1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

'Roll Around Ads' I have tried EVERYTHING I know and nothing removes it..

Discussion in 'Virus & Other Malware Removal' started by sNaPpPeRHeaD, Mar 4, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. sNaPpPeRHeaD

    sNaPpPeRHeaD Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    I do not have an available restore point prior to the infection.
    I did a standard uninstall of 'Roll Around' and removed it from my Browser extension which of course did not work.
    I then tried every Malware S/W suggested on many sites dealing with this and none worked, most didn't even detect it.
    'SpyHunter' did detect many malicious objects (none named Roll Around) but it's extremely expensive, way beyond my budget and I've read that it also fails to fix this issue by some users.
    I'm hoping someone can please help, it's so bad I can barely go online at this point because of the severity of the hijacking :\

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz, Intel64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 5885 Mb
    Graphics Card: Intel(R) G45/G43 Express Chipset, -1281 Mb
    Hard Drives: C: Total - 953766 MB, Free - 648075 MB;
    Motherboard: ASUSTeK Computer INC., CM5571
    Antivirus: Ad-Aware Antivirus, Disabled (I'm running MS Security Essentials)
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi sNaPpPeRHeaD,
    HiJackThis is not too useful on 64-bit machines. You can delete it.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  3. sNaPpPeRHeaD

    sNaPpPeRHeaD Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
    Ran by Owner (administrator) on OWNER-DS on 04-03-2015 16:45:50
    Running from C:\Users\Owner\Downloads
    Loaded Profiles: Owner (Available profiles: Owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
    (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\40.0.2214.115\nacl64.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\40.0.2214.115\nacl64.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [BoxSync] => c:\Program Files\Box\Box Sync\BoxSync.exe [13242536 2014-04-14] (Box, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-04-18] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-08] (Google Inc.)
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1300288 2015-03-02] (Lavasoft)
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-18\...\Run: [MP3 Skype Recorder] => C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
    HKU\S-1-5-18\...\RunOnce: [adaware] => reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
    HKU\S-1-5-18\...\RunOnce: [adaware_XP] => reg.exe delete "HKCU\Software\adaware" /f
    HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
    ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
    ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Owner\AppData\Local\Autobahn\nexdef.exe ()
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {b973655f-b823-3729-abea-e88cb316ddd4} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {a316141f-fa66-334c-8d40-a8f4e6d21080} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {a74ad9e8-37eb-31db-9026-8eda10d85860} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {c3de22fc-b307-320f-ba41-27d95101bbf3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/?rlz=1V1IPYX
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150304
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
    SearchScopes: HKU\.DEFAULT -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/eltima/{3A1D6911-8A59-4B95-9E3A-B254CA398FE3}?q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3402231338-421655719-3923671305-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
    SearchScopes: HKU\S-1-5-21-3402231338-421655719-3923671305-1000 -> {81E13342-2996-4A89-B2DB-59D0F3A984EE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3402231338-421655719-3923671305-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_150304&q={searchTerms}
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3402231338-421655719-3923671305-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
    Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g96tthkw.default
    FF SearchEngineOrder.1: Google (avast)
    FF DefaultSearchEngine: Ad-Aware SecureSearch
    FF SelectedSearchEngine: Ad-Aware SecureSearch
    FF SearchEngineOrder.3: Bing
    FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
    FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
    FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150304
    FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150304
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin-x32: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3402231338-421655719-3923671305-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\Owner\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll ( )
    FF Plugin HKU\S-1-5-21-3402231338-421655719-3923671305-1000: @real.com/RhapsodyPlayerEngine -> C:\Users\Owner\AppData\Roaming\nprhapengine.dll No File
    FF Plugin HKU\S-1-5-21-3402231338-421655719-3923671305-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-3402231338-421655719-3923671305-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-3402231338-421655719-3923671305-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3402231338-421655719-3923671305-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g96tthkw.default\searchplugins\securesearch.xml
    FF Extension: Lavasoft Search Plugin - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g96tthkw.default\Extensions\[email protected] [2012-07-08]
    FF Extension: G Data BankGuard - C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2014-05-12]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-05-12]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-12]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
    FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-18]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=a1e59d6f34074fccb17d405e70061c16&tu=10G9y009Q2B0CO0&sku=&tstsId=&ver=&
    CHR StartupUrls: Default -> "hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=a1e59d6f34074fccb17d405e70061c16&tu=10G9y009Q2B0CO0&sku=&tstsId=&ver=&", "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0DyBzz0Czz0EyE0AtC0EtN0D0Tzu0SzzyDtCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztDtAtByC0FyCtG0FyB0CyDtG0CtDtC0DtGtBtCzytDtGtDyByEtD0EyCzz0DyByBtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCtAyEyCtC0DyEtGyByCtAyCtG0CzzzztBtG0E0E0AyBtGyC0DtBtBtB0CtCzy0E0AyBzz2Q&cr=1970391865&ir="
    CHR DefaultSearchKeyword: Default -> search.yahoo.com
    CHR DefaultSearchURL: Default -> http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
    CHR Plugin: (PriceGong) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.7_0\plugins/npPriceGong_CH.dll No File
    CHR Plugin: () - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.13.1.89_0\plugins/ConduitChromeApiPlugin.dll No File
    CHR Plugin: (Conduit Radio Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.13.1.89_0\plugins/np-cwmp.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File
    CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (SEOquake) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2014-03-28]
    CHR Extension: (Extend TweetDeck) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbkmjokencobohpdgjpojeaghbmdefpo [2013-12-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
    CHR Extension: (Hootsuite Hootlet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2013-06-11]
    CHR Extension: (Frank Smith) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgpmafbkgcchdjehdpnfgfgbdfahapa [2012-11-25]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-26]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-26]
    CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2013-11-01]
    CHR Extension: (TweetDeck by Twitter) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-05-17]
    CHR Extension: (TweetDeck Launcher) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2013-10-14]
    CHR Extension: (Hootsuite) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2013-12-06]
    CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-18]
    CHR Extension: (Linkis TwitterAnywhere) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlfjhibgafmhfoeoaigcjophkaccppdf [2014-11-14]
    CHR Extension: (Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-07]
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-26]
    CHR HKU\S-1-5-21-3402231338-421655719-3923671305-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
    CHR HKU\S-1-5-21-3402231338-421655719-3923671305-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28768 2014-04-07] (Box, Inc.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
    R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-02] (Lavasoft Limited)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-18] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
    R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-02] ()
    R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-03-04] (Enigma Software Group USA, LLC.)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2013-12-03] (The OpenVPN Project)
    R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-03-04] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-04] ()
    S2 MCSTRM; No ImagePath
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
    S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
    R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
    S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [31248 2014-01-15] (Live365, Inc.)
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-04 16:45 - 2015-03-04 16:46 - 00034721 _____ () C:\Users\Owner\Downloads\FRST.txt
    2015-03-04 16:45 - 2015-03-04 16:45 - 00000000 ____D () C:\FRST
    2015-03-04 16:44 - 2015-03-04 16:44 - 02092544 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2015-03-04 15:28 - 2015-03-04 15:28 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo.exe
    2015-03-04 14:22 - 2015-03-04 15:32 - 00011652 _____ () C:\Users\Owner\Downloads\hijackthis.log
    2015-03-04 14:14 - 2015-03-04 14:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
    2015-03-04 12:44 - 2015-03-04 12:44 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
    2015-03-04 12:41 - 2015-03-04 12:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\LavasoftStatistics
    2015-03-04 12:41 - 2015-03-04 12:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Lavasoft
    2015-03-04 12:40 - 2015-03-02 18:02 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
    2015-03-04 12:40 - 2015-03-02 18:02 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
    2015-03-04 12:39 - 2015-03-04 12:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Lavasoft
    2015-03-04 12:39 - 2015-03-04 12:41 - 00002281 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2015-03-04 12:39 - 2015-03-04 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2015-03-04 12:39 - 2015-03-04 12:39 - 00000000 ____D () C:\Program Files\Lavasoft
    2015-03-04 12:37 - 2015-03-04 12:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
    2015-03-04 12:36 - 2015-03-04 12:36 - 01923888 _____ () C:\Users\Owner\Downloads\Adaware_Installer (1).exe
    2015-03-04 08:41 - 2015-03-04 08:41 - 00000000 _____ () C:\autoexec.bat
    2015-03-04 08:40 - 2015-03-04 08:40 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
    2015-03-04 08:40 - 2015-03-04 08:40 - 00001047 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
    2015-03-04 08:40 - 2015-03-04 08:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2015-03-04 08:40 - 2015-03-04 08:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Enigma Software Group
    2015-03-04 08:39 - 2015-03-04 08:40 - 00000000 ____D () C:\sh4ldr
    2015-03-04 08:38 - 2015-03-04 08:38 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
    2015-03-04 08:38 - 2015-03-04 08:38 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2015-03-04 08:37 - 2015-03-04 08:37 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
    2015-03-04 03:20 - 2015-03-04 03:20 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3402231338-421655719-3923671305-1000
    2015-03-04 03:19 - 2015-03-04 03:19 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3402231338-421655719-3923671305-1000
    2015-03-04 03:17 - 2015-03-04 03:17 - 00000642 _____ () C:\Windows\PFRO.log
    2015-03-04 03:17 - 2015-03-04 03:17 - 00000056 _____ () C:\Windows\setupact.log
    2015-03-04 03:17 - 2015-03-04 03:17 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-03 16:49 - 2015-03-03 16:49 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3402231338-421655719-3923671305-1000
    2015-03-03 16:49 - 2015-03-03 16:49 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3402231338-421655719-3923671305-1000
    2015-03-03 16:27 - 2015-03-03 16:27 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-03-03 16:27 - 2015-03-03 16:27 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-03-03 16:27 - 2015-03-03 16:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2015-03-03 16:26 - 2015-03-03 16:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-03-03 15:43 - 2015-03-03 15:43 - 14160536 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
    2015-03-03 15:09 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-03-03 15:09 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-03-03 15:09 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-03-03 15:09 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-03-03 10:07 - 2015-03-03 10:07 - 00001037 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    2015-03-03 10:07 - 2015-03-03 10:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\VS Revo Group
    2015-03-03 10:07 - 2015-03-03 10:07 - 00000000 ____D () C:\ProgramData\VS Revo Group
    2015-03-03 10:07 - 2015-03-03 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2015-03-03 10:07 - 2015-03-03 10:07 - 00000000 ____D () C:\Program Files\VS Revo Group
    2015-03-03 10:07 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
    2015-03-02 18:06 - 2015-03-02 18:06 - 00020090 _____ () C:\Users\Owner\Desktop\ZHPCleaner.txt
    2015-03-02 17:55 - 2015-03-02 18:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ZHP
    2015-03-02 17:55 - 2015-03-02 17:55 - 00000830 _____ () C:\Users\Owner\Desktop\ZHPCleaner.lnk
    2015-03-02 17:49 - 2015-03-02 17:49 - 01735680 _____ () C:\Users\Owner\Downloads\ZHPCleaner.exe
    2015-03-02 16:15 - 2015-03-02 16:15 - 00010634 _____ () C:\Windows\system32\.crusader
    2015-03-02 15:53 - 2015-03-02 15:53 - 10995632 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe
    2015-03-02 15:50 - 2015-03-02 16:15 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-03-02 15:50 - 2015-03-02 15:50 - 10085648 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro.exe
    2015-03-02 15:29 - 2015-03-02 15:30 - 00001604 _____ () C:\Users\Owner\Downloads\software_removal_tool.log
    2015-03-02 14:49 - 2015-03-02 14:57 - 00000000 ____D () C:\AdwCleaner
    2015-03-02 14:47 - 2015-03-02 14:47 - 02126848 _____ () C:\Users\Owner\Downloads\adwcleaner_4.111.exe
    2015-03-02 14:01 - 2015-03-02 14:01 - 06084368 _____ (Speed Up Kit) C:\Users\Owner\Downloads\Repair_Tool-Setup.exe
    2015-02-27 19:08 - 2015-02-27 19:08 - 00362029 _____ () C:\Windows\SysWOW64\sqlite3.dll
    2015-02-27 11:52 - 2015-02-27 11:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EncryptStick
    2015-02-27 11:05 - 2015-02-27 11:05 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
    2015-02-27 11:02 - 2015-02-27 11:02 - 03312672 _____ (DVDVideoSoft Ltd. ) C:\Users\Owner\Downloads\FreeStudio.exe
    2015-02-26 03:01 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-26 03:01 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-25 10:01 - 2015-02-25 10:01 - 00161749 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
    2015-02-24 22:06 - 2015-02-24 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-02-20 10:04 - 2015-02-20 10:04 - 00000105 ____H () C:\Users\Owner\Downloads\.~lock.February oh what a month..docx#
    2015-02-18 19:04 - 2015-02-18 19:04 - 00022757 _____ () C:\Users\Owner\Downloads\wordpress.2015-02-19.xml
    2015-02-18 18:57 - 2015-02-18 18:57 - 00008759 _____ () C:\Users\Owner\Downloads\wp-exporter.0.0.2.zip
    2015-02-16 10:46 - 2015-02-16 10:46 - 00700337 _____ () C:\Users\Owner\Downloads\wordpress30.zip
    2015-02-14 01:31 - 2015-02-14 01:31 - 00063312 _____ () C:\Users\Owner\Documents\Writestream Dev Logo.xcf
    2015-02-13 21:58 - 2015-02-13 21:58 - 00159160 _____ () C:\Users\Owner\Downloads\wordpress.2015-02-14.xml
    2015-02-13 18:55 - 2015-02-13 18:55 - 01347741 _____ () C:\Users\Owner\Downloads\responsive-mobile.0.0.3.zip
    2015-02-13 11:06 - 2015-02-13 11:06 - 00001994 _____ () C:\Users\Owner\Desktop\Kindle.lnk
    2015-02-13 11:06 - 2015-02-13 11:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
    2015-02-13 11:06 - 2015-02-13 11:06 - 00000000 ____D () C:\Program Files (x86)\Amazon
    2015-02-13 11:05 - 2015-02-13 11:05 - 40790520 _____ (Amazon.com) C:\Users\Owner\Downloads\KindleForPC-installer.exe
    2015-02-11 08:45 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-11 08:45 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-11 08:45 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-11 08:45 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-10 20:59 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-10 20:59 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-10 20:59 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-10 20:59 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-10 20:59 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-10 20:59 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-10 20:59 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-10 20:59 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-10 20:59 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-10 20:59 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-10 20:59 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-10 20:59 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-10 20:59 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-10 20:59 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-10 20:59 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-10 20:59 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-10 20:59 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-10 20:59 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-10 20:59 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-10 20:59 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-10 20:59 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-10 20:59 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-10 20:59 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 20:58 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-10 20:58 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-10 20:58 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-10 20:58 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-10 20:58 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-10 20:58 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-10 20:58 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-10 20:58 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-10 20:58 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-10 20:58 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-10 20:58 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-10 20:58 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-10 20:58 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-10 20:58 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-10 20:58 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-10 20:58 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-10 20:58 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-10 20:58 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-10 20:58 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-10 20:58 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-10 20:58 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-10 20:58 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-10 20:58 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-10 20:58 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-10 20:58 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-10 20:58 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-10 20:58 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-10 20:58 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-10 20:58 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-10 20:58 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-10 20:58 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-10 20:58 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-10 20:58 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-10 20:58 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-10 20:58 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-10 20:58 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-10 20:58 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-10 20:58 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-10 20:58 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-10 20:58 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-10 20:58 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-10 20:58 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-10 20:58 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-10 20:58 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-10 20:58 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-10 20:58 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-10 20:58 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-10 20:58 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-10 20:58 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-10 20:58 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-10 20:58 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-10 20:58 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-10 20:57 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-10 20:57 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-10 20:57 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-10 20:57 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-10 20:57 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-10 20:57 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-10 20:57 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-10 20:57 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-10 20:57 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-10 20:57 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-10 20:57 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-10 20:57 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-10 20:57 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-10 20:57 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-10 20:57 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-10 20:57 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-10 20:57 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-10 20:57 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-10 20:57 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-10 20:57 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-10 20:57 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-10 20:57 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-10 20:57 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-10 20:57 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-10 20:57 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-10 20:57 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-10 20:57 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2015-02-10 20:56 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-10 20:56 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-10 20:56 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-10 20:56 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-10 20:56 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-10 20:56 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-10 20:56 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-10 20:56 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-10 20:56 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-06 21:35 - 2015-02-06 21:35 - 00380958 _____ () C:\Users\Owner\Documents\Girls_With_Guns.xcf
    2015-02-06 21:22 - 2015-02-06 21:22 - 00184724 _____ () C:\Users\Owner\Documents\Best_Body_Art_001-Copy.xcf
    2015-02-06 21:09 - 2015-02-06 21:09 - 00376689 _____ () C:\Users\Owner\Documents\Body-Art-II-2.xcf
    2015-02-05 18:40 - 2015-02-05 18:40 - 00000000 ____D () C:\Users\Owner\Downloads\bangers
    2015-02-04 18:54 - 2015-02-04 18:54 - 00023900 _____ () C:\Users\Owner\Downloads\bangers.zip
    2015-02-04 18:03 - 2015-02-04 18:03 - 00014883 _____ () C:\Users\Owner\Downloads\supreme-google-webfonts.2.0.zip
    2015-02-04 13:25 - 2015-02-04 13:25 - 00049056 _____ () C:\Users\Owner\Downloads\zocial.eot
    2015-02-04 00:01 - 2015-02-04 00:03 - 988486550 _____ () C:\Users\Owner\Desktop\writestream 2-3-15.wav
    2015-02-03 19:23 - 2015-02-03 19:23 - 00006264 _____ () C:\Users\Owner\Downloads\easy-scroll-up.zip
    2015-02-03 12:27 - 2015-02-03 12:27 - 00000247 _____ () C:\Windows\system32\2015-02-03-17-27-19.078-aswFe.exe-5380.log
    2015-02-03 12:26 - 2015-02-03 12:26 - 00000197 _____ () C:\Windows\system32\2015-02-03-17-26-32.034-AvastVBoxSVC.exe-672.log
    2015-02-03 12:12 - 2015-02-03 12:12 - 00000247 _____ () C:\Windows\system32\2015-02-03-17-12-00.017-aswFe.exe-4796.log
    2015-02-03 12:11 - 2015-02-03 12:11 - 00000197 _____ () C:\Windows\system32\2015-02-03-17-11-56.063-AvastVBoxSVC.exe-4608.log
    2015-02-02 21:54 - 2015-02-02 21:54 - 00083033 _____ () C:\Users\Owner\Downloads\oswald.zip
    2015-02-02 21:54 - 2015-02-02 21:54 - 00000000 ____D () C:\Users\Owner\Downloads\oswald

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-04 16:43 - 2012-05-18 05:48 - 01944225 _____ () C:\Windows\WindowsUpdate.log
    2015-03-04 16:34 - 2012-04-11 09:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-04 15:49 - 2011-06-21 12:33 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3402231338-421655719-3923671305-1000UA.job
    2015-03-04 15:48 - 2011-10-08 09:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-04 14:49 - 2011-06-21 12:32 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3402231338-421655719-3923671305-1000Core.job
    2015-03-04 13:48 - 2011-10-08 09:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-04 12:40 - 2011-12-18 11:08 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
    2015-03-04 12:39 - 2011-12-18 11:08 - 00000000 ____D () C:\ProgramData\Lavasoft
    2015-03-04 03:29 - 2009-07-13 23:45 - 00028336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-04 03:29 - 2009-07-13 23:45 - 00028336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-04 03:20 - 2013-09-05 09:35 - 00000000 ___RD () C:\Users\Owner\Dropbox
    2015-03-04 03:20 - 2013-09-05 09:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
    2015-03-04 03:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-04 03:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
    2015-03-03 17:38 - 2011-11-30 20:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
    2015-03-03 17:37 - 2012-10-15 09:51 - 00000000 ___DC () C:\Users\Owner\AppData\Local\MigWiz
    2015-03-03 17:37 - 2011-07-08 18:50 - 00000000 ____D () C:\Windows\Minidump
    2015-03-03 16:11 - 2012-05-16 15:57 - 00000000 ____D () C:\Program Files (x86)\Ad-Aware Antivirus
    2015-03-03 08:17 - 2010-11-20 22:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-02 17:46 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-02 15:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-02 14:51 - 2014-05-18 09:22 - 00000000 ____D () C:\Users\Owner\Desktop\AUDIO
    2015-03-02 14:45 - 2011-06-29 19:07 - 00001122 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-03-02 13:10 - 2012-10-06 15:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
    2015-03-02 13:10 - 2012-03-25 09:44 - 00000000 ____D () C:\ProgramData\YouTube Downloader
    2015-03-02 08:37 - 2012-10-06 14:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DVDVideoSoft
    2015-02-28 08:13 - 2012-05-18 05:46 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-25 09:27 - 2012-07-29 19:29 - 00000000 ____D () C:\Users\Owner\.gimp-2.8
    2015-02-24 22:07 - 2014-04-18 10:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-02-24 22:06 - 2014-05-26 08:40 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-02-24 22:06 - 2011-11-30 20:57 - 00000000 ____D () C:\ProgramData\Skype
    2015-02-24 21:57 - 2011-06-27 13:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ObviousIdea
    2015-02-13 11:10 - 2012-08-20 18:27 - 00000000 ____D () C:\Users\Owner\Documents\My Kindle Content
    2015-02-13 11:06 - 2012-08-20 18:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\Amazon
    2015-02-12 04:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-11 03:59 - 2013-09-05 09:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-02-11 03:43 - 2012-11-17 05:09 - 04961944 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-11 03:41 - 2015-01-06 03:30 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-11 03:41 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-11 03:20 - 2013-08-13 02:00 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-11 03:05 - 2011-06-14 19:39 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-05 19:32 - 2012-11-16 16:24 - 00084864 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-02-05 14:44 - 2011-06-21 12:33 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3402231338-421655719-3923671305-1000UA
    2015-02-05 14:44 - 2011-06-21 12:32 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3402231338-421655719-3923671305-1000Core
    2015-02-05 11:45 - 2012-03-25 09:39 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
    2015-02-04 13:43 - 2011-10-08 09:47 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-04 13:43 - 2011-10-08 09:47 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Files in the root of some directories =======

    2012-06-14 13:06 - 2012-06-14 13:06 - 0000004 _____ () C:\Users\Owner\AppData\Roaming\82A1AA
    2013-10-11 13:15 - 2013-10-11 13:15 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
    2012-06-14 13:06 - 2012-06-14 13:06 - 0870128 _____ () C:\Users\Owner\AppData\Roaming\mcs.rma
    2012-04-10 10:47 - 2012-04-10 10:47 - 0070528 _____ () C:\Users\Owner\AppData\Roaming\MixPad.dmp
    2014-04-30 22:18 - 2014-04-30 22:18 - 0000045 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
    2011-10-14 11:25 - 2011-10-15 10:18 - 0004608 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-07-15 09:49 - 2011-11-23 11:40 - 0000064 _____ () C:\Users\Owner\AppData\Local\Images.fl
    2015-02-25 10:01 - 2015-02-25 10:01 - 0161749 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
    2011-12-30 23:23 - 2011-12-30 23:23 - 0000000 _____ () C:\Users\Owner\AppData\Local\{8F972574-A740-4B09-AB8C-8178DA2FCF54}
    2014-05-11 10:44 - 2014-05-11 10:44 - 0004918 _____ () C:\ProgramData\qtvwaeva.vei

    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\ceac4185-e763-4c52-85fb-6d0ac92608bf.exe
    C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ydsov.dll
    C:\Users\Owner\AppData\Local\Temp\SpOrder.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-26 04:01

    ==================== End Of Log ============================
     
  4. sNaPpPeRHeaD

    sNaPpPeRHeaD Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
    Ran by Owner at 2015-03-04 16:46:43
    Running from C:\Users\Owner\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
    Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
    Ad-Aware Web Companion (x32 Version: 1.1.908.1803 - Lavasoft) Hidden
    AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
    AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Box Sync (HKLM\...\{04A4BB98-FA52-493B-AE6D-B8F5C94FF74C}) (Version: 4.0.4758.0 - Box, Inc.)
    Box Sync (x32 Version: 4.0.4733.0 - Box Inc.) Hidden
    CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
    CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform)
    Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: - NCH Software)
    Dropbox (HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
    Eltima DB Toolbar Toolbar (HKLM-x32\...\Eltima DB Toolbar Toolbar) (Version: - )
    e-Sword (HKLM-x32\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
    Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
    FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
    Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
    Free Screen Video Capture by Topviewsoft 4.1.7 (HKLM-x32\...\{180CAD6C-B0ED-42A9-8C4A-CF49C6682A06}_is1) (Version: - Topviewsoft, Inc.)
    Fuze Meeting (HKLM-x32\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
    GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
    Google Chrome (HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
    Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
    Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
    LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
    Light Image Resizer 4.3.2.2 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.3.2.2 - ObviousIdea)
    Mewa Film version 1.4.4 alpha (HKLM-x32\...\Mewa Film_is1) (Version: 1.4.4 - mewatools.com)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MixPad Audio Mixer (HKLM-x32\...\MixPad) (Version: - NCH Software)
    Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
    MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov)
    Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
    Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
    Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
    Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 2.59 - NCH Software)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
    Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
    Rhapsody Player Engine (HKLM-x32\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
    R-Wipe&Clean 9.4 (HKLM-x32\...\R-Wipe&Clean_is1) (Version: - R-tools Technology Inc.)
    SAM Broadcaster 2013 (HKLM-x32\...\SAM3) (Version: 2013 - Spacial Audio Solutions, LLC)
    Sansa Updater (HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
    Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
    SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
    Studio365-Loader (HKLM-x32\...\Studio365-Loader) (Version: 1.6.0.3 - )
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
    Traffic Travis 3.3.16 (HKLM-x32\...\Traffic Travis_is1) (Version: - Affilorama Ltd.)
    TweetDeck (HKLM-x32\...\{E50142F0-0C8A-4E22-BC2D-98968AB83CDA}) (Version: 2.5.3 - Twitter, Inc.)
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Video Watermark Factory (HKLM-x32\...\{EE3AB1BF-365B-4469-B3DE-9BAFE82004F3}_is1) (Version: 1.0 - www.videowatermarkfactory.com)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: - NCH Software)
    VidLogo (HKLM-x32\...\VidLogo_is1) (Version: - GeoVid)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: - NCH Software)
    Web Companion (HKLM-x32\...\{AB75B78F-CFFA-4027-A8DC-94357F2F77EE}_WebCompanion) (Version: 1.1.908.1803 - Lavasoft)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    YTD Toolbar v7.4 (HKLM-x32\...\{265BC03B-AB12-4319-81A0-19E531C2C9FA}) (Version: 7.4 - Spigot, Inc.) <==== ATTENTION
    Zimbra Desktop (HKLM-x32\...\{A8406AA9-FC6C-449C-96D7-B4192C4306FE}) (Version: 7.2.2.11951 - Zimbra)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3402231338-421655719-3923671305-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    02-03-2015 16:13:34 Checkpoint by HitmanPro
    02-03-2015 16:15:08 Checkpoint by HitmanPro
    02-03-2015 17:42:29 Windows Backup
    03-03-2015 12:53:04 Revo Uninstaller Pro's restore point - Search App by Ask
    03-03-2015 15:09:13 Windows Update
    03-03-2015 15:18:46 Revo Uninstaller Pro's restore point - Search App by Ask
    03-03-2015 15:53:07 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.0.4.1028
    03-03-2015 15:54:05 Revo Uninstaller Pro's restore point - Search App by Ask
    03-03-2015 15:56:09 Revo Uninstaller Pro's restore point - Avast Free Antivirus
    03-03-2015 15:57:01 avast! antivirus system restore point
    03-03-2015 16:08:58 Removed Ad-Aware Antivirus.
    04-03-2015 03:00:12 Windows Update
    04-03-2015 12:37:03 AA11
    04-03-2015 12:39:47 LavasoftWeCompanion

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1588C43C-A620-482F-8C9A-97650DD3FDD5} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {1B8E4FFD-3A04-4ED5-BDEB-78C23152BF8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3402231338-421655719-3923671305-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {20A1F75F-F693-4068-9AA6-649414BB5D24} - System32\Tasks\Google Updater and Installer => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {21A15133-DD51-4E7C-B2FB-929E6CF14EFC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3402231338-421655719-3923671305-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {22AB1631-4159-492A-999A-2732718AF7A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
    Task: {39017747-F193-4B48-B3AA-1C7D51966927} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3402231338-421655719-3923671305-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {43C46257-B233-489B-8454-2AA6DC6A3D20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {462CCAF0-21AA-4E3F-A6D2-828FBF31212F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3402231338-421655719-3923671305-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {4BF82DA2-8C98-4855-8969-475DFA3C1579} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {5F6A4C45-828D-4757-B910-3AC02894BC8A} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
    Task: {6677B2D3-F309-45F4-AC95-D514595D5F59} - System32\Tasks\{79A36991-8626-443F-BA0B-8F5C8E1C71AC} => pcalua.exe -a D:\sansa-installer.exe -d D:\
    Task: {6FC3772B-53BE-4B93-B3A2-64CAD6BA8019} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {8020D615-8EC2-4867-B38F-0DC8D42C6019} - System32\Tasks\NCH Software\mixpadShakeIcon => C:\Program Files (x86)\NCH Software\MixPad\MixPad.exe [2012-04-06] (NCH Software)
    Task: {9578EC6D-5B67-4FC8-A599-AFDB2E608551} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3402231338-421655719-3923671305-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {9B6A7269-31A1-4AE2-9434-C171D06AB2CD} - System32\Tasks\{666D92A5-3FE1-47A4-ADAA-D2053C0EBE7D} => C:\Program Files (x86)\TweetDeck\TweetDeck.exe
    Task: {9F50B20E-ECFF-41DA-95F8-729E2E8BDACD} - System32\Tasks\NCH Software\ExpressZipDowngrade => C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe [2013-08-06] (NCH Software)
    Task: {A4BD93B1-4E20-441E-979B-023A97458B1B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-18] (Oracle Corporation)
    Task: {A6823ACB-E01E-424A-A88C-74836AC2ACBD} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
    Task: {AA17D665-51EE-4D7D-A5E8-D8167B608A0B} - System32\Tasks\{85167CE7-377C-468F-A2BD-307DCC056D14} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2012-03-08] (Microsoft Corporation)
    Task: {ABEB632B-E595-4F44-B4DD-926279854077} - System32\Tasks\{A39E659D-79C7-4A5E-98E0-4C83484E8D31} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.2.0.166.259&amp;LastError=404
    Task: {B396FC4E-F5C5-4404-BC58-6A99E8B968A2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3402231338-421655719-3923671305-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {CB7AADC8-D12B-426E-9DCC-73071FCBEF0E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3402231338-421655719-3923671305-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {DAB4DC72-AD10-45ED-9A30-A0348652E15C} - System32\Tasks\{977802A2-CC0C-4E4B-AF14-FC8C6D0EE127} => pcalua.exe -a C:\Users\Owner\AppData\Local\Temp\Temp1_wax20e.zip\wax20e.exe
    Task: {DB7C9D5B-50F3-47CB-8E8C-418F149FA9BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {DDE4F5AA-CAA3-4351-B821-26BB0B5A1538} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-03-04] (Enigma Software Group USA, LLC.)
    Task: {E0C877B7-7481-4DAD-9FB4-B864C7F7E847} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
    Task: {EB48C4BF-A695-4C62-B677-CD928D5D5318} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3402231338-421655719-3923671305-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {F6BF52F7-DF86-4FE3-862B-85D36CB201A5} - System32\Tasks\RealCreateProcessScheduledTask174892S-1-5-21-3402231338-421655719-3923671305-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2014-04-18] (RealNetworks, Inc.)
    Task: {F8BEB981-D265-4921-9142-CBCEF3FBC131} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-29] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3402231338-421655719-3923671305-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3402231338-421655719-3923671305-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-04-06 22:00 - 2014-04-06 22:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-04-07 02:06 - 2014-04-07 02:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2013-10-02 20:06 - 2013-10-02 20:06 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
    2015-03-02 18:01 - 2015-03-02 18:01 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    2015-03-02 18:00 - 2015-03-02 18:00 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
    2015-03-02 18:01 - 2015-03-02 18:01 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
    2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
    2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
    2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
    2014-04-18 10:12 - 2014-04-18 10:12 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-03-04 03:19 - 2015-03-04 03:19 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ydsov.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2015-02-20 04:53 - 2015-02-17 17:44 - 01117512 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
    2015-02-20 04:53 - 2015-02-17 17:44 - 00211272 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll
    2015-03-02 18:01 - 2015-03-02 18:01 - 00072512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
    2015-03-02 18:00 - 2015-03-02 18:00 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
    2015-03-02 18:01 - 2015-03-02 18:01 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
    2015-03-02 18:00 - 2015-03-02 18:00 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
    2015-03-02 18:01 - 2015-03-02 18:01 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
    2015-03-02 18:01 - 2015-03-02 18:01 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
    2015-03-02 18:01 - 2015-03-02 18:01 - 00069960 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
    2015-03-02 18:00 - 2015-03-02 18:00 - 00039256 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
    2015-02-20 04:53 - 2015-02-17 17:44 - 09171272 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll
    2015-02-20 04:53 - 2015-02-17 17:44 - 14965064 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Owner\Downloads\Taboola - Your Inquiry.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Application Updater => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: SBAMSvc => 2
    MSCONFIG\Services: Skype C2C Service => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: ZAPrivacyService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NexDef Plug-in.lnk => C:\Windows\pss\NexDef Plug-in.lnk.Startup
    MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: G Data AntiVirus Tray Application => C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
    MSCONFIG\startupreg: GDFirewallTray => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
    MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Jing => C:\Program Files (x86)\TechSmith\Jing\Jing.exe
    MSCONFIG\startupreg: SansaDispatch => C:\Users\Owner\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3402231338-421655719-3923671305-500 - Administrator - Disabled)
    Guest (S-1-5-21-3402231338-421655719-3923671305-501 - Administrator - Enabled)
    HomeGroupUser$ (S-1-5-21-3402231338-421655719-3923671305-1020 - Administrator - Enabled)
    Owner (S-1-5-21-3402231338-421655719-3923671305-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Faulty Device Manager Devices =============

    Name: SBRE
    Description: SBRE
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SBRE
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/04/2015 11:13:47 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (03/04/2015 07:53:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000374
    Fault offset: 0x00000000000c4102
    Faulting process id: 0xb44
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (03/04/2015 07:48:41 AM) (Source: Chrome) (EventID: 1) (User: OWNER-DS)
    Description: Chrome has encountered a fatal error.
    ver=40.0.2214.115;lang=;guid=2DE5E993194C405AADE2F6332CE3ED09;is_machine=0;oop=1;upload=1;minidump=C:\Users\Owner\AppData\Local\Google\CrashReports\89706eef-a63d-4e19-a107-79159beb3d5e.dmp

    Error: (03/04/2015 03:19:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/03/2015 10:32:15 PM) (Source: Chrome) (EventID: 1) (User: OWNER-DS)
    Description: Chrome has encountered a fatal error.
    ver=40.0.2214.115;lang=;guid=2DE5E993194C405AADE2F6332CE3ED09;is_machine=0;oop=1;upload=1;minidump=C:\Users\Owner\AppData\Local\Google\CrashReports\daefd9cc-a389-4713-b85b-581871ac20b7.dmp

    Error: (03/03/2015 09:33:30 PM) (Source: Chrome) (EventID: 1) (User: OWNER-DS)
    Description: Chrome has encountered a fatal error.
    ver=40.0.2214.115;lang=;guid=2DE5E993194C405AADE2F6332CE3ED09;is_machine=0;oop=1;upload=1;minidump=C:\Users\Owner\AppData\Local\Google\CrashReports\4ffdf590-5756-4d26-8773-6f5f8de6d77c.dmp

    Error: (03/03/2015 08:44:49 PM) (Source: Chrome) (EventID: 1) (User: OWNER-DS)
    Description: Chrome has encountered a fatal error.
    ver=40.0.2214.115;lang=;guid=2DE5E993194C405AADE2F6332CE3ED09;is_machine=0;oop=1;upload=1;minidump=C:\Users\Owner\AppData\Local\Google\CrashReports\2381ea40-4f43-4282-ae9b-32e88a595a1f.dmp

    Error: (03/03/2015 04:49:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/03/2015 04:45:30 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: OWNER-DS)
    Description: Application or service 'Check Point Install Utility' could not be shut down.

    Error: (03/03/2015 04:25:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000374
    Fault offset: 0x00000000000c4102
    Faulting process id: 0x4a8
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3


    System errors:
    =============
    Error: (03/04/2015 08:55:23 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (03/04/2015 06:47:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (03/04/2015 03:58:50 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
    %%5

    Error: (03/04/2015 03:28:04 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error:
    %%5

    Error: (03/04/2015 03:17:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd
    SBRE

    Error: (03/04/2015 03:17:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error:
    %%2

    Error: (03/03/2015 04:48:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd
    SBRE

    Error: (03/03/2015 04:48:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error:
    %%2

    Error: (03/03/2015 04:23:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd
    SBRE

    Error: (03/03/2015 04:22:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MCSTRM service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (03/04/2015 11:13:47 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

    Error: (03/04/2015 07:53:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102b4401d05653bc7823eeC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll679a8c1a-c26d-11e4-908e-e0cb4ed78c8e

    Error: (03/04/2015 07:48:41 AM) (Source: Chrome) (EventID: 1) (User: OWNER-DS)
    Description: Chrome has encountered a fatal error.
    ver=40.0.2214.115;lang=;guid=2DE5E993194C405AADE2F6332CE3ED09;is_machine=0;oop=1;upload=1;minidump=C:\Users\Owner\AppData\Local\Google\CrashReports\89706eef-a63d-4e19-a107-79159beb3d5e.dmp

    Error: (03/04/2015 03:19:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/03/2015 10:32:15 PM) (Source: Chrome) (EventID: 1) (User: OWNER-DS)
    Description: Chrome has encountered a fatal error.
    ver=40.0.2214.115;lang=;guid=2DE5E993194C405AADE2F6332CE3ED09;is_machine=0;oop=1;upload=1;minidump=C:\Users\Owner\AppData\Local\Google\CrashReports\daefd9cc-a389-4713-b85b-581871ac20b7.dmp

    Error: (03/03/2015 09:33:30 PM) (Source: Chrome) (EventID: 1) (User: OWNER-DS)
    Description: Chrome has encountered a fatal error.
    ver=40.0.2214.115;lang=;guid=2DE5E993194C405AADE2F6332CE3ED09;is_machine=0;oop=1;upload=1;minidump=C:\Users\Owner\AppData\Local\Google\CrashReports\4ffdf590-5756-4d26-8773-6f5f8de6d77c.dmp

    Error: (03/03/2015 08:44:49 PM) (Source: Chrome) (EventID: 1) (User: OWNER-DS)
    Description: Chrome has encountered a fatal error.
    ver=40.0.2214.115;lang=;guid=2DE5E993194C405AADE2F6332CE3ED09;is_machine=0;oop=1;upload=1;minidump=C:\Users\Owner\AppData\Local\Google\CrashReports\2381ea40-4f43-4282-ae9b-32e88a595a1f.dmp

    Error: (03/03/2015 04:49:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/03/2015 04:45:30 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: OWNER-DS)
    Description: 1C:\Program Files (x86)\CheckPoint\Install\Install.exeCheck Point Install Utility0111745680

    Error: (03/03/2015 04:25:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000037400000000000c41024a801d055f8350f660fC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllcc7c18e4-c1eb-11e4-a45f-e0cb4ed78c8e


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
    Percentage of memory in use: 40%
    Total physical RAM: 5885.12 MB
    Available physical RAM: 3505.85 MB
    Total Pagefile: 14979.3 MB
    Available Pagefile: 11535.36 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.41 GB) (Free:632.79 GB) NTFS
    Drive e: (SP UFD U3) (Removable) (Total:117.5 GB) (Free:111.76 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 48E963BF)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 117.5 GB) (Disk ID: 8BE4A603)
    Partition 1: (Not Active) - (Size=117.5 GB) - (Type=0C)

    ==================== End Of Log ============================
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    sNaPpPeRHeaD
    Much of the garbage appears to originate from Lavasoft and NCH software.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    uTorrent
    Ad-Aware Web Companion
    AdAwareUpdater
    Ad-Aware Antivirus
    Adobe Reader X
    CamStudio
    Doxillion Document Converter
    Express Zip
    Java 7 Update 76
    Mplayer 0.6.9
    Pixillion Image Converter
    Switch Sound File Converter
    VideoPad Video Editor
    WavePad Sound Editor

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    The attachment is here.
     

    Attached Files:

  7. sNaPpPeRHeaD

    sNaPpPeRHeaD Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    Thank you again.

    I'm going to follow your instructions but try uninstalling/fixing everything except the NCH S/W the 1st time around to see what happens.
    ONLY because I paid a decent amount of $$ for both over 3 years ago, use them almost weekly without a problem.
    Almost everything else you listed was free and in some cases think I did 'recommended' installations without paying attention to the bundling.
    My bad, I should have been more specific;
    I got infected on 2/27/15 when I D/L a 'Free Studio' bundle, I did click out of everything I noticed like toolbars they wanted to install but apparently missed something.

    Thank you again, let me get started :)
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    They don't always ask what you want.
    ..and after you uncheck stuff from the bundles, they frequently install it anyway.
    ..and after you Uninstall, they only make believe removing, or produce "errors".
    Removing those programs only helps stop those that dump ads continually.
    We still have to remove the adware that was installed from the bundles.
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Let me know how it goes.
     
  10. sNaPpPeRHeaD

    sNaPpPeRHeaD Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    Actually some of the NCH S/W were outdated trial versions I had never unisntalled, which I now have.
    I unistalled a bunch of free stuff also to attempt to clean up the machine, including Firefox and Chrome Browsers.
    Yesterday IE was showing the Roll Around ads also but using IE right now they are gone for some reason.
    That being said SpyHunter is still showing malicious objects.
    ___________________________________________________________________________




    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
    Ran by Owner at 2015-03-05 09:39:45 Run:1
    Running from C:\Users\Owner\Downloads
    Loaded Profiles: Owner (Available profiles: Owner)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    YTD Toolbar v7.4 (HKLM-x32\...\{265BC03B-AB12-4319-81A0-19E531C2C9FA}) (Version: 7.4 - Spigot, Inc.) <==== ATTENTION
    Task: {6FC3772B-53BE-4B93-B3A2-64CAD6BA8019} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {8020D615-8EC2-4867-B38F-0DC8D42C6019} - System32\Tasks\NCH Software\mixpadShakeIcon => C:\Program Files (x86)\NCH Software\MixPad\MixPad.exe [2012-04-06] (NCH Software)
    Task: {9F50B20E-ECFF-41DA-95F8-729E2E8BDACD} - System32\Tasks\NCH Software\ExpressZipDowngrade => C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe [2013-08-06] (NCH Software)
    Task: {A6823ACB-E01E-424A-A88C-74836AC2ACBD} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
    C:\Program Files\Lavasoft\Ad-Aware
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-18\...\RunOnce: [adaware] => reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
    HKU\S-1-5-18\...\RunOnce: [adaware_XP] => reg.exe delete "HKCU\Software\adaware" /f
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?p...88_cnet_150304
    SearchScopes: HKU\.DEFAULT -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
    SearchScopes: HKU\.DEFAULT -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/br...1-8A59-4B95-9E3A-B254CA398FE3}?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3402231338-421655719-3923671305-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
    SearchScopes: HKU\S-1-5-21-3402231338-421655719-3923671305-1000 -> {81E13342-2996-4A89-B2DB-59D0F3A984EE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3402231338-421655719-3923671305-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/r...&ent=ch_WCYID10088_cnet_150304&q={searchTerms }
    FF DefaultSearchEngine: Ad-Aware SecureSearch
    FF SelectedSearchEngine: Ad-Aware SecureSearch
    FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150304
    FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150304
    FF Extension: Lavasoft Search Plugin - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g96tthkw.default\Ex tensions\[email protected] [2012-07-08]
    CHR DefaultSearchKeyword: Default -> search.yahoo.com
    CHR DefaultSearchURL: Default -> http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    CHR Plugin: (PriceGong) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.7_0\plugins/npPriceGong_CH.dll No File
    CHR Plugin: (Conduit Radio Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.13.1.89_0\plugi ns/np-cwmp.dll No File
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
    R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-02] ()
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    2015-03-04 12:39 - 2015-03-04 12:41 - 00002281 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2015-03-04 12:36 - 2015-03-04 12:36 - 01923888 _____ () C:\Users\Owner\Downloads\Adaware_Installer (1).exe
    2015-03-03 16:11 - 2012-05-16 15:57 - 00000000 ____D () C:\Program Files (x86)\Ad-Aware Antivirus
    2015-02-05 11:45 - 2012-03-25 09:39 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
    *****************
    YTD Toolbar v7.4 (HKLM-x32\...\{265BC03B-AB12-4319-81A0-19E531C2C9FA}) (Version: 7.4 - Spigot, Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FC3772B-53BE-4B93-B3A2-64CAD6BA8019}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC3772B-53BE-4B93-B3A2-64CAD6BA8019}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8020D615-8EC2-4867-B38F-0DC8D42C6019} => Key not found.
    C:\Windows\System32\Tasks\NCH Software\mixpadShakeIcon => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software\mixpadShakeIcon" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F50B20E-ECFF-41DA-95F8-729E2E8BDACD} => Key not found.
    C:\Windows\System32\Tasks\NCH Software\ExpressZipDowngrade not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software\ExpressZipDowngrade => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6823ACB-E01E-424A-A88C-74836AC2ACBD}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6823ACB-E01E-424A-A88C-74836AC2ACBD}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => Key deleted successfully.
    "C:\Program Files\Lavasoft\Ad-Aware" => File/Directory not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdAwareTray => Value not found.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware => value deleted successfully.
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP => value deleted successfully.
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => value deleted successfully.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}" => Key deleted successfully.
    HKCR\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key not found.
    HKU\S-1-5-21-3402231338-421655719-3923671305-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => value deleted successfully.
    "HKU\S-1-5-21-3402231338-421655719-3923671305-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{81E13342-2996-4A89-B2DB-59D0F3A984EE}" => Key deleted successfully.
    HKCR\CLSID\{81E13342-2996-4A89-B2DB-59D0F3A984EE} => Key not found.
    "HKU\S-1-5-21-3402231338-421655719-3923671305-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}" => Key deleted successfully.
    HKCR\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => Key not found.
    Firefox DefaultSearchEngine deleted successfully.
    Firefox SelectedSearchEngine deleted successfully.
    Firefox homepage deleted successfully.
    Firefox newtab deleted successfully.
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g96tthkw.default\Ex tensions\[email protected] not found.
    Chrome DefaultSearchKeyword not detected.
    Chrome DefaultSearchURL not detected.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.7_0\plugins/npPriceGong_CH.dll not found.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.13.1.89_0\plugi ns/np-cwmp.dll not found.
    LavasoftAdAwareService11 => Service not found.
    SearchProtectionService => Service not found.
    Lbd => Service deleted successfully.
    "C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk" => File/Directory not found.
    C:\Users\Owner\Downloads\Adaware_Installer (1).exe => Moved successfully.
    C:\Program Files (x86)\Ad-Aware Antivirus => Moved successfully.
    C:\Windows\System32\Tasks\NCH Software => Moved successfully.
    ==== End of Fixlog 09:39:46 ====
     
  11. sNaPpPeRHeaD

    sNaPpPeRHeaD Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    Thank you for your time Askey!
    I'm not certain but I may have just resolved the issue, I uninstalled a lot of programs I don't need using Revo Uninstaller which detects and uninstalls everything standard uninstall misses but most programs were pre-infection.

    I re-installed Chrome and so far the Roll Around ads are gone but i don't want to mark this thread 'resolved' until I'm sure I'm okay.

    Does Malware like this hide itself temporarily??

    Thank you.
     
  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    No, but there may be some ads that have planted removal detections (usually drivers) so they can re-install without permission.

    This is the only way to reset Chrome. If you re-install it, it just re-uses all the old settings.
    ---------------------------------------------------------
    Reset Chrome
    Start Chrome
    Click the Chrome menu on the browser toolbar. (The icon with three horizontal bars in the upper right)
    Select Settings.
    Click Show advanced settings and find the "Reset browser settings" section.
    Click Reset browser settings.
    In the dialog that appears, click Reset.
    Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected, you are anonymously sending Google your Chrome settings.
     
  13. sNaPpPeRHeaD

    sNaPpPeRHeaD Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    Ah ok, didn't know that's how they kept your Data.
    This is a stupid question but do you think the FRST 'Fix' I ran was probably most responsible for apparently removing the Roll Around completely, I didn't fully understand the log.
    Thank you.
     
  14. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    The RollAround was likely part of some of the adware present on the machine, and invited there without notice.
    The programs calling it get paid per installation, or per website click.

    Lavasoft and NCH have been responsible in the past for dumping that type of junk on person's computers.
    Lavasoft has the additional complication that it includes an additional "antivirus".
    Two antivirus programs on a machine at the same time can cause all kinds of problems, including LESS security from invasion.

    We removed everything we could see of their handiwork.
    The FRST log is complicated, and not recommended for any normal person without special training.
    Don't worry about not understanding all of it. (I have been at this for 10 years - and those logs are not easy).

    askey127
     
  15. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    ---------------------------------------------------------------
    Avoid Unwanted Adware
    There are a few seriously important tips about avoiding unwanted adware.
    Adware purveyors are getting more devious and unethical, so you have to be more diligent.

    • Don't click on the Sidebars of Websites
      The items on the sides of websites may be enticing, but they are all advertising, and one click could download unwanted adware onto your machine.

    • Never agree to download anything, if prompted to do so while Online.
      that goes for, "Your codec/browser/flash... needs to be updated to do this, blah, blah.."
      or "you need to first download the xyz.. program to do what you want".
      It's OK to download updates if prompted by legitimate suppliers, when the machine boots, while not yet online.

    • Don't download anything from sites known for adware bundling.
      For any online downloads, best avoid using CNET, Download.com, BrotherSoft, or Softonic
      They package their own "downloaders" and, without notice, deliver serious adware in addition to the desired free programs.
      Unfortunately, the results may be disastrous for your machine.
      FileHippo and MajorGeeks have been better, so far, as sources for downloading software.
      The website of any program's original author is best of all.

    • Avoid Using P2P file sharing programs
      This includes µTorrent, Bearshare, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
      The Unethical have "planted" thousands upon thousands of infections and Adware items in the shared torrent files.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144178

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice