Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Spyware Removal


  • This topic is locked This topic is locked

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Excellent work !

I'll leave you with 2 things to do. I'll check in Tomorrow after work 3pm or so.

Run Malwarebytes and let it remove anything it finds

Then do the Farber recovery scan thing and post both logs additions.txt and FRST.txt

Ready

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log


If there is a problem getting log try this way:
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the Histor tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
Next

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Post the
  • Malwarebyteslog log
  • FRST.txt
  • Additions.txt
  • Thanks
    Joe :)

  • 0

Advertisements


#17
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Thanks for your help.  The system is performing well know.  Please do not take as being "pushy", but give time limit and pending Holidays, I wanted to inquire if I do anything else? 


  • 0

#18
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

I am so sorry for being non-responsive, I did not realize our post had gone to a second page.  Silly me!


  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Not to worry,

Do the steps in post 16. Malwarebytes and Farber Recover scanner, post the log reports when you get time, I understand it's the holidays so no hurry here.

Joe
  • 0

#20
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Ran Malwarebytes:  Here is the Scan log which is below (did not copy over Protection log)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/23/2014
Scan Time: 10:14:47 PM
Logfile: Malwarebytes Scanning History Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.24.01
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346661
Time Elapsed: 12 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836-6.exe, 4660, Delete-on-Reboot, [cb7994d28fedea4c01b58d218f768080]
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\3b919633-fcc1-4c77-82e3-ea433135d2e1.exe, 2028, Delete-on-Reboot, [1232491d4735b284930e232ee51e2cd4]

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, Quarantined, [1430372fc3b9122442deb7207092837d],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\Cinema Video Pro 1.6V22.11, Quarantined, [22226ff76a12b87ed93f441d38cbcd33],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\Cinema Video Pro 1.6V22.11-nv, Quarantined, [f2522e3881fbe155d93f4e135ba8db25],
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema Video Pro 1.6V22.11, Quarantined, [67dd0561136937ff100ad38e0ff430d0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1237201577-3454306764-4109017275-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema Video Pro 1.6V22.11, Quarantined, [a2a2fa6c007c2115c8520a57996a7a86],
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-1237201577-3454306764-4109017275-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re-markit, Quarantined, [ee56382e55273ff7d0545215d62de719],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Cinema Video Pro 1.6V22.11, Quarantined, [1232491d4735b284930e232ee51e2cd4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 11
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11, Delete-on-Reboot, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\userCode, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\icons, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\icons\actions, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\api, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\popupResource, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],

Files: 135
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836-6.exe, Quarantined, [cb7994d28fedea4c01b58d218f768080],
PUP.Optional.Nova.A, C:\Program Files (x86)\Apple Software Update\6f68591c-2963-4be2-a25d-0c05fff72c78.dll, Quarantined, [0c3885e1fb81e74f30c22ccf3bc6649c],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836-11.exe, Quarantined, [d272d096b2caf343b402feb00cf98b75],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836-2.exe, Quarantined, [c0841f47fd7fcb6b4274d2dc47be47b9],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836-3.exe, Quarantined, [073d23436e0ed561a0163c7262a39f61],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836-4.exe, Quarantined, [063e0c5a4c307abcf9bde7c71fe6e917],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836-5.exe, Quarantined, [83c1f76ff38993a3b6000aa40401e020],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836-64.exe, Quarantined, [e361c89e2c50989ee2d46b43c24360a0],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836-7.exe, Quarantined, [bf85570fb7c5a98d08ae8529b35228d8],
PUP.Optional.Nova.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\f52dd56e-3282-4c74-83b5-4bb0af756867.dll, Quarantined, [ba8af670ed8f9b9b935f8378eb16ec14],
PUP.Optional.Crossrider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\utils.exe, Quarantined, [4004f96dc3b987af40e737b8ed14f60a],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-bg.exe, Quarantined, [3a0a4b1ba1db96a04274b2fc47bebc44],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-codedownloader.exe, Quarantined, [90b454121963aa8ccee8208efd082ed2],
PUP.Optional.Iminent.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage, Quarantined, [a3a1b7af136915212cc9a7c581825ea2],
PUP.Optional.Iminent.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage, Quarantined, [5fe5a0c62e4e53e3cc2a521ad330c53b],
PUP.Optional.Groovorio.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmchfpimpbbdmgpcieclabeafkljbhm_0.localstorage, Quarantined, [e85c3a2c74089a9cdb5e3d37748fcb35],
PUP.Optional.Iminent.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, Quarantined, [1a2a16503d3fb87e6404d89d17ecb34d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-1, Quarantined, [3a0ae086bbc1db5b7c020075d72c53ad],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-11, Quarantined, [c77d6bfb3c40280e1767c4b12ad9b14f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-2, Quarantined, [2f15cb9bbebefb3b631b1362f40f2ed2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-3, Quarantined, [5ce878eebfbdb086730b225325de04fc],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-4, Quarantined, [a99b2f37cfad1f171a64b5c0c73c43bd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-5, Quarantined, [68dc392d780421153c42caab49badb25],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-5_user, Quarantined, [281c2046631969cd334baacb17ecdd23],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-6, Quarantined, [a1a31c4adf9d9f97fa847104d42f2ad6],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-7, Quarantined, [ed57174fc9b38aac87f78ee73ac90000],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\3b919633-fcc1-4c77-82e3-ea433135d2e1, Quarantined, [f0545d09eb910630640d904526de02fe],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\c406c112-89b8-4d29-9704-35feec7c6fa9, Quarantined, [2d17392dcab2df57482912c3a65e04fc],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\f52dd56e-3282-4c74-83b5-4bb0af756867.crx, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1293297481.mxaddon, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836.crx, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\1379f1f4-8949-403d-b1df-932d707ac836.xpi, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Newtonsoft.Json.dll, Delete-on-Reboot, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\SuperSocket.ClientEngine.Common.dll, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\SuperSocket.ClientEngine.Core.dll, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\SuperSocket.ClientEngine.Protocol.dll, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Uninstall.exe, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\WebSocket4Net.dll, Delete-on-Reboot, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\3b919633-fcc1-4c77-82e3-ea433135d2e1.exe, Delete-on-Reboot, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\4a86abde-9253-4341-913a-35f84b2dba37.crx, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\background.html, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\bgNova.html, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\c06fbf72-15d4-4504-a75c-a757cfcc4d3f.dll, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11.ico, Quarantined, [1232491d4735b284930e232ee51e2cd4],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\background.html, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\chromeCoreFilesIndex.txt, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\manifest.json, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\popup.html, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\Settings.json, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\manifest.xml, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins.json, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\246.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\102.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\104.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\119.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\123.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\13.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\14.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\17.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\178.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\179.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\180.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\184.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\189.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\19.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\191.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\195.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\200.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\217.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\220.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\221.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\223.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\231.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\232.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\234.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\242.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\244.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\260.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\262.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\263.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\267.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\273.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\275.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\281.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\286.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\288.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\289.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\291.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\300.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\302.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\315.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\4.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\47.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\64.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\7.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\78.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\80.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\9.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\91.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\93.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\97.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\userCode\background.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\userCode\extension.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\icons\icon128.png, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\icons\icon16.png, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\icons\icon48.png, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\icons\actions\1.png, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\34db3593306a02b9b59b86399dfd08d7.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\43b2181ea239405cf5a6835de5bdad69.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\main.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\api\12b5e6067c0dfcc9ab808b9a4ff75a6d.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\api\6a1054cf6d1f0c2099d212fe76fa270a.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\api\82a19e79195df460b33223d9b3196aee.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\api\90567660d1f2d7568435100a8d3a81be.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\api\bd76b16a1d9a7af1ee8037baace9c2e6.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\api\pageAction.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\14fcf79fb4b49c3d79c1c733f7c8b39f.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\331c4533cbb92b48d4c1cb7b70c3f4d2.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\35ebda19cf6eb67d62b04586e00c0d6f.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\69af52bc5238a797d0bddbff4879c42a.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\71e4bf57dd4d1be476c2f926f4e41965.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\86b56fc590ef8da67ca11244352cd54f.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\882ac0e231a5be980e85e46157e77d25.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\973dfb61df3a02ba15f7b5db4e5d738b.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\a5c918c0dfa5f04ee631344e254da7f1.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\af91c040df9d0e996205a408b5db1d54.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\app_api.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\b89a33d619025180535d2dad66712b36.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\bfd146944e77e70bcbc8293b1c7d0d21.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\c88368c4d5302b148a06c993b53f8341.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\d4fd6eec029b8b27176e59f1aa848e54.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\installer.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\popupResource\newPopup.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\popupResource\popup.js, Quarantined, [4103c79fe19bc4723282c78ce41fe51b],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Ran Farbar:  Here are the two requested Text Files

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014
Ran by User (administrator) on 16KXXN1 on 23-12-2014 22:40:08
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-08-16] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077880 2013-01-22] (Dell Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1875048 2010-07-28] ()
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel® Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111488 2013-01-23] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-1237201577-3454306764-4109017275-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-13] (Google Inc.)
HKU\S-1-5-21-1237201577-3454306764-4109017275-1000\...\RunOnce: [Adobe Speed Launcher] => 1419395420
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1237201577-3454306764-4109017275-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000 -> {85E97AC5-9A64-47E5-BDA2-91C7A41EB629} URL = https://www.google.c...?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=55&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&SSPV=
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-13]
CHR Extension: (bldlebdchfchnclgjhehlijjdeagejfh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldlebdchfchnclgjhehlijjdeagejfh [2014-12-21]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-13]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-13]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp [2014-12-22]
CHR Extension: (PlumoWeb) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fblgmlnefjkbjeljckfnfjabcdnkdkbb [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-13]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-13]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280952 2013-01-22] (Dell Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 22:40 - 2014-12-23 22:40 - 00013986 _____ () C:\Users\User\Desktop\FRST.txt
2014-12-23 22:39 - 2014-12-23 22:40 - 00000000 ____D () C:\FRST
2014-12-23 22:12 - 2014-12-23 22:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-23 22:12 - 2014-12-23 22:31 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-23 22:12 - 2014-12-23 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-23 22:12 - 2014-12-23 22:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-23 22:12 - 2014-12-23 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-23 22:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-23 22:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-23 22:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-23 22:07 - 2014-12-23 22:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-23 22:03 - 2014-12-23 22:03 - 02122240 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-12-22 00:33 - 2014-12-22 00:33 - 00000000 ____D () C:\Windows\ERUNT
2014-12-22 00:28 - 2014-12-22 00:28 - 01707646 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-12-22 00:21 - 2014-12-22 00:31 - 00000000 ____D () C:\AdwCleaner
2014-12-22 00:19 - 2014-12-22 00:20 - 02173952 _____ () C:\Users\User\Desktop\adwcleaner_4.106.exe
2014-12-22 00:19 - 2014-12-22 00:19 - 02173952 _____ () C:\Users\User\Downloads\adwcleaner_4.106.exe
2014-12-21 23:56 - 2014-12-21 23:56 - 00000000 ____D () C:\_OTL
2014-12-21 23:40 - 2014-12-21 23:40 - 00000000 _____ () C:\Users\User\Downloads\rkill_com.f0xjrvc.partial
2014-12-21 23:39 - 2014-12-21 23:39 - 00000000 _____ () C:\Users\User\Downloads\rkill_exe.iyjpuoh.partial
2014-12-21 23:38 - 2014-12-21 23:38 - 00000000 _____ () C:\Users\User\Downloads\rkill_scr.4j6v2bd.partial
2014-12-21 21:17 - 2014-12-21 21:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-21 19:30 - 2014-12-21 20:05 - 00032498 _____ () C:\Users\User\Desktop\Extras.Txt
2014-12-21 19:29 - 2014-12-22 00:06 - 00074760 _____ () C:\Users\User\Desktop\OTL.Txt
2014-12-21 19:24 - 2014-12-21 19:24 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-12-21 15:50 - 2014-12-21 15:50 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-21 15:45 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 15:45 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-21 15:32 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-21 15:32 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-21 15:32 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-21 15:32 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-21 15:32 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-21 15:32 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-21 15:32 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-21 15:32 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-21 15:32 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-21 15:32 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-20 18:02 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-20 18:02 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-20 18:02 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-20 18:02 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-20 18:02 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-20 18:02 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-20 18:02 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-20 18:02 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-20 18:02 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-20 18:02 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-20 18:02 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-20 18:02 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-20 18:02 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-20 18:02 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-20 18:02 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-20 18:02 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-20 18:02 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-20 18:02 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-20 18:02 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-20 18:02 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-20 18:02 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-20 18:02 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-20 18:02 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-20 18:02 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-20 18:02 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-20 18:02 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-20 18:02 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-20 18:02 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-20 18:02 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-20 18:02 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-20 18:02 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-20 18:02 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-20 18:02 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-20 18:02 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-20 18:02 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-20 18:02 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-20 18:02 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-20 18:02 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-20 18:02 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-20 18:02 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-20 18:02 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-20 18:02 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-20 18:02 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-20 18:02 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-20 18:02 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-20 18:02 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-20 18:02 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-20 18:02 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-20 18:02 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-20 18:02 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-20 18:02 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-20 18:02 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-20 18:02 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-20 18:02 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-20 18:02 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-20 18:02 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-20 18:02 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-20 18:02 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-20 18:02 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-20 18:02 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-20 18:02 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-20 18:02 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-20 18:02 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-20 18:02 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-20 18:01 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-20 17:59 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-20 17:59 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-20 17:59 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-20 17:59 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-20 17:59 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-20 17:59 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-20 17:59 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-20 17:59 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-20 17:59 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-20 17:59 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-20 17:59 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-20 17:59 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-20 17:59 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-20 17:59 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-11-27 08:38 - 2014-11-27 08:38 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2014-11-27 08:38 - 2014-11-27 08:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrH_01009.Wdf
2014-11-27 08:38 - 2014-11-27 08:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\itesing

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 22:37 - 2009-07-13 22:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 22:37 - 2009-07-13 22:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 22:34 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 22:33 - 2014-08-12 12:27 - 01518287 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 22:30 - 2014-08-12 13:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-23 22:29 - 2014-08-13 12:13 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 22:29 - 2010-11-20 21:47 - 00208826 _____ () C:\Windows\PFRO.log
2014-12-23 22:29 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 22:29 - 2009-07-13 22:51 - 00039570 _____ () C:\Windows\setupact.log
2014-12-23 22:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-12-23 22:28 - 2014-08-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-23 22:24 - 2014-08-13 12:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 21:55 - 2014-08-13 12:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-23 21:05 - 2014-08-24 21:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 21:58 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-22 00:31 - 2014-11-02 20:34 - 00001104 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-12-22 00:31 - 2014-11-02 20:34 - 00001074 _____ () C:\Users\User\Desktop\Search.lnk
2014-12-21 23:07 - 2014-08-12 14:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-12-21 21:23 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini
2014-12-21 17:04 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-21 15:50 - 2014-08-13 21:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-21 15:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-21 15:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-21 15:31 - 2014-08-13 12:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-21 15:31 - 2014-08-13 12:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-21 15:31 - 2014-08-13 12:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-20 18:03 - 2014-08-13 12:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-20 18:02 - 2014-08-12 13:48 - 00002431 _____ () C:\freefallprotection.log
2014-12-20 18:02 - 2014-08-12 13:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-27 08:34 - 2014-09-27 10:47 - 00000000 ____D () C:\Users\User\Documents\The Colorful Peacock
2014-11-27 07:02 - 2009-07-13 22:45 - 00437848 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-20 19:16

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2014
Ran by User at 2014-12-23 22:40:35
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation)
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.056 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1237201577-3454306764-4109017275-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5922 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13530 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5922 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
RICOH Media Driver ver.2.11.01.02 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.11.01.02 - RICOH)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.3102 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\User\AppData\Roaming\itesing\procol.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

18-10-2014 10:19:01 Windows Update
27-10-2014 20:36:23 Windows Update
09-11-2014 21:23:37 Windows Update
22-11-2014 13:03:00 Windows Update
22-11-2014 17:16:16 Windows Update
27-11-2014 08:50:53 Windows Update
20-12-2014 17:51:55 Windows Update
20-12-2014 18:01:31 Removed AccelerometerP11
21-12-2014 15:30:04 Windows Update
21-12-2014 23:56:38 OTL Restore Point - 12/21/2014 11:56:37 PM
22-12-2014 17:47:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-12-21 23:57 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03334393-3C83-4B00-B6B8-AE9CEB6705A2} - System32\Tasks\{2D2A6FEC-A19E-4046-BF7D-032455C71C8E} => pcalua.exe -a C:\Users\User\AppData\Roaming\istart123\UninstallManager.exe -c  -ptid=tugs
Task: {18D9A504-97D2-4419-870A-9D18D11ECC05} - \1379f1f4-8949-403d-b1df-932d707ac836-5_user No Task File <==== ATTENTION
Task: {419C4001-4E0F-431C-976B-116E0701C24E} - \1379f1f4-8949-403d-b1df-932d707ac836-3 No Task File <==== ATTENTION
Task: {4E87E836-A020-4433-9929-CB29E825BF73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {601E60E7-6D8F-4C6D-852A-EF1100504930} - \1379f1f4-8949-403d-b1df-932d707ac836-1 No Task File <==== ATTENTION
Task: {645B0850-3C2E-4576-85A6-E536FB0C65E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7787AC15-F4DE-45CA-BF3E-F1F95ED1E0F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21] (Adobe Systems Incorporated)
Task: {78A8B8A4-9D9F-45FD-B550-AAEF79D1D537} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8C02E114-2809-4906-A04C-C286D105DA95} - \1379f1f4-8949-403d-b1df-932d707ac836-4 No Task File <==== ATTENTION
Task: {8E29B09A-F06A-4F90-BBFC-0E0F565BA1FB} - \1379f1f4-8949-403d-b1df-932d707ac836-5 No Task File <==== ATTENTION
Task: {9AC77B7A-4495-455F-BB66-536FDEAA22CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A0B13669-F548-4D3E-82FA-1387B76E03A8} - \1379f1f4-8949-403d-b1df-932d707ac836-7 No Task File <==== ATTENTION
Task: {B7A8569D-D132-4DC4-908C-45B6286477AD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {BC2FAA74-5FEA-4105-A6FF-11DB0A36FDA2} - \1379f1f4-8949-403d-b1df-932d707ac836-6 No Task File <==== ATTENTION
Task: {C6C1DC6A-6D28-4313-8306-CF174882C513} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {D5921118-98F6-4641-9A47-FC747AB731B2} - \1379f1f4-8949-403d-b1df-932d707ac836-11 No Task File <==== ATTENTION
Task: {DBBACCDA-973B-4FEC-896F-9746D975CC59} - \1379f1f4-8949-403d-b1df-932d707ac836-2 No Task File <==== ATTENTION
Task: {F6FB5D13-4E22-49F0-A39F-DB0E525248B0} - \3b919633-fcc1-4c77-82e3-ea433135d2e1 No Task File <==== ATTENTION
Task: {FFA9D3F8-BE0A-466B-B9C2-A1718A9B159E} - \c406c112-89b8-4d29-9704-35feec7c6fa9 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-10-21 20:26 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-24 21:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-01-08 16:00 - 2010-01-08 16:00 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1237201577-3454306764-4109017275-500 - Administrator - Disabled)
Guest (S-1-5-21-1237201577-3454306764-4109017275-501 - Limited - Disabled)
User (S-1-5-21-1237201577-3454306764-4109017275-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2014 10:30:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 10:05:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:05:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 01:58:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21632705

Error: (12/23/2014 01:58:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21632705

Error: (12/23/2014 01:58:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 01:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21617089

Error: (12/23/2014 01:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21617089

Error: (12/23/2014 01:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 07:46:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (12/23/2014 10:32:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (12/23/2014 10:30:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/23/2014 10:07:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (12/23/2014 10:05:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/23/2014 05:00:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

Error: (12/23/2014 07:02:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (12/23/2014 07:00:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/23/2014 06:59:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:01:22 AM on ‎12/‎23/‎2014 was unexpected.

Error: (12/22/2014 05:54:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (12/22/2014 05:53:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (12/23/2014 10:30:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 10:05:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:05:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 01:58:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21632705

Error: (12/23/2014 01:58:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21632705

Error: (12/23/2014 01:58:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 01:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21617089

Error: (12/23/2014 01:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21617089

Error: (12/23/2014 01:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 07:46:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\FWRmder.exe

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 35%
Total physical RAM: 3957.83 MB
Available physical RAM: 2564.56 MB
Total Pagefile: 7913.84 MB
Available Pagefile: 6123.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:192.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 8777D99D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Yea, I think I did it!


  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello.

Looks good some clean up to do, and I want to reset the Chrome browser. Instructions to follow: Take your time...



A few items to fix using FRST

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1237201577-3454306764-4109017275-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=55&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&SSPV=
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
2014-12-22 00:31 - 2014-11-02 20:34 - 00001074 _____ () C:\Users\User\Desktop\Search.lnk
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\User\AppData\Roaming\itesing\procol.dll () <==== ATTENTION
Task: {18D9A504-97D2-4419-870A-9D18D11ECC05} - \1379f1f4-8949-403d-b1df-932d707ac836-5_user No Task File <==== ATTENTION
Task: {419C4001-4E0F-431C-976B-116E0701C24E} - \1379f1f4-8949-403d-b1df-932d707ac836-3 No Task File <==== ATTENTION
Task: {601E60E7-6D8F-4C6D-852A-EF1100504930} - \1379f1f4-8949-403d-b1df-932d707ac836-1 No Task File <==== ATTENTION
Task: {8C02E114-2809-4906-A04C-C286D105DA95} - \1379f1f4-8949-403d-b1df-932d707ac836-4 No Task File <==== ATTENTION
Task: {8E29B09A-F06A-4F90-BBFC-0E0F565BA1FB} - \1379f1f4-8949-403d-b1df-932d707ac836-5 No Task File <==== ATTENTION
Task: {A0B13669-F548-4D3E-82FA-1387B76E03A8} - \1379f1f4-8949-403d-b1df-932d707ac836-7 No Task File <==== ATTENTION
Task: {BC2FAA74-5FEA-4105-A6FF-11DB0A36FDA2} - \1379f1f4-8949-403d-b1df-932d707ac836-6 No Task File <==== ATTENTION
Task: {D5921118-98F6-4641-9A47-FC747AB731B2} - \1379f1f4-8949-403d-b1df-932d707ac836-11 No Task File <==== ATTENTION
Task: {DBBACCDA-973B-4FEC-896F-9746D975CC59} - \1379f1f4-8949-403d-b1df-932d707ac836-2 No Task File <==== ATTENTION
Task: {F6FB5D13-4E22-49F0-A39F-DB0E525248B0} - \3b919633-fcc1-4c77-82e3-ea433135d2e1 No Task File <==== ATTENTION
Task: {FFA9D3F8-BE0A-466B-B9C2-A1718A9B159E} - \c406c112-89b8-4d29-9704-35feec7c6fa9 No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please reset chrome browser,
Please follow these instructions here to reset chrome.
  • 0

#22
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Saved to Notepad and ran FRST64 using "Fix".  Below is the generated "Fixlog.txt".

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2014
Ran by User at 2014-12-24 15:00:54 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1237201577-3454306764-4109017275-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=55&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&SSPV=
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
2014-12-22 00:31 - 2014-11-02 20:34 - 00001074 _____ () C:\Users\User\Desktop\Search.lnk
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\User\AppData\Roaming\itesing\procol.dll () <==== ATTENTION
Task: {18D9A504-97D2-4419-870A-9D18D11ECC05} - \1379f1f4-8949-403d-b1df-932d707ac836-5_user No Task File <==== ATTENTION
Task: {419C4001-4E0F-431C-976B-116E0701C24E} - \1379f1f4-8949-403d-b1df-932d707ac836-3 No Task File <==== ATTENTION
Task: {601E60E7-6D8F-4C6D-852A-EF1100504930} - \1379f1f4-8949-403d-b1df-932d707ac836-1 No Task File <==== ATTENTION
Task: {8C02E114-2809-4906-A04C-C286D105DA95} - \1379f1f4-8949-403d-b1df-932d707ac836-4 No Task File <==== ATTENTION
Task: {8E29B09A-F06A-4F90-BBFC-0E0F565BA1FB} - \1379f1f4-8949-403d-b1df-932d707ac836-5 No Task File <==== ATTENTION
Task: {A0B13669-F548-4D3E-82FA-1387B76E03A8} - \1379f1f4-8949-403d-b1df-932d707ac836-7 No Task File <==== ATTENTION
Task: {BC2FAA74-5FEA-4105-A6FF-11DB0A36FDA2} - \1379f1f4-8949-403d-b1df-932d707ac836-6 No Task File <==== ATTENTION
Task: {D5921118-98F6-4641-9A47-FC747AB731B2} - \1379f1f4-8949-403d-b1df-932d707ac836-11 No Task File <==== ATTENTION
Task: {DBBACCDA-973B-4FEC-896F-9746D975CC59} - \1379f1f4-8949-403d-b1df-932d707ac836-2 No Task File <==== ATTENTION
Task: {F6FB5D13-4E22-49F0-A39F-DB0E525248B0} - \3b919633-fcc1-4c77-82e3-ea433135d2e1 No Task File <==== ATTENTION
Task: {FFA9D3F8-BE0A-466B-B9C2-A1718A9B159E} - \c406c112-89b8-4d29-9704-35feec7c6fa9 No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1237201577-3454306764-4109017275-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome HomePage deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
C:\Users\User\Desktop\Search.lnk => Moved successfully.
C:\Users\User\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18D9A504-97D2-4419-870A-9D18D11ECC05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18D9A504-97D2-4419-870A-9D18D11ECC05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{419C4001-4E0F-431C-976B-116E0701C24E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{419C4001-4E0F-431C-976B-116E0701C24E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{601E60E7-6D8F-4C6D-852A-EF1100504930}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{601E60E7-6D8F-4C6D-852A-EF1100504930}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C02E114-2809-4906-A04C-C286D105DA95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C02E114-2809-4906-A04C-C286D105DA95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E29B09A-F06A-4F90-BBFC-0E0F565BA1FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E29B09A-F06A-4F90-BBFC-0E0F565BA1FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0B13669-F548-4D3E-82FA-1387B76E03A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0B13669-F548-4D3E-82FA-1387B76E03A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC2FAA74-5FEA-4105-A6FF-11DB0A36FDA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC2FAA74-5FEA-4105-A6FF-11DB0A36FDA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5921118-98F6-4641-9A47-FC747AB731B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5921118-98F6-4641-9A47-FC747AB731B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBBACCDA-973B-4FEC-896F-9746D975CC59}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBBACCDA-973B-4FEC-896F-9746D975CC59}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6FB5D13-4E22-49F0-A39F-DB0E525248B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6FB5D13-4E22-49F0-A39F-DB0E525248B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3b919633-fcc1-4c77-82e3-ea433135d2e1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FFA9D3F8-BE0A-466B-B9C2-A1718A9B159E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFA9D3F8-BE0A-466B-B9C2-A1718A9B159E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c406c112-89b8-4d29-9704-35feec7c6fa9" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 284.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 15:01:13 ====

 

Moving on to follow Chrome reset instructions.


  • 0

#23
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Believe Chrome browser has been "Reset".  When opening there was warning language regarding something like "Certificate not validated - at risk, etc."  None of this language appears after completing the "Reset" and re-entering the Chrome browser. 


  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
OK

Almost done we need to run an online scan. This scan could take a very long time. This scan will also find items that have already been quarantined so don't be alarmed if it looks big. I will look at the scan results and see if there are any concerns and address them. After we will remove all the tools and log files that have been created

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

  • 0

#25
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the ESET file.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2014
Ran by User at 2014-12-24 15:00:54 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1237201577-3454306764-4109017275-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=55&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&SSPV=
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
2014-12-22 00:31 - 2014-11-02 20:34 - 00001074 _____ () C:\Users\User\Desktop\Search.lnk
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\User\AppData\Roaming\itesing\procol.dll () <==== ATTENTION
Task: {18D9A504-97D2-4419-870A-9D18D11ECC05} - \1379f1f4-8949-403d-b1df-932d707ac836-5_user No Task File <==== ATTENTION
Task: {419C4001-4E0F-431C-976B-116E0701C24E} - \1379f1f4-8949-403d-b1df-932d707ac836-3 No Task File <==== ATTENTION
Task: {601E60E7-6D8F-4C6D-852A-EF1100504930} - \1379f1f4-8949-403d-b1df-932d707ac836-1 No Task File <==== ATTENTION
Task: {8C02E114-2809-4906-A04C-C286D105DA95} - \1379f1f4-8949-403d-b1df-932d707ac836-4 No Task File <==== ATTENTION
Task: {8E29B09A-F06A-4F90-BBFC-0E0F565BA1FB} - \1379f1f4-8949-403d-b1df-932d707ac836-5 No Task File <==== ATTENTION
Task: {A0B13669-F548-4D3E-82FA-1387B76E03A8} - \1379f1f4-8949-403d-b1df-932d707ac836-7 No Task File <==== ATTENTION
Task: {BC2FAA74-5FEA-4105-A6FF-11DB0A36FDA2} - \1379f1f4-8949-403d-b1df-932d707ac836-6 No Task File <==== ATTENTION
Task: {D5921118-98F6-4641-9A47-FC747AB731B2} - \1379f1f4-8949-403d-b1df-932d707ac836-11 No Task File <==== ATTENTION
Task: {DBBACCDA-973B-4FEC-896F-9746D975CC59} - \1379f1f4-8949-403d-b1df-932d707ac836-2 No Task File <==== ATTENTION
Task: {F6FB5D13-4E22-49F0-A39F-DB0E525248B0} - \3b919633-fcc1-4c77-82e3-ea433135d2e1 No Task File <==== ATTENTION
Task: {FFA9D3F8-BE0A-466B-B9C2-A1718A9B159E} - \c406c112-89b8-4d29-9704-35feec7c6fa9 No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1237201577-3454306764-4109017275-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome HomePage deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
C:\Users\User\Desktop\Search.lnk => Moved successfully.
C:\Users\User\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-1237201577-3454306764-4109017275-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18D9A504-97D2-4419-870A-9D18D11ECC05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18D9A504-97D2-4419-870A-9D18D11ECC05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{419C4001-4E0F-431C-976B-116E0701C24E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{419C4001-4E0F-431C-976B-116E0701C24E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{601E60E7-6D8F-4C6D-852A-EF1100504930}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{601E60E7-6D8F-4C6D-852A-EF1100504930}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C02E114-2809-4906-A04C-C286D105DA95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C02E114-2809-4906-A04C-C286D105DA95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E29B09A-F06A-4F90-BBFC-0E0F565BA1FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E29B09A-F06A-4F90-BBFC-0E0F565BA1FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0B13669-F548-4D3E-82FA-1387B76E03A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0B13669-F548-4D3E-82FA-1387B76E03A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC2FAA74-5FEA-4105-A6FF-11DB0A36FDA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC2FAA74-5FEA-4105-A6FF-11DB0A36FDA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5921118-98F6-4641-9A47-FC747AB731B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5921118-98F6-4641-9A47-FC747AB731B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBBACCDA-973B-4FEC-896F-9746D975CC59}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBBACCDA-973B-4FEC-896F-9746D975CC59}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1379f1f4-8949-403d-b1df-932d707ac836-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6FB5D13-4E22-49F0-A39F-DB0E525248B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6FB5D13-4E22-49F0-A39F-DB0E525248B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3b919633-fcc1-4c77-82e3-ea433135d2e1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FFA9D3F8-BE0A-466B-B9C2-A1718A9B159E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFA9D3F8-BE0A-466B-B9C2-A1718A9B159E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c406c112-89b8-4d29-9704-35feec7c6fa9" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 284.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:01:13 ====
  • 0

Advertisements


#26
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
That's a FRST Fix log.

ESET scan is or should be here, if you ran ESET.

C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).

Thanks
Joe :)
  • 0

#27
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Was rushing out the door. Wrong "paste". This is the "log.txt" from the specified location, it just looks so short given all previous text files.
Hopefully, it is the correct one.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
  • 0

#28
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

It's correct !

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • 0

#29
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Security Check Results, program ran "clean".

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Google Chrome 35.0.1916.114 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Looks good,

Google Chrome needs up-Dating see Here

If no other issues remain lets remove all the tools I had you download by doing the following exercise:

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.
Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP