Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer running slow


  • This topic is locked This topic is locked

#16
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service System guard stopped successfully!
Service System guard deleted successfully!
File C:\Program Files\KeyDownload\KeyPlayr\guardnot.exe not found.
Service KDUpdater stopped successfully!
Service KDUpdater deleted successfully!
File \?\C:\Users\jim\AppData\Local\Temp\KDUpdSrv.exe [WARNING: \?\C:\Users\jim\AppData\Local\Temp\KDUpdSrv.exe] not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2857200164-3729861948-2052089129-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_48 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg deleted successfully.
C:\Program Files\pcmax\service.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2857200164-3729861948-2052089129-1001\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg deleted successfully.
File C:\Program Files\pcmax\service.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Program Files\pcmax folder moved successfully.
C:\Program Files\GUM3928.tmp\GoogleCrashHandler.exe deleted successfully.
C:\Program Files\GUM3928.tmp\GoogleCrashHandler64.exe deleted successfully.
C:\Program Files\GUM3928.tmp\GoogleUpdate.exe deleted successfully.
C:\Program Files\GUM3928.tmp\GoogleUpdateBroker.exe deleted successfully.
C:\Program Files\GUM3928.tmp\GoogleUpdateHelper.msi deleted successfully.
C:\Program Files\GUM3928.tmp\GoogleUpdateOnDemand.exe deleted successfully.
C:\Program Files\GUM3928.tmp\GoogleUpdateSetup.exe deleted successfully.
C:\Program Files\GUM3928.tmp\goopdate.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_am.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ar.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_bg.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_bn.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ca.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_cs.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_da.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_de.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_el.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_en-GB.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_en.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_es-419.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_es.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_et.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_fa.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_fi.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_fil.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_fr.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_gu.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_hi.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_hr.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_hu.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_id.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_is.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_it.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_iw.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ja.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_kn.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ko.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_lt.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_lv.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ml.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_mr.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ms.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_nl.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_no.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_pl.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_pt-BR.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_pt-PT.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ro.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ru.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_sk.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_sl.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_sr.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_sv.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_sw.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ta.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_te.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_th.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_tr.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_uk.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_ur.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_vi.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_zh-CN.dll deleted successfully.
C:\Program Files\GUM3928.tmp\goopdateres_zh-TW.dll deleted successfully.
C:\Program Files\GUM3928.tmp\npGoogleUpdate3.dll deleted successfully.
C:\Program Files\GUM3928.tmp\psmachine.dll deleted successfully.
C:\Program Files\GUM3928.tmp\psuser.dll deleted successfully.
C:\Program Files\GUM3928.tmp folder deleted successfully.
C:\Program Files\GUT3939.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jim\Desktop\cmd.bat deleted successfully.
C:\Users\jim\Desktop\cmd.txt deleted successfully.
C:\Users\jim\Downloads\Setup (6).exe moved successfully.
C:\Users\jim\AppData\Local\Temp\n8\s8.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: jim
->Temp folder emptied: 2638691 bytes
->Temporary Internet Files folder emptied: 168661449 bytes
->Java cache emptied: 135574 bytes
->Google Chrome cache emptied: 98370183 bytes
->Flash cache emptied: 9611 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 530558 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 5110834 bytes

Total Files Cleaned = 263.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06222014_123018

Files\Folders moved on Reboot...
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

  • 0

Advertisements


#17
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I still get web site that just come up driver update ads and media player ads
  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

I still get web site that just come up driver update ads and media player ads


What browser do you get the pop ups in ?

Post a new OTL Log, quick scan.
  • 0

#19
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
google chome OTL logfile created on: 6/22/2014 1:23:24 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jim\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.81% Memory free
3.98 Gb Paging File | 3.27 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 434.19 Gb Free Space | 93.22% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/22 13:18:35 | 000,370,176 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\MSR\Privoxy\privoxy.exe
PRC - [2014/06/22 10:55:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jim\Desktop\OTL.exe
PRC - [2014/06/22 10:26:37 | 000,389,992 | ---- | M] (VM Host Corporation) -- C:\ProgramData\UpdateServer\1403457996\webdev.exe
PRC - [2014/05/04 07:57:25 | 000,372,032 | ---- | M] (Media Corporation) -- C:\ProgramData\MediaDev\1399215444\mediadev.exe
PRC - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/25 20:39:45 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)
SRV - [2014/06/22 10:26:37 | 000,389,992 | ---- | M] (VM Host Corporation) [Auto | Running] -- C:\ProgramData\UpdateServer\1403457996\webdev.exe -- (WinDevSvc)
SRV - [2014/06/20 05:59:28 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/30 01:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/04 07:57:25 | 000,372,032 | ---- | M] (Media Corporation) [Auto | Running] -- C:\ProgramData\MediaDev\1399215444\mediadev.exe -- (MediaDevSrv)
SRV - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe -- (System Update kb70007)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/02 03:11:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE
- HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...IE8SRC<br /> IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ceid=ie7<br />
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE
- HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE
- HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE
- HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D4 2C 0A 0C A2 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...IE11SR<br /> IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...nUS550<br /> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://att.yahoo.com/mail
CHR
- plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Play Books = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.9_0\
CHR - Extension: Google Wallet = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/06/22 12:39:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [cdloader] C:\Users\jim\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AB4A89B-534C-4591-BA56-1ACFB14EF603}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b326da4-6d86-11e3-8015-001cc0703165}\Shell - "" = AutoRun
O33 - MountPoints2\{4b326da4-6d86-11e3-8015-001cc0703165}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/22 12:30:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/22 10:55:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jim\Desktop\OTL.exe
[2014/06/22 10:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\UpdateServer
[2014/06/22 10:08:44 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/22 09:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSR
[2014/06/22 09:50:03 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/22 09:39:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/22 07:43:42 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/06/17 16:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\FLVM Player
[2014/06/17 16:09:37 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/06/15 07:46:13 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft
[2014/06/12 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\jim\Desktop\06-12-2014
[2014/06/11 22:08:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/06/11 05:53:53 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\serv

========== Files - Modified Within 30 Days ==========

[2014/06/22 13:28:05 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job
[2014/06/22 13:18:31 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/22 13:18:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/22 13:18:07 | 1602,404,352 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/22 13:10:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/22 13:08:13 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job
[2014/06/22 13:02:23 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 13:02:23 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 12:49:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/22 12:39:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/22 10:55:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jim\Desktop\OTL.exe
[2014/06/15 07:46:26 | 000,000,070 | ---- | M] () -- C:\extensions.ini
[2014/06/15 07:46:26 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2014/06/12 17:59:21 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk

========== Files Created - No Company Name ==========

[2014/06/18 15:18:53 | 000,000,254 | ---- | C] () -- C:\Windows\tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job
[2014/06/15 07:46:26 | 000,000,070 | ---- | C] () -- C:\extensions.ini
[2014/06/15 07:46:26 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2014/06/12 17:59:21 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2014/05/04 08:02:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/09 11:19:55 | 000,007,597 | ---- | C] () -- C:\Users\jim\AppData\Local\Resmon.ResmonCfg
[2013/12/07 11:04:36 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/11/16 14:26:38 | 000,087,552 | R--- | C] () -- C:\Users\jim\AppData\Roaming\Other.res
[2013/08/25 20:45:10 | 000,000,258 | RHS- | C] () -- C:\Users\jim\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/26 09:47:54 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/10 06:55:50 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\IDM2
[2014/02/27 10:13:30 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\istcleaner
[2014/05/11 08:41:40 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\mjusbsp
[2014/06/11 05:53:53 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\serv
[2013/09/14 09:21:42 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Temp
[2014/06/22 10:26:41 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\UpdateServ
[2014/04/05 10:07:25 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Visan

========== Purity Check ==========



< End of report >

  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello jim,

Next

We need to do another fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
    File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
    SRV - [2014/05/04 07:57:25 | 000,372,032 | ---- | M] (Media Corporation) [Auto | Running] -- C:\ProgramData\MediaDev\1399215444\mediadev.exe -- (MediaDevSrv)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)
    O4 - HKCU..\Run: [TWC.Win7] C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe File not found
    [2014/06/22 13:28:05 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job
    [2014/06/18 15:18:53 | 000,000,254 | ---- | C] () -- C:\Windows\tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job
    
    :Files
    
    ipconfig /flushdns /c
    C:\Users\jim\AppData\Roaming\istcleaner
    C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)
    
    :Commands
    [emptytemp]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Next

I'd like to see another scan too called(FRST), Download it to the desktop, not the downloads folder. If it ends up in the downloads folder drag(FRST) to the desktop.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. You will be the non 64Bit version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
In your next reply post:
1- OTL Fix log.
2- New OTL after quick scan.
3- FRST.TXT
4- Addition.txt

Thanks
Joe :)
  • 0

#21
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Service MediaDevSrv stopped successfully!
Service MediaDevSrv deleted successfully!
C:\ProgramData\MediaDev\1399215444\mediadev.exe moved successfully.
Service pcmaxservice stopped successfully!
Service pcmaxservice deleted successfully!
File C:\Program Files\pcmax\pcmax.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TWC.Win7 deleted successfully.
C:\Windows\Tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job moved successfully.
File C:\Windows\tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jim\Desktop\cmd.bat deleted successfully.
C:\Users\jim\Desktop\cmd.txt deleted successfully.
C:\Users\jim\AppData\Roaming\istcleaner\logfolder folder moved successfully.
C:\Users\jim\AppData\Roaming\istcleaner folder moved successfully.
File\Folder C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice) not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: jim
->Temp folder emptied: 12599797 bytes
->Temporary Internet Files folder emptied: 124766142 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 23366444 bytes
->Flash cache emptied: 15231 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526582 bytes
RecycleBin emptied: 642863 bytes

Total Files Cleaned = 154.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06222014_154751

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

  • 0

#22
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014 Ran by jim at 2014-06-22 16:25:48 Running from C:\Users\jim\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) aioscnnr (Version: 5.8.10.0 - Your Company Name) Hidden aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden File Identifier version 1.0.3 (HKLM\...\File Identifier_is1) (Version: 1.0.3 - ) File Viewer version 1.0.2 (HKLM\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.0.2 - Sharpened Productions) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company) magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.) Media Player Packages (HKCU\...\Media Player Packages) (Version: - ) <==== ATTENTION Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.12992 - RocketLife Inc.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1032 - SUPERAntiSpyware.com) System Update kb70007 (Version: 1.0.0 - MSR) Hidden VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) ==================== Restore Points ========================= 20-05-2014 22:26:53 Windows Update 24-05-2014 13:07:32 Windows Update 30-05-2014 12:51:56 Windows Update 03-06-2014 12:56:41 Windows Update 07-06-2014 22:23:58 Windows Update 11-06-2014 13:38:12 Windows Update 12-06-2014 13:24:25 Windows Update 18-06-2014 00:26:04 Windows Update 19-06-2014 12:51:40 Removed KeyPlayr. 19-06-2014 13:00:10 Removed KeyPlayr. 19-06-2014 13:09:13 Removed KeyPlayr. 22-06-2014 14:50:45 OTM Restore Point 22-06-2014 19:31:29 OTL Restore Point - 6/22/2014 12:31:20 PM 22-06-2014 22:48:54 OTL Restore Point - 6/22/2014 3:48:47 PM ==================== Hosts content: ========================== 2009-07-13 19:04 - 2014-06-22 12:39 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {2327D705-A4A5-4213-8081-1F909AE1E107} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-11] (Google Inc.) Task: {383A972F-C3FD-4336-A785-41FBE5A05AB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-11] (Google Inc.) Task: {44663F24-A322-4D2C-92D4-DF3F5A11F7E1} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2014-04-05] () Task: {AF1B58BF-1E7F-4BE2-BEEA-DCA55B13CEB7} - System32\Tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9} => C:\Program Files\KeyDownload\KeyPlayr\start_svc.exe Task: {F3446F95-F7EA-4DF4-A19A-9F08FC0D8011} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-15 07:46 - 2014-04-23 18:52 - 00016384 _____ () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe 2014-06-15 07:46 - 2014-04-23 18:52 - 00033792 _____ () C:\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll 2014-06-15 07:46 - 2014-04-23 18:52 - 00015360 _____ () C:\Windows\Microsoft\System Update kb70007\Installer.dll 2014-06-22 09:56 - 2014-06-22 16:01 - 00086528 _____ () C:\Program Files\MSR\Privoxy\mgwz.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: qknfd Description: qknfd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: qknfd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/22/2014 04:03:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2014 03:01:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2014 01:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2014 00:54:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2014 00:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/22/2014 04:11:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Security Center service terminated with the following error: %%16389 Error: (06/22/2014 04:09:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: %%1070 Error: (06/22/2014 04:09:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The SSDP Discovery service hung on starting. Error: (06/22/2014 04:08:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: %%1070 Error: (06/22/2014 04:08:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The SSDP Discovery service hung on starting. Error: (06/22/2014 04:06:17 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (06/22/2014 04:05:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: %%1070 Error: (06/22/2014 04:05:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The SSDP Discovery service hung on starting. Error: (06/22/2014 04:03:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: %%1070 Error: (06/22/2014 04:03:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The SSDP Discovery service hung on starting. Microsoft Office Sessions: ========================= Error: (06/22/2014 04:03:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2014 03:01:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2014 01:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2014 00:54:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/22/2014 00:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 2037.57 MB Available physical RAM: 1448.63 MB Total Pagefile: 4075.13 MB Available Pagefile: 3350.57 MB Total Virtual: 2047.88 MB Available Virtual: 1910.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.75 GB) (Free:433.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A818A818) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  • 0

#23
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014 Ran by jim (administrator) on JIM-PC on 22-06-2014 17:41:21 Running from C:\Users\jim\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...=============== Processes (Whitelisted) ================= (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (VM Host Corporation) C:\ProgramData\MediaDev\1403477976\mediadev.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (VM Host Corporation) C:\ProgramData\UpdateServer\1403457996\webdev.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe () C:\ProgramData\UpdateTask\vmhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\jim\Downloads\FRST (5).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company) HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Run: [cdloader] => C:\Users\jim\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\MountPoints2: {4b326da4-6d86-11e3-8015-001cc0703165} - E:\ToolLauncher-Bootstrap.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...rosoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2D42C0A0CA2CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...= SearchScopes: HKLM - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...459791&ir= BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...llExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://google.search.com/ CHR StartupUrls: "hxxp://speedial.com/?f=7&a=spd_dnldstr_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDyBtDtAtCyCyD0DyDtD0CtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StCyB0A0AyCyD0F0DtG0D0D0A0CtGtA0DtAyCtG0EyE0B0BtGtD0C0C0C0AyEtAtAtDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FtC0BtDtD0AtG0A0B0A0BtGyCtB0E0DtG0EyEyByDtGtB0FtCtD0EyBtBzzyEyBzy0B2Q&cr=1719459791&ir=", "hxxp://att.yahoo.com/" CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html" CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11] CHR Extension: (Speedial) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-06-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25] CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11] CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11] CHR Extension: (Google Play Books) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-11] CHR Extension: (Google Wallet) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03] CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11] CHR HKLM\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] CHR HKCU\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com) R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company) R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company) R2 MediaDevSrv; C:\ProgramData\MediaDev\1403477976\mediadev.exe [366952 2014-06-22] (VM Host Corporation) R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed] R2 WinDevSvc; C:\ProgramData\UpdateServer\1403457996\webdev.exe [389992 2014-06-22] (VM Host Corporation) ==================== Drivers (Whitelisted) ==================== R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 qknfd; system32\drivers\qknfd.sys [X] ==================== NetSvcs (Whitelisted) ===================
  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
I can't read the log files, the format is all messed up.

TO FIX the format, open notepad, at the top of note pad click on "Format" then put a check mark in "Wordwrap"

RE POST the log files please.

Log should look like this example below, see how it's all lined up....

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by SYSTEM on MININT-AM77Q0R on 12-06-2014 16:09:22
Running from H:\
Platform: Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-17] (Realtek Semiconductor)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [194984 2013-07-20] (Quick Heal Technologies (P) Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-11] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-18] (APN)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
  • 0

#25
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014 Ran by jim (administrator) on JIM-PC on 22-06-2014 17:41:21 Running from C:\Users\jim\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...=============== Processes (Whitelisted) ================= (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (VM Host Corporation) C:\ProgramData\MediaDev\1403477976\mediadev.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (VM Host Corporation) C:\ProgramData\UpdateServer\1403457996\webdev.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe () C:\ProgramData\UpdateTask\vmhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\jim\Downloads\FRST (5).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company) HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Run: [cdloader] => C:\Users\jim\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\MountPoints2: {4b326da4-6d86-11e3-8015-001cc0703165} - E:\ToolLauncher-Bootstrap.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...rosoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2D42C0A0CA2CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...= SearchScopes: HKLM - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...459791&ir= BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...llExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://google.search.com/ CHR StartupUrls: "hxxp://speedial.com/?f=7&a=spd_dnldstr_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDyBtDtAtCyCyD0DyDtD0CtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StCyB0A0AyCyD0F0DtG0D0D0A0CtGtA0DtAyCtG0EyE0B0BtGtD0C0C0C0AyEtAtAtDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FtC0BtDtD0AtG0A0B0A0BtGyCtB0E0DtG0EyEyByDtGtB0FtCtD0EyBtBzzyEyBzy0B2Q&cr=1719459791&ir=", "hxxp://att.yahoo.com/" CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html" CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11] CHR Extension: (Speedial) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-06-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25] CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11] CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11] CHR Extension: (Google Play Books) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-11] CHR Extension: (Google Wallet) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03] CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11] CHR HKLM\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] CHR HKCU\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com) R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company) R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company) R2 MediaDevSrv; C:\ProgramData\MediaDev\1403477976\mediadev.exe [366952 2014-06-22] (VM Host Corporation) R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed] R2 WinDevSvc; C:\ProgramData\UpdateServer\1403457996\webdev.exe [389992 2014-06-22] (VM Host Corporation) ==================== Drivers (Whitelisted) ==================== R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 qknfd; system32\drivers\qknfd.sys [X] ==================== NetSvcs (Whitelisted) ===================
  • 0

Advertisements


#26
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014 Ran by jim (administrator) on JIM-PC on 22-06-2014 17:41:21 Running from C:\Users\jim\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...=============== Processes (Whitelisted) ================= (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (VM Host Corporation) C:\ProgramData\MediaDev\1403477976\mediadev.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (VM Host Corporation) C:\ProgramData\UpdateServer\1403457996\webdev.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe () C:\ProgramData\UpdateTask\vmhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\jim\Downloads\FRST (5).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company) HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Run: [cdloader] => C:\Users\jim\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\MountPoints2: {4b326da4-6d86-11e3-8015-001cc0703165} - E:\ToolLauncher-Bootstrap.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...rosoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2D42C0A0CA2CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...= SearchScopes: HKLM - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...459791&ir= BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...llExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://google.search.com/ CHR StartupUrls: "hxxp://speedial.com/?f=7&a=spd_dnldstr_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDyBtDtAtCyCyD0DyDtD0CtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StCyB0A0AyCyD0F0DtG0D0D0A0CtGtA0DtAyCtG0EyE0B0BtGtD0C0C0C0AyEtAtAtDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FtC0BtDtD0AtG0A0B0A0BtGyCtB0E0DtG0EyEyByDtGtB0FtCtD0EyBtBzzyEyBzy0B2Q&cr=1719459791&ir=", "hxxp://att.yahoo.com/" CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html" CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11] CHR Extension: (Speedial) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-06-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25] CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11] CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11] CHR Extension: (Google Play Books) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-11] CHR Extension: (Google Wallet) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03] CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11] CHR HKLM\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] CHR HKCU\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com) R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company) R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company) R2 MediaDevSrv; C:\ProgramData\MediaDev\1403477976\mediadev.exe [366952 2014-06-22] (VM Host Corporation) R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed] R2 WinDevSvc; C:\ProgramData\UpdateServer\1403457996\webdev.exe [389992 2014-06-22] (VM Host Corporation) ==================== Drivers (Whitelisted) ==================== R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 qknfd; system32\drivers\qknfd.sys [X] ==================== NetSvcs (Whitelisted) ===================
  • 0

#27
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Still can't read the log,

Open NotePad. On the menu select format.
change the Word Wrap setting.
  • 0

#28
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014 Ran by jim (administrator) on JIM-PC on 22-06-2014 17:41:21 Running from C:\Users\jim\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...=============== Processes (Whitelisted) ================= (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (VM Host Corporation) C:\ProgramData\MediaDev\1403477976\mediadev.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (VM Host Corporation) C:\ProgramData\UpdateServer\1403457996\webdev.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe () C:\ProgramData\UpdateTask\vmhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\jim\Downloads\FRST (5).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company) HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Run: [cdloader] => C:\Users\jim\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\MountPoints2: {4b326da4-6d86-11e3-8015-001cc0703165} - E:\ToolLauncher-Bootstrap.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...rosoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2D42C0A0CA2CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...= SearchScopes: HKLM - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...459791&ir= BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...llExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://google.search.com/ CHR StartupUrls: "hxxp://speedial.com/?f=7&a=spd_dnldstr_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDyBtDtAtCyCyD0DyDtD0CtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StCyB0A0AyCyD0F0DtG0D0D0A0CtGtA0DtAyCtG0EyE0B0BtGtD0C0C0C0AyEtAtAtDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FtC0BtDtD0AtG0A0B0A0BtGyCtB0E0DtG0EyEyByDtGtB0FtCtD0EyBtBzzyEyBzy0B2Q&cr=1719459791&ir=", "hxxp://att.yahoo.com/" CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html" CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11] CHR Extension: (Speedial) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-06-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25] CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11] CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11] CHR Extension: (Google Play Books) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-11] CHR Extension: (Google Wallet) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03] CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11] CHR HKLM\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] CHR HKCU\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com) R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company) R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company) R2 MediaDevSrv; C:\ProgramData\MediaDev\1403477976\mediadev.exe [366952 2014-06-22] (VM Host Corporation) R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed] R2 WinDevSvc; C:\ProgramData\UpdateServer\1403457996\webdev.exe [389992 2014-06-22] (VM Host Corporation) ==================== Drivers (Whitelisted) ==================== R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 qknfd; system32\drivers\qknfd.sys [X] ==================== NetSvcs (Whitelisted) ===================
  • 0

#29
jimbo1949

jimbo1949

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I have tried to charge word wrap but when I post it it charges back
  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi Jim


Lets move away from that exercise, I do see more addware too, so lets post a fresh OTL log and deal with it there.

So right click OTL Run as Administrator and do a quick scan, post the log. Just 1 log will be created.

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP