1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help removing brower re-direct

Discussion in 'Virus & Other Malware Removal' started by bitterB, Feb 12, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. bitterB

    bitterB Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    32
    I need help with removing a browser hijack. I am also being bombarded with add pop ups. Here is a hijack this log

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
    Processor: AMD Athlon Dual-Core QL-62, x64 Family 17 Model 3 Stepping 1
    Processor Count: 2
    RAM: 1790 Mb
    Graphics Card: NVIDIA GeForce 8200M G, 256 Mb
    Hard Drives: C: Total - 141939 MB, Free - 72729 MB; D: Total - 10582 MB, Free - 1817 MB;
    Motherboard: Wistron, 303C
    Antivirus: Microsoft Security Essentials, Updated and Enabled






    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 1:47:35 PM, on 12/02/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17631)

    FIREFOX: 35.0.1 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Brian\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mytoba.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (file missing)
    O2 - BHO: Wondershare Video Converter Ultimate 7.1.0 - {451C804F-C205-4F03-B48E-537EC94937BF} - C:\PROGRA~2\WONDER~1\VIDEOC~1\WSBROW~1.DLL (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Binkiland] C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Brian\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\Brian\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [SoftonicAssistant] "C:\Users\Brian\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
    O4 - HKCU\..\RunOnce: [Binkiland] C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Brian\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Protocol: WSWSVCUchrome - {1CA93FF0-A218-44F1 - (no file)
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:/progra~2/{2307c~1/191~1.1/tafa.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lexar Secure II (LxrSII1s) - Lexar Media, Inc. - C:\Windows\system32\LxrSII1s.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Update EnterDigital - Unknown owner - C:\Program Files\EnterDigital\updateEnterDigital.exe (file missing)

    --
    End of file - 5687 bytes
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi BitterB,
    Let's run a scan with a more comprehensive utility.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST and save to your Desktop.
    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  3. bitterB

    bitterB Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    32
    Here are the scan results

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2015
    Ran by Brian (administrator) on BRIAN-PC on 13-02-2015 11:21:03
    Running from C:\Users\Brian\Downloads
    Loaded Profiles: Brian (Available profiles: Brian)
    Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Lexar Media, Inc.) C:\Windows\System32\LxrSII1s.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM\...\Run: [DelaypluginInstall] => [X]
    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\...\Run: [uTorrent] => C:\Users\Brian\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-21] (BitTorrent Inc.)
    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\...\Run: [SoftonicAssistant] => "C:\Users\Brian\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
    AppInit_DLLs: c:/progra~2/{2307c~1/191~1.1/tafa.dll => c:/progra~2/{2307c~1/191~1.1/tafa.dll [964608 2015-02-04] ()
    BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://mytoba.ca/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1511418393-2390573130-3487323023-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://www.google.com/search?q={searchTerms}
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
    BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~2\WONDER~1\VIDEOC~1\WSBROW~1.DLL No File
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
    Toolbar: HKU\S-1-5-21-1511418393-2390573130-3487323023-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\mypqylgd.default-1423835577387
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1511418393-2390573130-3487323023-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
    CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
    CHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
    CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
    CHR Extension: (Google Wallet) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
    CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
    S2 Update EnterDigital; "C:\Program Files\EnterDigital\updateEnterDigital.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-08-30] (GFI Software)
    R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
    R2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63448 2009-12-30] (Lexar Media, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
    R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [31616 2007-01-15] ()
    R3 VC0130Afx; C:\Windows\System32\Drivers\C0130Afx.sys [142656 2007-06-10] (Creative Technology Ltd.)
    R3 VC0130Aud; C:\Windows\System32\Drivers\C0130Aud.sys [94976 2007-03-27] (Creative Technology Ltd.)
    R3 VC0130Dev; C:\Windows\System32\DRIVERS\C0130Vid.sys [690656 2007-04-17] (Creative Technology Ltd.)
    R3 VC0130Vfx; C:\Windows\System32\DRIVERS\C0130VFx.sys [6912 2006-06-19] (EyePower Games Pte. Ltd.)
    S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
    S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-13 11:16 - 2015-02-13 11:16 - 00019179 _____ () C:\Users\Brian\Downloads\Addition.txt
    2015-02-13 11:15 - 2015-02-13 11:21 - 00011590 _____ () C:\Users\Brian\Downloads\FRST.txt
    2015-02-13 11:14 - 2015-02-13 11:21 - 00000000 ____D () C:\FRST
    2015-02-13 11:14 - 2015-02-13 11:14 - 01125376 _____ (Farbar) C:\Users\Brian\Downloads\FRST.exe
    2015-02-13 09:18 - 2015-02-13 09:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-13 09:18 - 2015-02-13 09:18 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-13 09:18 - 2015-02-13 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-13 09:18 - 2015-02-13 09:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-02-13 09:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-13 09:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-13 09:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-13 09:17 - 2015-02-13 09:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-2.0.4.1028(1).exe
    2015-02-13 09:03 - 2015-02-13 09:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-2.0.4.1028.exe
    2015-02-12 15:32 - 2015-02-12 15:32 - 00000000 ____D () C:\Program Files\ESET
    2015-02-12 15:11 - 2015-02-12 15:18 - 00000000 ____D () C:\AdwCleaner
    2015-02-12 15:10 - 2015-02-12 15:10 - 02112512 _____ () C:\Users\Brian\Downloads\adwcleaner_4.110.exe
    2015-02-12 15:05 - 2015-02-12 15:06 - 38804664 _____ (Microsoft Corporation) C:\Users\Brian\Downloads\Windows-KB890830-V5.21.exe
    2015-02-12 13:54 - 2015-02-12 13:54 - 00509440 _____ (Tech Support Guy System) C:\Users\Brian\Downloads\SysInfo.exe
    2015-02-12 13:47 - 2015-02-12 13:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Brian\Downloads\HijackThis.exe
    2015-02-12 13:47 - 2015-02-12 13:47 - 00005688 _____ () C:\Users\Brian\Downloads\hijackthis.log
    2015-02-11 09:27 - 2015-01-15 01:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 09:27 - 2015-01-15 01:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 09:27 - 2015-01-15 01:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 09:27 - 2015-01-15 01:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 09:27 - 2015-01-15 01:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 09:27 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 09:27 - 2015-01-15 01:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 09:27 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 09:27 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 09:27 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 09:27 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 09:27 - 2015-01-14 22:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 09:27 - 2015-01-08 20:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-11 09:27 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-11 09:27 - 2015-01-08 20:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-11 09:27 - 2015-01-08 19:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-11 09:26 - 2015-02-03 20:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-11 09:26 - 2015-02-03 20:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 09:26 - 2015-01-27 17:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 09:26 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-02-11 09:26 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 09:26 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 09:25 - 2015-01-13 23:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 09:25 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 09:25 - 2015-01-11 20:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 09:25 - 2015-01-11 20:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-11 09:25 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 09:25 - 2015-01-11 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 09:25 - 2015-01-11 20:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-11 09:25 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-11 09:25 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 09:25 - 2015-01-11 20:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 09:25 - 2015-01-11 19:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 09:25 - 2015-01-11 19:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 09:25 - 2015-01-11 19:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-11 09:25 - 2015-01-11 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 09:25 - 2015-01-11 19:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-11 09:25 - 2015-01-11 19:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 09:25 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 09:25 - 2015-01-11 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 09:25 - 2015-01-11 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 09:25 - 2015-01-11 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 09:25 - 2015-01-11 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 09:25 - 2015-01-11 19:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-11 09:25 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 09:25 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 09:25 - 2015-01-11 19:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 09:25 - 2015-01-11 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-11 09:25 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 09:25 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 09:25 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 09:25 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-11 09:24 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 09:24 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-11 09:24 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-04 11:59 - 2015-02-13 07:45 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\NCH Software
    2015-02-04 11:59 - 2015-02-04 11:59 - 00962608 _____ (NCH Software) C:\Users\Brian\Downloads\wpsetup.exe
    2015-02-04 11:59 - 2015-02-04 11:59 - 00000000 ____D () C:\ProgramData\NCH Software
    2015-02-04 11:49 - 2015-02-04 11:54 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Audacity
    2015-02-04 11:48 - 2015-02-04 11:48 - 22892794 _____ (Audacity Team ) C:\Users\Brian\Downloads\audacity-win-2.0.6.exe
    2015-02-04 11:44 - 2015-02-04 11:44 - 00000000 ____D () C:\ProgramData\85e17b600005157
    2015-02-04 11:41 - 2015-02-04 11:41 - 00000000 ____D () C:\Users\Brian\AppData\Local\GGEmpire
    2015-02-04 11:40 - 2015-02-04 11:40 - 00000000 ____D () C:\ProgramData\{2307CBC4-7385-1A42-C203-6AC01281B94E}
    2015-02-04 09:24 - 2015-02-04 09:24 - 00000000 ____D () C:\Users\Brian\VideoPlayer Picture
    2015-02-01 17:33 - 2015-02-01 18:45 - 00000000 ____D () C:\Users\Brian\Desktop\pics
    2015-01-26 20:31 - 2015-01-26 20:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-14 11:18 - 2015-01-14 11:18 - 00243416 _____ () C:\Users\Brian\Downloads\Firefox Setup Stub 35.0.exe
    2015-01-14 07:03 - 2014-12-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 07:03 - 2014-12-11 11:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 07:03 - 2014-12-05 21:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 07:02 - 2014-12-18 19:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-13 11:18 - 2013-10-12 15:01 - 00000000 ____D () C:\Users\Brian\Documents\New folder
    2015-02-13 11:12 - 2014-06-24 07:34 - 00201060 _____ () C:\Windows\setupact.log
    2015-02-13 11:12 - 2013-07-15 21:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-13 10:20 - 2013-07-14 18:59 - 01228225 _____ () C:\Windows\WindowsUpdate.log
    2015-02-13 08:56 - 2009-07-13 22:34 - 00026368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-13 08:56 - 2009-07-13 22:34 - 00026368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-13 07:53 - 2014-01-21 08:25 - 00000000 ____D () C:\Users\Brian\Desktop\Old Firefox Data
    2015-02-13 07:43 - 2013-07-19 12:50 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\uTorrent
    2015-02-13 07:13 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-02-13 06:56 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-12 19:10 - 2014-08-19 17:50 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
    2015-02-12 13:47 - 2013-07-14 20:08 - 00000000 ____D () C:\Users\Brian\AppData\Local\VirtualStore
    2015-02-12 13:45 - 2009-07-13 20:37 - 00000000 ___RD () C:\Users\Public
    2015-02-12 09:33 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
    2015-02-12 08:34 - 2009-07-13 22:33 - 00335440 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-12 08:33 - 2014-11-02 08:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-02-12 08:33 - 2010-11-20 15:48 - 00207852 _____ () C:\Windows\PFRO.log
    2015-02-12 08:30 - 2014-12-12 06:35 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-12 08:30 - 2014-05-07 07:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-12 08:30 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing
    2015-02-12 08:11 - 2013-07-15 17:53 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-12 07:41 - 2013-09-01 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-12 07:22 - 2013-07-15 21:08 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-12 07:22 - 2013-07-15 21:07 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-12 07:21 - 2013-07-15 21:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-05 08:30 - 2013-07-15 21:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-02-05 08:30 - 2013-07-15 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-02-05 00:54 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
    2015-02-04 11:40 - 2014-11-02 08:53 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-04 11:40 - 2014-02-02 08:17 - 00000000 ____D () C:\Users\Brian\AppData\Local\CrashDumps
    2015-02-04 09:24 - 2013-07-14 19:08 - 00000000 ____D () C:\Users\Brian
    2015-02-04 09:22 - 2010-11-20 15:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-02 05:55 - 2013-07-19 12:56 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Skype
    2015-01-29 17:49 - 2013-07-15 16:51 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-19 18:14 - 2013-08-27 09:05 - 00000000 ____D () C:\Users\Brian\Documents\Recipes
    2015-01-16 10:30 - 2013-07-15 21:00 - 00000000 ____D () C:\Users\Brian\AppData\Local\Adobe
    2015-01-14 11:21 - 2014-11-02 08:53 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

    ==================== Files in the root of some directories =======

    2014-01-18 19:25 - 2014-01-18 19:25 - 0087608 _____ () C:\Users\Brian\AppData\Roaming\inst.exe
    2014-01-18 19:25 - 2014-01-18 19:25 - 0007887 _____ () C:\Users\Brian\AppData\Roaming\pcouffin.cat
    2014-01-18 19:25 - 2014-01-18 19:25 - 0001144 _____ () C:\Users\Brian\AppData\Roaming\pcouffin.inf
    2014-01-18 19:26 - 2014-01-18 19:26 - 0000034 _____ () C:\Users\Brian\AppData\Roaming\pcouffin.log
    2014-01-18 19:25 - 2014-01-18 19:25 - 0047360 _____ (VSO Software) C:\Users\Brian\AppData\Roaming\pcouffin.sys
    2014-01-18 19:27 - 2014-08-16 14:28 - 0001041 _____ () C:\Users\Brian\AppData\Roaming\vso_ts_preview.xml
    2013-12-27 19:45 - 2014-01-22 04:52 - 0000081 _____ () C:\Users\Brian\AppData\Roaming\WB.CFG
    2014-08-28 22:06 - 2014-08-28 22:06 - 0007618 _____ () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg

    Some content of TEMP:
    ====================
    C:\Users\Brian\AppData\Local\Temp\2A345860-FDE6-BEF1-4732-CE11E23923C4.dll
    C:\Users\Brian\AppData\Local\Temp\2A345860-FDE6-BEF1-4732-CE11E23923C4.exe
    C:\Users\Brian\AppData\Local\Temp\36446uninstall.exe
    C:\Users\Brian\AppData\Local\Temp\CTPBSEQ.EXE
    C:\Users\Brian\AppData\Local\Temp\Quarantine.exe
    C:\Users\Brian\AppData\Local\Temp\SAS6_Update.exe
    C:\Users\Brian\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
    C:\Users\Brian\AppData\Local\Temp\Sqlite3.dll
    C:\Users\Brian\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\Brian\AppData\Local\Temp\System.Data.SQLite51870.dll
    C:\Users\Brian\AppData\Local\Temp\System.Data.SQLite94447.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-13 08:36

    ==================== End Of Log ============================



    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2015
    Ran by Brian at 2015-02-13 11:16:01
    Running from C:\Users\Brian\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
    Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version: - )
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
    ConvertXtoDVD 4.0.3.313 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.3.313 - )
    CopyTrans Suite Remove Only (HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
    Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version: - )
    Creative Live! Cam Doodling (HKLM\...\Creative Live! Cam Doodling) (Version: - )
    Creative Live! Cam FX Creator (HKLM\...\Creative Live! Cam FX Creator) (Version: - )
    Creative Live! Cam Manager (HKLM\...\Creative Live! Cam Manager) (Version: - )
    Creative Live! Cam Notebook Ultra Driver (1.02.01.00) (HKLM\...\Creative VC0130) (Version: - )
    Creative Live! Cam Notebook Ultra User's Guide (English) (HKLM\...\Creative Live! Cam Notebook Ultra User's Guide English) (Version: - )
    Creative Photo Calendar (HKLM\...\Creative Photo Calendar) (Version: - )
    Creative Photo Manager (HKLM\...\Creative Photo Manager) (Version: - )
    Creative System Information (HKLM\...\SysInfo) (Version: - )
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
    iRip (HKLM\...\{39A3321A-BA57-4983-903C-7A24A4EA94D0}) (Version: 1.0.1.24 - The Little App Factory, LLC.)
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
    Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Media Go (HKLM\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)
    Media Go Network Downloader (HKLM\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
    Media Go Video Playback Engine 2.4.104.12040 (HKLM\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.104.12040 - Sony)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    NWZ-E380 WALKMAN Guide (HKLM\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation)
    PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
    Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.21 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
    StudioTax 2013 (HKLM\...\{A02B37F4-26DA-454A-9997-B006D3587102}) (Version: 9.1.9.2 - BHOK IT Consulting)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    01-02-2015 22:18:44 Windows Update
    04-02-2015 09:21:41 Installed Lorex Player 11
    04-02-2015 09:28:29 Removed Lorex Player 11
    04-02-2015 09:29:52 Installed Lorex Player 11
    04-02-2015 09:32:29 Removed Lorex Player 11
    05-02-2015 09:39:18 Windows Update
    08-02-2015 11:26:33 Windows Update
    11-02-2015 16:40:38 Windows Update
    12-02-2015 07:15:16 Windows Update
    13-02-2015 06:51:27 Windows Update

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1A0CE612-64A9-4F93-A6FE-DC22D216F7AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {250C00C7-A064-41BF-898B-E3EF02991B6A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {72D0DCA0-5F6D-4318-93E3-B4C6054287B4} - System32\Tasks\{632865A6-7C91-4E86-B845-2C31D0802344} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
    Task: {7E6F23FB-8459-47F6-9959-78AEC59B5EC2} - System32\Tasks\Binkiland tafa => C:\ProgramData\{2307CBC4-7385-1A42-C203-6AC01281B94E}\1.9.1.1\f
    Task: {8BB8AA7A-5F79-48B0-8F47-73DFB3F0BCF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {A83BDD52-CEA1-4C13-A373-9C2A9E7FC7DB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-07-15 17:03 - 2014-07-02 13:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-26 20:31 - 2015-01-26 20:31 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.100.254 - 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    MSCONFIG\startupreg: Creative Live! Cam Manager => "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: uTorrent => "C:\Users\Brian\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1511418393-2390573130-3487323023-500 - Administrator - Disabled)
    Brian (S-1-5-21-1511418393-2390573130-3487323023-1000 - Administrator - Enabled) => C:\Users\Brian
    Guest (S-1-5-21-1511418393-2390573130-3487323023-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1511418393-2390573130-3487323023-1003 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/13/2015 11:12:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3104077

    Error: (02/13/2015 11:12:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3104077

    Error: (02/13/2015 11:12:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/13/2015 11:12:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3103063

    Error: (02/13/2015 11:12:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3103063

    Error: (02/13/2015 11:12:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/13/2015 11:12:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3102033

    Error: (02/13/2015 11:12:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3102033

    Error: (02/13/2015 11:12:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/13/2015 11:12:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3100598


    System errors:
    =============
    Error: (02/13/2015 11:12:46 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/13/2015 09:01:03 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/13/2015 06:56:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error: (02/13/2015 06:56:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/13/2015 06:56:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Update EnterDigital service failed to start due to the following error:
    %%2

    Error: (02/13/2015 06:56:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/13/2015 06:56:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/13/2015 06:56:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/13/2015 06:51:18 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/13/2015 06:51:16 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.


    Microsoft Office Sessions:
    =========================
    Error: (02/13/2015 11:12:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3104077

    Error: (02/13/2015 11:12:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3104077

    Error: (02/13/2015 11:12:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/13/2015 11:12:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3103063

    Error: (02/13/2015 11:12:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3103063

    Error: (02/13/2015 11:12:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/13/2015 11:12:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3102033

    Error: (02/13/2015 11:12:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3102033

    Error: (02/13/2015 11:12:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/13/2015 11:12:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3100598


    ==================== Memory info ===========================

    Processor: AMD Athlon Dual-Core QL-62
    Percentage of memory in use: 58%
    Total physical RAM: 1790.43 MB
    Available physical RAM: 736.64 MB
    Total Pagefile: 3580.85 MB
    Available Pagefile: 2180.92 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1895.65 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:138.61 GB) (Free:70.88 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:10.33 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 8FB11AD3)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=138.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    BitterB,
    Long post here. Just take one step at a time.
    ---------------------------------------------------------------
    Avoid Unwanted Adware
    There are a few seriously important tips about avoiding unwanted adware.
    Adware purveyors are getting more devious and unethical, so you have to be more diligent.

    • Don't click on the Sidebars of Websites
      The items on the sides of websites may be enticing, but they are all advertising, and one click could download unwanted adware onto your machine.

    • Never agree to download anything, if prompted to do so while Online.
      that goes for, "Your codec/browser/flash... needs to be updated to do this, blah, blah.."
      or "you need to first download the xyz.. program to do what you want".
      It's OK to download updates if prompted by legitimate suppliers, when the machine boots, while not yet online.

    • Don't download anything from sites known for adware bundling.
      For any online downloads, best avoid using CNET, Download.com, BrotherSoft, or Softonic
      They package their own "downloaders" and, without notice, deliver serious adware in addition to the desired free programs.
      Unfortunately, the results may be disastrous for your machine.
      FileHippo and MajorGeeks have been better, so far, as sources for downloading software.
      The website of any program's original author is best of all.

    • Avoid Using P2P file sharing programs
      This includes µTorrent, Bearshare, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
      The Unethical have "planted" thousands upon thousands of infections and Adware items in the shared torrent files.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    µTorrent
    Java 7 Update 45

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine


    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    ------------------------------------------------------------
    You may want to read here before you decide whether to keep Java on your system:
    http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

    If You Decide to Keep it, Download and Install the latest version of Java Runtime Environment from here :
    http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html, and install it to your computer.
    If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
    Check the button to agree to the license.
    Select the link for your Platform jre-8u25-windows-i586.exe for 32-bit, and click it.
    Download it, choose Save, and save it to your desktop.
    Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

    During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
    When it finishes, you can remove the Installer from your desktop.
    (I don't have any Java on my system).
    -------------------------------------------------------------
    AdwCleaner Download and Run

    Download AdwCleaner and save it to your desktop or somewhere you can find it.
    Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
    It may take several minutes to complete.
    When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
    You will then be presented with the report. Copy & Paste it into a reply here.

    [​IMG]
    If you lose track of the log, it is saved in this folder C:\AdwCleaner\
    The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.

    So we will be looking for the Fixlog from FRST, and the report from AdwCleaner.
    askey127
     

    Attached Files:

  5. bitterB

    bitterB Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    32
    Sorry ...but where or what is the fixlist
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    At the end of my last post, see the little "Attached files".
    Click on Fixlist.txt and it will download for you.
    Save it in your downloads folder (same as FRST) and follow the instructions.
     
  7. bitterB

    bitterB Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    32
    # AdwCleaner v4.110 - Logfile created 14/02/2015 at 09:01:51
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-14.2 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x86)
    # Username : Brian - BRIAN-PC
    # Running from : C:\Users\Brian\Downloads\AdwCleaner(1).exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    -\\ Google Chrome v


    -\\ Comodo Dragon v


    -\\ Chrome Canary v


    *************************

    AdwCleaner[R2].txt - [3762 bytes] - [12/02/2015 15:14:39]
    AdwCleaner[R3].txt - [945 bytes] - [14/02/2015 08:46:33]
    AdwCleaner[S2].txt - [5376 bytes] - [12/02/2015 15:18:21]
    AdwCleaner[S3].txt - [873 bytes] - [14/02/2015 09:01:51]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [931 bytes] ##########




    *******************************************************************************************************************************************




    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015
    Ran by Brian at 2015-02-14 08:43:55 Run:1
    Running from C:\Users\Brian\Desktop
    Loaded Profiles: Brian (Available profiles: Brian)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\...\Run: [uTorrent] => C:\Users\Brian\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-21] (BitTorrent Inc.)
    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\...\Run: [SoftonicAssistant] => "C:\Users\Brian\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
    BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
    BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~2\WONDER~1\VIDEOC~1\WSBROW~1.DLL No File
    S2 Update EnterDigital; "C:\Program Files\EnterDigital\updateEnterDigital.exe" [X]
    2015-02-04 11:59 - 2015-02-04 11:59 - 00962608 _____ (NCH Software) C:\Users\Brian\Downloads\wpsetup.exe
    2015-02-13 07:43 - 2013-07-19 12:50 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\uTorrent
    2015-02-12 19:10 - 2014-08-19 17:50 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
    C:\Users\Brian\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
    C:\Program Files\Ad-Aware Antivirus
    C:\Users\Brian\AppData\Roaming\uTorrent\uTorrent.exe

    *****************

    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value not found.
    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SoftonicAssistant => value deleted successfully.
    HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
    "HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{451C804F-C205-4F03-B48E-537EC94937BF}" => Key deleted successfully.
    "HKCR\CLSID\{451C804F-C205-4F03-B48E-537EC94937BF}" => Key deleted successfully.
    Update EnterDigital => Service deleted successfully.
    C:\Users\Brian\Downloads\wpsetup.exe => Moved successfully.
    C:\Users\Brian\AppData\Roaming\uTorrent => Moved successfully.
    C:\Program Files\Adware-Removal-Tool => Moved successfully.
    C:\Users\Brian\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe => Moved successfully.
    "C:\Program Files\Ad-Aware Antivirus" => File/Directory not found.
    "C:\Users\Brian\AppData\Roaming\uTorrent\uTorrent.exe" => File/Directory not found.

    ==== End of Fixlog 08:44:04 ====
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Thsi looks like an HP/Compaq laptop. Is that correct?
    Tell me how it's running now.
     
  9. bitterB

    bitterB Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    32
    Yes a CQ60....running much better now...thanks very much for you help
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Are we done here?
    Let me know if you are satisfied we don't have more work to do.
     
  11. bitterB

    bitterB Thread Starter

    Joined:
    Jan 10, 2005
    Messages:
    32
    Yes....machine working really good...thanks very much
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1142965

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice