Win32:Evo-gen [susp]

[Barrett123]

-Avast tells me I have a problem: Win32:Evo-gen [susp] virus. I initially ran Sophos Virus Remover which found a trojan it called Mal/ZAccConf-A and removed it. I then ran TDSS killer which found nothing. I ran Rkill from safe mode and then ran Malwarebytes. No problems found. I then ran Hitman Pro. No problems found. Ran Emsisoft which found 8 problems in the registry which it quarantined (but 2 of which keep returning):
-Value: HKEY_USERS\S-1-5-21-2514036184-4216127861-4247844256-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
-Value: HKEY_USERS\S-1-5-21-2514036184-4216127861-4247844256-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
I ran Adwcleaner and Junkware removal tool removed some small items. Everything looks good ... except Avast says I still have the same problem. The associated file is C:/Windows/system32/drivers/sdvo.sys. I've quarantined it and even deleted it via Avast, but it returns. I've had it analyzed by VirusTotal and it checks out clean.
-The only problems I've noticed is that at some point the DNS Client service became disabled and won't restart because "the system cannot find the path specified".
Any idea what's going on, 'cause I'm lost.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz, x64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 3316 Mb
Graphics Card: Intel(R) Q35 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 114370 MB, Free - 62485 MB;
Motherboard: Dell Inc., 0PU052
Antivirus: avast! Antivirus, Updated and Enabled

 

[Barrett123]

Apparently the Junk File Removal tool is responsible for Emsisoft flagging the two register entries. A scan by Emsisoft after removing JFT came clean. A boot scan by Avast was clean, but a quick scan after boot still showed the Win32:Evo-gen threat. Still no DNS Client service.

 

[Nevan]

Hello, Barrett123. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

• Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
• If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
• Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
• You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
• Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
• The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
• I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
• Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
• Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
• Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started

[hr][/hr]
First, I'd like to have a look at your system. Please, do the following:

FRST Scan

Download Farbar Recovery Scan Tool and save it to your Desktop. There are two different versions:

• Click here to download the 32-bit version.
• Click here to download the 64-bit version.

If you don't know which version you should use, download one of them and check if it's working or not. If it doesn't, download the second one. Once you have the right one, perform the instructions below.

1. Right click FRST.exe (or FRST64.exe) and click Run as administrator. When the tool opens click Yes to disclaimer.
2. Make sure that Addition.txt is checked and press the Scan button.
3. It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
4. Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

[hr][/hr]
Things that should appear in your next post:

• FRST.txt log content
• Addition.txt log content

 

[Barrett123]

Hi Nevan.. Here's the info. Thanks for the help!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by Owner (administrator) on OWNER-PC on 21-02-2015 01:30:09
Running from C:\Users\Owner\Desktop\toolkit
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LastPass) C:\Program Files\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1243864 2015-02-03] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-01-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2015-02-12] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-12] (Apple Inc.)
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...\Run: [cdloader] => C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2015-01-15] (magicJack L.P.)
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-12] (Google Inc.)
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-01-26] (Glarysoft Ltd)
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-26] (Piriform Ltd)
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000 -> {57B49EAC-BE8C-4928-B7B6-5550C22CDC73} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4yz06ugf.default-1405001387334
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2514036184-4216127861-4247844256-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2514036184-4216127861-4247844256-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2514036184-4216127861-4247844256-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2514036184-4216127861-4247844256-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: HTTPS-Everywhere - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4yz06ugf.default-1405001387334\Extensions\[email protected] [2014-12-28]
FF Extension: LastPass - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4yz06ugf.default-1405001387334\Extensions\[email protected] [2014-10-16]
FF Extension: Ghostery - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4yz06ugf.default-1405001387334\Extensions\[email protected] [2014-12-27]
FF Extension: RequestPolicy - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4yz06ugf.default-1405001387334\Extensions\[email protected] [2014-12-28]
FF Extension: NoScript - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4yz06ugf.default-1405001387334\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4yz06ugf.default-1405001387334\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-27]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-31]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Unfriend Notify for Facebook) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-02-18]
CHR Extension: (Duolingo on the Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-02-02]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2012-08-25]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2015-02-19]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2014-08-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-02-14]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-20]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-20]
CHR Extension: (Google Calendar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-02-19]
CHR Extension: (Blur) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-01-20]
CHR Extension: (Full Screen Weather) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-02-19]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-19]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-02-14]
CHR Extension: (Disconnect) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-11-13]
CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-07]
CHR Extension: (LastPass Vault) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-02-14]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Stylist) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabfempgigicdjjlccdgnbmeggkbjdhd [2014-10-27]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-20]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2012-12-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1052472 2011-11-23] (COMODO)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2015-02-03] (COMODO)
S3 cmdvirth; C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe [1664216 2015-02-03] (COMODO)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-02-17] (SurfRight B.V.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-04-07] (NETGEAR)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Owner\AppData\Local\temp\7zS2C4E\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-02-13] (Emsisoft GmbH)
R0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15968 2013-03-14] (Advanced Micro Devices, Inc.)
S3 analog; C:\Windows\System32\DRIVERS\analog.sys [11264 2011-02-01] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-12] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-02-13] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [618072 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2015-01-30] (COMODO)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2014-10-26] (Glarysoft Ltd)
S3 iegdmini; C:\Windows\System32\DRIVERS\iegdmini.sys [1677440 2011-02-01] (Intel Corporation) [File not signed]
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-01-30] (COMODO)
S3 lvds; C:\Windows\System32\DRIVERS\lvds.sys [10496 2011-02-01] () [File not signed]
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2013-08-25] (CACE Technologies, Inc.)
S3 rtl8192U; C:\Windows\System32\DRIVERS\rtl8192U.sys [1487392 2010-04-13] (Realtek Semiconductor Corporation )
S4 sdvo; C:\Windows\System32\DRIVERS\sdvo.sys [38784 2011-02-01] () [File not signed]
S3 tv; C:\Windows\System32\DRIVERS\tv.sys [36864 2011-02-01] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 20:31 - 2015-02-19 20:31 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Desktop\SysInfo.exe
2015-02-19 17:20 - 2015-02-19 17:20 - 23732069 _____ () C:\Users\Owner\Desktop\cce_2.5.242177.201_x32.zip
2015-02-19 17:20 - 2015-02-19 17:20 - 00000000 ____D () C:\Users\Owner\Desktop\cce_2.5.242177.201_x32
2015-02-19 15:22 - 2015-02-19 15:22 - 00000000 ____D () C:\Users\Owner\Desktop\driverview
2015-02-19 15:21 - 2015-02-19 15:21 - 00045208 _____ () C:\Users\Owner\Desktop\driverview.zip
2015-02-19 13:14 - 2015-02-19 13:14 - 00022366 _____ () C:\Users\Owner\Desktop\Attach.txt
2015-02-18 13:51 - 2015-02-18 13:51 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2015-02-18 13:21 - 2015-02-18 13:21 - 00003556 _____ () C:\Users\Owner\Desktop\Rkill.txt
2015-02-17 00:21 - 2015-02-17 00:21 - 22892794 _____ (Audacity Team ) C:\Users\Owner\Downloads\Audacity_v2.0.6.exe
2015-02-16 17:37 - 2015-02-16 17:37 - 00415232 _____ (Farbar) C:\Users\Owner\Desktop\FSS.exe
2015-02-16 17:37 - 2015-02-16 17:37 - 00003658 _____ () C:\Users\Owner\Desktop\FSS.txt
2015-02-15 11:42 - 2015-02-15 11:42 - 01121208 _____ () C:\Users\Owner\Downloads\ProcessMonitor.zip
2015-02-15 11:42 - 2015-02-15 11:42 - 00000000 ____D () C:\Users\Owner\Downloads\ProcessMonitor
2015-02-15 11:17 - 2015-02-15 11:17 - 00003528 ____N () C:\bootsqm.dat
2015-02-15 10:24 - 2015-02-16 20:20 - 00001094 _____ () C:\Windows\PFRO.log
2015-02-14 17:48 - 2015-02-21 01:30 - 00000000 ____D () C:\FRST
2015-02-14 12:53 - 2015-02-14 12:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-02-14 12:13 - 2015-02-20 21:49 - 00003640 _____ () C:\Windows\setupact.log
2015-02-14 12:13 - 2015-02-14 12:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-13 15:23 - 2015-02-13 15:23 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-13 15:23 - 2015-02-13 15:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-13 15:23 - 2015-01-08 20:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-13 14:35 - 2015-02-13 14:35 - 00024441 _____ () C:\Users\Owner\Downloads\Result.txt
2015-02-13 14:21 - 2015-02-21 01:30 - 00000000 ____D () C:\Users\Owner\Desktop\toolkit
2015-02-13 14:01 - 2015-02-13 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-13 13:58 - 2015-02-13 13:59 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.08.3.1004.exe
2015-02-13 13:03 - 2015-02-13 13:03 - 00000994 _____ () C:\Windows\system32\.crusader
2015-02-13 12:00 - 2015-02-19 22:02 - 00000000 ____D () C:\EEK
2015-02-13 11:54 - 2015-02-13 11:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-13 11:54 - 2015-02-13 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-13 11:54 - 2015-02-13 11:54 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-13 11:52 - 2015-02-13 11:53 - 10288040 _____ (SurfRight B.V.) C:\Users\Owner\Desktop\HitmanPro.exe
2015-02-13 11:37 - 2015-02-13 11:37 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\iExplore.exe
2015-02-12 15:51 - 2015-02-12 15:51 - 00000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2015-02-12 13:15 - 2015-02-12 13:15 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-12 13:15 - 2015-02-12 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-12 13:14 - 2015-02-12 13:15 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-12 13:14 - 2015-02-12 13:15 - 00000000 ____D () C:\Program Files\iTunes
2015-02-12 13:14 - 2015-02-12 13:14 - 00000000 ____D () C:\Program Files\iPod
2015-02-12 13:03 - 2015-02-12 13:03 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-12 13:03 - 2015-02-12 13:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-12 13:03 - 2015-02-12 13:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-12 13:03 - 2015-02-12 13:03 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-12 13:03 - 2015-02-12 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-12 13:03 - 2015-02-12 13:03 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-12 12:07 - 2015-02-12 12:07 - 00000000 ____D () C:\Users\Owner\Desktop\JavaRa-2.6
2015-02-12 11:55 - 2015-02-12 11:55 - 00001878 _____ () C:\AdwCleaner[S7].txt
2015-02-12 11:55 - 2015-02-12 11:55 - 00001817 _____ () C:\AdwCleaner[R28].txt
2015-02-12 11:52 - 2015-02-12 11:52 - 00001756 _____ () C:\AdwCleaner[R27].txt
2015-02-11 12:58 - 2015-02-11 12:58 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 12:58 - 2015-01-22 21:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-10 16:15 - 2015-02-10 16:15 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 16:15 - 2015-02-10 16:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 16:15 - 2015-02-10 16:15 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 16:15 - 2015-02-10 16:15 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 16:15 - 2015-02-10 16:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 16:15 - 2015-02-10 16:15 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 16:15 - 2015-02-10 16:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 16:15 - 2015-02-10 16:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 16:15 - 2015-02-10 16:15 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 16:15 - 2015-02-10 16:15 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 16:15 - 2015-02-10 16:15 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 16:15 - 2015-02-10 16:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 16:15 - 2015-01-08 19:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 16:14 - 2015-02-10 16:14 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-10 16:14 - 2015-02-10 16:14 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 16:14 - 2015-02-10 16:14 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 16:14 - 2015-02-10 16:14 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 16:14 - 2015-02-10 16:14 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 16:14 - 2015-02-10 16:14 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 16:14 - 2015-02-10 16:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 16:14 - 2015-02-10 16:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 16:14 - 2015-01-11 20:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 16:14 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 16:14 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 16:13 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 16:13 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 16:13 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 15:40 - 2015-02-10 15:40 - 00000000 ____D () C:\ProgramData\Sophos
2015-02-10 15:40 - 2015-02-10 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-02-10 15:40 - 2015-02-10 15:40 - 00000000 ____D () C:\Program Files\Sophos
2015-02-09 23:05 - 2015-02-18 14:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-05 18:14 - 2015-02-20 23:00 - 01420731 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 13:27 - 2015-01-26 13:27 - 00001775 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-26 13:27 - 2015-01-26 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-26 13:26 - 2015-01-26 13:27 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-26 13:23 - 2015-01-26 13:24 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2015-01-26 13:23 - 2015-01-26 13:23 - 00001458 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2015-01-26 13:06 - 2015-01-26 13:06 - 14893616 _____ () C:\Users\Owner\Downloads\Glary_Utilities_v5.17.0.30.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 01:21 - 2012-07-14 00:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 00:58 - 2012-08-24 17:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 00:31 - 2013-08-12 13:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514036184-4216127861-4247844256-1000UA.job
2015-02-20 21:49 - 2013-08-12 13:37 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-20 20:21 - 2012-07-14 00:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 17:31 - 2013-08-12 13:10 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514036184-4216127861-4247844256-1000Core.job
2015-02-20 10:30 - 2009-07-13 22:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 10:30 - 2009-07-13 22:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 10:27 - 2010-11-20 15:01 - 00186312 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 10:24 - 2014-05-14 11:58 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-20 10:23 - 2014-05-14 11:58 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2015-02-20 10:23 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 22:00 - 2014-04-08 01:26 - 00216584 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-02-19 21:22 - 2012-07-14 00:08 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 18:34 - 2014-08-12 14:23 - 00005000 _____ () C:\ProgramData\hpzinstall.log
2015-02-19 18:32 - 2014-08-12 16:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2015-02-19 18:29 - 2014-08-12 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-19 11:18 - 2013-11-13 01:08 - 00000000 ____D () C:\Users\Owner\Desktop\LuAnns Stuff
2015-02-18 13:48 - 2013-11-24 21:30 - 00000000 ____D () C:\AdwCleaner
2015-02-18 13:23 - 2014-04-20 16:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 20:28 - 2012-08-20 18:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\Paint.NET
2015-02-16 20:27 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-16 20:19 - 2014-11-13 00:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Notepad++
2015-02-16 19:18 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-14 18:11 - 2013-12-23 18:11 - 00000000 ____D () C:\Users\Owner\Desktop\Barry
2015-02-14 17:11 - 2012-08-01 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-02-14 17:11 - 2012-08-01 00:26 - 00000000 ____D () C:\Program Files\Comodo
2015-02-14 16:39 - 2009-07-13 22:53 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 11:52 - 2015-01-03 23:12 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-02-14 11:47 - 2012-06-22 11:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-13 15:39 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing
2015-02-13 14:00 - 2014-04-17 12:18 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-13 13:03 - 2014-08-21 14:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 12:32 - 2014-08-21 14:32 - 00000000 ___RD () C:\Users\Owner\Dropbox
2015-02-13 12:32 - 2014-08-21 14:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-02-12 13:15 - 2012-08-21 12:01 - 00106928 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi.dll
2015-02-12 13:14 - 2014-04-17 12:58 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-02-12 13:14 - 2013-01-01 18:28 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-12 13:03 - 2012-09-06 11:43 - 00000000 ____D () C:\Program Files\Java
2015-02-12 12:59 - 2013-10-02 18:49 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-10 17:04 - 2009-07-13 22:33 - 00328496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 16:58 - 2013-07-18 22:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 16:53 - 2012-06-22 13:25 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 18:14 - 2012-11-25 00:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Media Player Classic
2015-02-05 00:58 - 2012-08-24 17:12 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 00:58 - 2012-08-24 17:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-30 06:27 - 2014-04-08 01:04 - 00286424 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll
2015-01-30 06:27 - 2014-04-08 01:04 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll
2015-01-30 06:27 - 2011-12-19 17:59 - 00618072 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys
2015-01-30 06:27 - 2011-12-19 17:59 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-01-30 06:27 - 2011-12-19 17:59 - 00041248 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-01-30 06:27 - 2011-12-19 17:59 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-01-30 06:27 - 2011-12-19 17:58 - 00386768 _____ (COMODO) C:\Windows\system32\guard32.dll
2015-01-30 06:27 - 2011-12-19 17:58 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-01-29 22:29 - 2012-07-09 16:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2015-01-26 16:59 - 2014-02-19 15:28 - 00074024 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-26 13:24 - 2014-04-17 12:27 - 00000000 ____D () C:\Program Files\LibreOffice 4
2015-01-26 13:08 - 2014-05-14 11:58 - 00001014 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-26 13:08 - 2014-05-14 11:58 - 00001002 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-26 12:51 - 2012-07-14 00:08 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-26 12:51 - 2012-07-14 00:08 - 00000000 ____D () C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2013-08-18 18:21 - 2014-10-16 10:07 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-02-12 15:51 - 2015-02-12 15:51 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2014-12-17 10:33 - 2014-12-17 10:33 - 0000000 _____ () C:\Users\Owner\AppData\Local\{826018AF-6499-4061-94CF-D8FF6A0FC597}
2014-09-28 14:48 - 2014-09-28 14:48 - 0000000 _____ () C:\Users\Owner\AppData\Local\{D168671C-5762-48BF-9E3B-20CA75849C54}
2014-08-12 14:23 - 2015-02-19 18:34 - 0005000 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpazqbqu.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-07-13 11:37

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-02-2015 01
Ran by Owner at 2015-02-21 01:30:47
Running from C:\Users\Owner\Desktop\toolkit
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3D Home Architect Deluxe (HKLM\...\3D Home Architect Deluxe 2.2) (Version: - )
7-Zip 9.21 (HKLM\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 3.1.0 - Amazon Services LLC)
Amazon Music Importer (Version: 3.1.0 - Amazon Services LLC) Hidden
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
COMODO GeekBuddy (HKLM\...\COMODO GeekBuddy) (Version: 3.3.217083.59 - COMODO)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.9.23255.2196 - COMODO Security Solutions Inc.)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Duplicate File Finder (HKLM\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.5 - Ashisoft)
Family Tree Maker 2012 (HKLM\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Glary Undelete 1.8.0.468 (HKLM\...\Glary Undelete_is1) (Version: - Glarysoft.com)
Glary Utilities 5.17 (HKLM\...\Glary Utilities 5) (Version: 5.17.0.30 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
HL-2270DW (HKLM\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java 7 Update 76 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
K-Lite Codec Pack 6.6.6 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.6.6 - )
LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)
LibreOffice 4.3.5.2 (HKLM\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
magicJack (HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.2.28.24.exe - NETGEAR Inc.)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
Plex Media Server (HKLM\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (Version: 0.9.1107 - Plex, Inc.) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SlimCleaner (HKLM\...\{955E709F-0C73-449C-A9F6-863D3C82FDA8}) (Version: 4.0.30422 - SlimWare Utilities, Inc.)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Stellarium 0.13.0 (HKLM\...\Stellarium_is1) (Version: 0.13.0 - Stellarium team)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2514036184-4216127861-4247844256-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

12-02-2015 12:41:52 Revo Uninstaller's restore point - Java 8 Update 31
12-02-2015 12:51:26 Revo Uninstaller's restore point - JavaFX 2.1.1
12-02-2015 12:51:42 Removed JavaFX 2.1.1
12-02-2015 12:59:07 Installed Java 7 Update 67
12-02-2015 13:12:34 Installed iTunes
13-02-2015 15:23:28 Windows Update
13-02-2015 15:45:09 Windows Update
14-02-2015 12:52:54 Checkpoint by HitmanPro
14-02-2015 17:11:13 Revo Uninstaller's restore point - Comodo Dragon
14-02-2015 18:03:04 Revo Uninstaller's restore point - PC Services Optimizer
14-02-2015 18:05:08 Revo Uninstaller's restore point - SecondLifeViewer (remove only)
16-02-2015 18:03:23 Windows Backup
16-02-2015 18:06:24 Windows Backup
16-02-2015 18:06:59 Windows Backup
16-02-2015 18:12:51 Windows Backup
16-02-2015 18:15:19 Windows Backup
16-02-2015 20:18:19 Revo Uninstaller's restore point - Notepad++
16-02-2015 20:26:39 Revo Uninstaller's restore point - paint.net
16-02-2015 20:26:56 Removed paint.net
19-02-2015 18:29:04 Revo Uninstaller's restore point - HP Smart Web Printing 4.51
19-02-2015 18:33:13 Revo Uninstaller's restore point - HP Customer Participation Program 13.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2012-08-01 03:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15B1C075-6933-41CF-BFB0-3B3431E0BA69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2514036184-4216127861-4247844256-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-12] (Google Inc.)
Task: {25234EA7-FB96-4530-88CB-3A87306F46D5} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {347E75E7-7E89-4B6B-931E-10AEBF3284BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-26] (Piriform Ltd)
Task: {36DA5607-D733-442A-94C2-65B34C655614} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-03] (COMODO)
Task: {437761D6-828A-4C8C-B093-0876361821BA} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)
Task: {622632D3-5DCC-4C29-9C54-D9E9E588EB90} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {69B92CC5-744D-4CE6-BECF-157C710A51E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {8A8BE293-5FA0-4FF8-B12E-AEDCE6279182} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-25] (Adobe Systems Incorporated)
Task: {8B93EB35-6CE9-4015-8CF1-9AE0AD01C677} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2015-01-26] (Glarysoft Ltd)
Task: {91148F56-4822-4761-9DCC-2FE0558727DF} - \Driver Booster Update No Task File <==== ATTENTION
Task: {A5855775-9F1B-42CF-A414-CB28AB1C03F8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)
Task: {A5F3E0D1-AD13-4A7D-8652-641AAE615DAB} - System32\Tasks\avastBCLRestartS-1-5-21-2514036184-4216127861-4247844256-1000 => Chrome.exe
Task: {C743FF40-9D7B-485B-B787-92EA244A9ABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2514036184-4216127861-4247844256-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-12] (Google Inc.)
Task: {D996B469-693A-4694-B8D3-3CE968CF1E04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {E5165764-C113-4C7B-A03A-7E0234D0FFDF} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-06-21] (SlimWare Utilities, Inc.)
Task: {F90810DD-DCB2-4D63-A1D3-9E41C76D1247} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514036184-4216127861-4247844256-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514036184-4216127861-4247844256-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Run.job => C:\Program Files\SlimCleaner\SlimCleaner.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-19 15:06 - 2015-02-19 15:06 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021901\algo.dll
2015-02-20 14:25 - 2015-02-20 14:25 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15022001\algo.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-12 14:35 - 2014-11-12 14:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-19 01:26 - 2015-01-19 01:26 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
2015-02-19 21:22 - 2015-02-17 16:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
2014-10-18 15:40 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-18 15:40 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-02-19 21:22 - 2015-02-17 16:44 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\uninst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MVIEWER2.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
AlternateDataStreams: C:\Users\Owner\Desktop\Attach.txt:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Desktop\cce_2.5.242177.201_x32.zip:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Desktop\driverview.zip:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Desktop\FSS.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Desktop\FSS.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Desktop\https-everywhere-latest.xpi:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Desktop\https-everywhere-latest.xpi:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Desktop\SysInfo.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Desktop\SysInfo.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Downloads\AmazonMusicImporterInstaller-3.1.0._V320648434_.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\AmazonMusicImporterInstaller-3.1.0._V320648434_.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Downloads\Audacity_v2.0.6.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\Audacity_v2.0.6.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Downloads\Glary_Utilities_v5.14.0.27.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\Glary_Utilities_v5.14.0.27.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Downloads\Glary_Utilities_v5.16.0.29.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\Glary_Utilities_v5.16.0.29.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Downloads\Glary_Utilities_v5.17.0.30.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\Glary_Utilities_v5.17.0.30.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Downloads\mbar-1.08.3.1004.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\mbar-1.08.3.1004.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Downloads\Mozilla_Firefox_v35.0_Beta_1.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\Mozilla_Firefox_v35.0_Beta_1.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Downloads\Plex-Media-Server-0.9.1107.803-87d0708-en-US.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\Plex-Media-Server-0.9.1107.803-87d0708-en-US.exe:$CmdZnID
AlternateDataStreams: C:\Users\Owner\Downloads\ProcessMonitor.zip:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CLPSLS => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: DragonUpdater => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== Accounts: =============================

Administrator (S-1-5-21-2514036184-4216127861-4247844256-500 - Administrator - Disabled)
Guest (S-1-5-21-2514036184-4216127861-4247844256-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2514036184-4216127861-4247844256-1002 - Limited - Enabled)
Owner (S-1-5-21-2514036184-4216127861-4247844256-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2015 10:23:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 10:28:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 10:00:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 06:29:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {74709cff-2bda-45ea-996a-9a0d5060f47e}

Error: (02/19/2015 11:04:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 01:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/20/2015 09:49:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (02/20/2015 09:49:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (02/20/2015 10:25:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (02/20/2015 10:25:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (02/20/2015 10:23:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (02/20/2015 10:23:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/20/2015 10:23:34 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (02/20/2015 10:23:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (02/20/2015 10:23:03 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (02/20/2015 10:23:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (02/20/2015 10:23:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 10:28:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 10:00:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 06:29:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {74709cff-2bda-45ea-996a-9a0d5060f47e}

Error: (02/19/2015 11:04:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 01:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 51%
Total physical RAM: 3316.61 MB
Available physical RAM: 1610.45 MB
Total Pagefile: 6629.46 MB
Available Pagefile: 4547.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:60.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D4261928)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Nevan]

Hello again, Barrett123.

Before we start fixing your computer, could you please tell me if you're aware of the existance of all the following extensions in your Chrome browser?

• Unfriend Notify for Facebook
• Duolingo on the Web
• Awesome Screenshot: Capture & Annotate
• PriceBlink
• Lucidchart Diagrams - Online
• Blur
• Full Screen Weather
• Stylist
• Learn Spanish - Qué Onda

If you don't know some of them, or do not need them anymore, please let me know.

 

[Barrett123]

Hi again Nevan...

-Unfriend Notify- Aware of it. It's listed and enabled but not needed.
-PriceBlink - Aware of it. It's listed, used and enabled.
-Stylist - Aware of it. It's listed, used and enabled.
-Duolingo on the web- Aware of the website, but don't recall this extension. It's not listed or enabled under Chrome extensions. Not needed.
-Lucidchart - Aware of using it once but not listed or enabled under Chrome extensions. Not needed.
-Awesome Screen shots - Aware of it. It's listed but not enabled or needed.
-Learn Spanish - Aware of it. It's not listed or enabled or needed.
-Full Screen weather - Possibly used it. It's not listed or enabled or needed.

-Blur - Unaware of it. It's listed but not enabled. Not needed.

None of these are important, Nevan. I would probably replace Stylist and Priceblink if removed.
Thanks!

 

[Nevan]

Hello, Barrett123.

Let's start with...

WARNING!

One or more of the identified infections on your computer is known to use a backdoor!

Backdoors allow hackers to remotely control your computer, which may result in stealing important system information, files and download and run more malware.

I recommend you to disconnect this PC from the Internet immediately. If you use that computer for banking or any other financial transactions or sensitive information, you should use a malware-free computer to change all passwords where applicable. You should also contact those financial institutions and explain them your situation.

Even if it has been identified and can be deleted, because of the way it affects your computer, that PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this rootkit, the best course of action would be a reformat and reinstall of the operation system.

Please, read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can attempt to clean this machine, but I cannot guarantee that it will be 100% secure again. If you still want to proceed with cleaning process, follow the instructions below.
[hr][/hr]
Step #1
Uninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:

• 7-Zip 9.22beta
• Glary Undelete 1.8.0.468
• Glary Utilities 5.17

[hr][/hr]
Step #2
TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Right click TDSSKiller.exe and select Run as Administrator to run the application. Accept the license agreements, then click on Change parameters.
  
  
• Check all boxes then click OK.
  Note: You will be prompted to reboot. Please do so.
• Click the Start Scan button. This scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure that Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[hr][/hr]
Step #3
FRST Fix

1. Download attached fixlist.txt file to your desktop.
   >> fixlist.txt <<
   NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
2. Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
3. Press the Fix button just once and wait.
   NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
4. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

[hr][/hr]
Things that should appear in your next post:

• TDSSKiller log content
• Fixlog.txt log content
• Please tell me if you have successfully uninstalled all the programs I've asked you to uninstall

 

[Barrett123]

Wow. Okay. Lets see if we can clean this. But first, I uninstalled the first two programs you listed, but am having a problem with Glary Utilities 5.17. Comodo reports that the uninst.exe is trying to execute Au_.exe, Bu_.exe, Cu_.exe, etc. Should I allow it?

 

[Barrett123]

Comodo reports: Defense+malware heuristic analysis has detected possible malware behavior in C:\users\owner\appdata\local\temp\~nsu.temp\au_.exe. However, if you are not sure whether or not au_.exe is a virus, then please submit it to Comodo for analysis.

 

[Nevan]

Yes, you can freely allow these .exe files to run.

 

[Barrett123]

I was able to delete the 3 files you suggested. Had to re-run the TDSS program since Avast quarantined it as an evo-gen virus the first time..so turned off avast, deleted it and re-downloaded it and re-ran it. I can't post that log, however, because it's too long (329365 characters).
Here's the FRST log. I used the FRST program which was on my desktop rather than the FRST64 program you mentioned in your message.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by Owner at 2015-02-21 17:56:01 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-01-26] (Glarysoft Ltd)
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2014-10-26] (Glarysoft Ltd)
CHR Extension: (Unfriend Notify for Facebook) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-02-18]
CHR Extension: (Duolingo on the Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-02-02]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2012-08-25]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2014-08-05]
CHR Extension: (Blur) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-01-20]
CHR Extension: (Full Screen Weather) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-02-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-02-14]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2012-12-20]
2015-02-20 10:24 - 2014-05-14 11:58 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-20 10:23 - 2014-05-14 11:58 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2015-01-26 13:08 - 2014-05-14 11:58 - 00001014 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-26 13:08 - 2014-05-14 11:58 - 00001002 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
Task: {25234EA7-FB96-4530-88CB-3A87306F46D5} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {8B93EB35-6CE9-4015-8CF1-9AE0AD01C677} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2015-01-26] (Glarysoft Ltd)
Task: {91148F56-4822-4761-9DCC-2FE0558727DF} - \Driver Booster Update No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
Hosts:
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state off
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GUDelayStartup => Value not found.
"HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2514036184-4216127861-4247844256-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
GUBootStartup => Service not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj => Moved successfully.
"C:\Windows\Tasks\GlaryInitialize 5.job" => File/Directory not found.
"C:\Program Files\Glary Utilities 5" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk" => File/Directory not found.
"C:\Users\Public\Desktop\Glary Utilities 5.lnk" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25234EA7-FB96-4530-88CB-3A87306F46D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25234EA7-FB96-4530-88CB-3A87306F46D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B93EB35-6CE9-4015-8CF1-9AE0AD01C677} => Key not found.
C:\Windows\System32\Tasks\GlaryInitialize 5 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 5 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91148F56-4822-4761-9DCC-2FE0558727DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91148F56-4822-4761-9DCC-2FE0558727DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
C:\Windows\Tasks\GlaryInitialize 5.job not found.
C:\ProgramData\TEMP => ":BC359956" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {A9021C37-DC2F-4DC9-A141-5D7E875C9784}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========


An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state off =========


An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => Removed 180.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:56:46 ====

 

[Barrett123]

Should have mentioned that the TDSS scan log came up clean.

17:32:45.0033 0x0c38 Scan finished
17:32:45.0033 0x0c38 ============================================================
17:32:45.0042 0x0bb8 Detected object count: 0
17:32:45.0042 0x0bb8 Actual detected object count: 0
17:33:08.0160 0x0900 Deinitialize success

 

[Barrett123]

Should also mention that Avast now reports no evo-gen virus and the DNS client works again. I think you've fixed it! Very curious about the name of the virus, how I got it, and for how long. I allowed a MagicJack tech remote access to my computer a couple of weeks ago...my router kept losing it's mac address and he was going to static port the device. Never happened though, since we got cut off at some point.

 

[Nevan]

I'm sorry for the error with the name of FRST.exe. I haven't noticed that you used a 32-bit version.

I can't really tell you the name of the infection as I'm not exactly sure myself as you haven't posted that long TDSSKiller log.

Do you still have it? In case you do, try attaching it to your post.

Also, could you please tell me if you can now use Task Manager? (CTRL+ALT+DELETE)

 

[Barrett123]

Nevan.. didn't know I could attach a file. Here is the TDSS log.
I can use the task manager... it was never a problem as far as I know.
When I initially got the avast warning, I ran Sophos which removed "Mal/ZAccConf-A."