095-1006\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk => C:\Windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\eedf631b-4376-4fc5-9057-1c6c8142bceb.exe /check
MSCONFIG\startupreg: 2Wire Wireless Manager => "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
MSCONFIG\startupreg: AllShareAgent => 
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\McciTrayApp.exe"
MSCONFIG\startupreg: avast! => C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: ISW.exe => "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Display
Description: Display
Class Guid: 
Manufacturer: 
Service: 
Problem: : Reinstall the drivers for this device. (Code 18)
Resolution: The drivers for this device must be reinstalled.
 Click "Update Driver", which starts the Hardware Update wizard.
Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/07/2015 02:56:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:44:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:44:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:43:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:42:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:42:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:32:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:28:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
 
System errors:
=============
Error: (06/07/2015 08:49:33 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
Error: (06/07/2015 08:49:32 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
Error: (06/07/2015 08:49:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
Error: (06/07/2015 08:49:30 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
Error: (06/07/2015 08:49:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
Error: (06/07/2015 08:49:28 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
Error: (06/07/2015 08:49:27 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
Error: (06/07/2015 08:49:26 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
Error: (06/07/2015 08:49:25 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
Error: (06/07/2015 08:49:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
 
 
Microsoft Office:
=========================
Error: (06/07/2015 02:56:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:44:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:44:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:43:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:42:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:42:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:32:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:28:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (06/07/2015 02:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-07 15:03:43.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 15:03:43.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 15:03:43.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 15:03:42.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 15:03:42.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 15:03:42.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 15:03:42.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 15:03:42.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 12:15:11.140
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2014\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 12:15:09.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 91%
Total physical RAM: 2045.21 MB
Available physical RAM: 178.69 MB
Total Pagefile: 4991.94 MB
Available Pagefile: 465.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.34 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:201.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#4
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello Jvescov1,

 

Warning: Your machine has a back door rootkit infection!   You should consider that of your passwords and sensitive security information have been looked at from an outside source. If your computer is/was used for online banking, has credit card information or any other sensitive data on it, you should immediately disconnect it from the Internet and stay disconnected until your system is cleaned.

Use another clean computer to change passwords on all sites you use, including those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. Passwords should be changed by using a different computer; not the infected one.

Affected banking and credit card institutions should be notified of the possible security breach.  Make sure you continue to monitor any banking and credit card accounts that you may have accessed with the infected machine.

If you want to continue cleaning the machine, you should know that there's no way to guarantee it is 100% trustworthy.  Many security experts believe that a reinstall of the operating system is the only way to ensure the infection is gone.

 

 

Please respond if you would like to continue to try to clean up the machine, or instead would prefer to format the disk and reinstall your Operating System.


  • 0

#5
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

oh wow ya that's wild i did have my bank contact me about 2 weeks ago with fraud protection and we handled it. since then it hasn't appeared to be a problem but yeah i would love to figure out how to fix it, sorry for the delayed response id like to do what ever you see fit in making my computer safe and clean.


Edited by Jvescov1, 09 June 2015 - 05:16 PM.

  • 0

#6
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, then, sorry you had/have to deal with potential identity theft or fraud.  You have a lot of malware/adware on your system, besides the actual root kit itself, but I'm happy to help you fix the computer up the absolute best we can. 

 

Please answer these questions or acknowledge these things for me:

  1. Confirm that you have a second, clean computer to work from during this process.
  2. Acknowledge that you have completely disconnected this infected computer from the Internet.
  3. You will need a USB memory stick that you can format clean for many of the steps we will take.  Please confirm that you have one for us to use.

I'll be back with a detailed plan soon.  Hang in there! :)


  • 0

#7
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

1. im currently still on it as of right now but only on this website chatting with you nothing else i will immediately disconnect it once im finished typing this message.

2. i do have a laptop with wifi that i can use not the greatest but should work definitely at least to communicate with you on here.

3. im pretty sure i have a USB stick somewhere id need to locate it. i do have a 1tb external hd that has never been connected to this computer that i located while cleaning out my garage earlier that was my brothers will that work as a substitute or should i locate the USB stick?


  • 0

#8
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

A smaller USB stick would be best.  A 1GB stick should suffice.  I think the ITB drive is rather large for our needs and will take a while to format, but it that's absolutely all you can come up with, we should be able to make it work. 

 

Please be patient during this process.  Thanks!


  • 0

#9
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

ok thank you will wait to hear back i appreciate all your help!


  • 0

#10
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello Jvescov1,

Thanks for your patience.  There are several detailed steps below.  Before we get started please read through all instructions and stop and tell me if you get stuck or have any questions, OK?

Are you ready?  Here we go!

First
P2P Software Warning:
It seems you have StreamTorrent P2P software installed.  While this software may have been intentionally installed on the system, and the program itself may be safe, the files shared with these programs often carry an unknown malware payload.  Some of this malware is Ransomware which encrypts user files for ransom with a time limit.  

Pretty nasty stuff.

Besides installing malware,  the use of these programs can expose sensitive information belonging to you or your employer to the Internet, make your system vulnerable to unwanted attacks by exploiting known security issues, block your Internet access, and can possibly subject you to copyright infringement prosecution.

If you do decide to keep any P2P programs, please uninstall them or disable and keep from using them until after we've finished and your system is declared clean.

You can read more about the risks of using P2P software at these links:

Second
You have multiple anti-virus programs running on your computer.

Running two or more real-time anti-virus, anti-spyware or firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, program crashes or other types of failure. You will very likely end up with little or no protection.

You need decide on one to keep, then to go to Start > Control Panel > Uninstall a program and uninstall all the others except the one you wish to keep:

  • Avast!
  • AVG 2014

If you have a paid version with a current, non-expired subscription, I would keep that one.  

Third
We will need to download some programs on your USB stick or external HDD for our work until it is deemed safe to re-connect to the Internet.

First, insert your USB stick into the clean computer.

  • Open Computer (or My Computer), find your USB stick, right-click on it and select "Format..."
  • Follow the prompts.
  • Allow the format to complete, but leave the USB stick inserted.

Next, download the following programs to your USB stick using a clean computer:

Now, on the clean computer, download and run the Bitdefender USB Immunizer to immunize your plugged-in USB disk from auto-running on the infected system.

Remove the USB stick, but don't insert it into the infected system just yet.

Finally

  • Let me know what one Anti-Virus you decided to go with.
  • Confirm that you either have uninstalled or disabled StreamTorrent.
  • Confirm you have immunized your USB stick/disk and have downloaded the tools I asked for now.

:)


  • 0

Advertisements


#11
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

so ive uninstalled stream torrent i definitely want to get rid of anything like that for sure so if you come across anything like that let me know and we can uninstall it. ive kept avg also i don't know if you saw on there but there's that advanced system tools i think its a optimizer should i be getting rid of that? Usb drive is immunized and programs loaded onto it. thanks for all the help!


  • 0

#12
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

I just wanted to let you know that It will be maybe 8-10 hours before I'm available to post here with the next steps.

 

I'm here for the long haul, and not going anywhere, so don't worry.  :D

 

Thanks for your patience! 


  • 0

#13
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

no problem bud thanks for all the help i understand you do as you can and i appreciate your efforts!


  • 0

#14
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello Jvescov1,

 

Thanks for reporting back that you are now ready.  Don't uninstall anything just yet.  We'll get to that.

 

I have a plan submitted for your system, and we need to go in a certain order.

 

Plug your immunized USB stick with the tools on it into your Infected Computer,  Copy the 3 tools to the Desktop of the Infected Computer, then proceed with the below steps.

 

Tell me if you can't fully run any of the tools along the way, and by all means, please stop and ask if you are stuck or have any questions at all.

 

First

Scan with Security Check

Locate Security Check by Screen317 on the Desktop of the infected computer.

  • Right-click on the downloaded program and select Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan shouldn't take very long.
  • Soon a notepad document called checkup.txt will open automatically.
  • Copy the log to your USB stick.

Second
Run TDSSKiller

Please locate TDSSKiller on the Desktop of the infected computer.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    start-screen_zpsc9nndrww.jpg
  • Put a checkmark beside loaded modules.
    TDSS_loaded_mods_zpsaefsbmfv.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes are selected, then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss%20threat.JPG
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports
    tdss%20report.JPG
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
  • Copy this log to your USB stick.

Third
Scan with aswMBR

  • Locate aswMBR.exe on the Desktop of the infected computer.
  • Double click the aswMBR.exe program to run it.
  • You may be offered the option of using virtualization, accept that.
  • When it offers to Download the virus database, allow that as well.
  • Click the Scan button to start the scan

AswMBR%20scan.JPG

On completion of the scan, click the Save log button, save the log to your Desktop.

 

Copy this log to your USB stick.

Do not forget to re-enable your previously switched-off protection software!


Finally

Make sure all 3 logs are on your USB stick, eject it, take it to your clean computer, and plug it in.

 

In your next reply, please copy/paste the contents of the following logs back here using the clean computer:

  • Security Check log
  • TDSSKiller log
  • aswMBR log

:D


  • 0

#15
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

so on the aswMBR its saying in the black box "initialize error c000010e - driver not loaded"

then a "write error" process cannot access the file because it is being. .... cuts off there so not sure. 

then avast engine download error; 0

then Scan error ;


  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP