Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have been remiss and MBAM found over 100 items. General cleanup ? [

astromenda

  • This topic is locked This topic is locked

#1
elkski

elkski

    Member

  • Member
  • PipPipPip
  • 144 posts

YEs I admit I haven't been running updates or scans and I just did and MBAM found over 100 things.. Nothing serious I hope but Astromenda is still opening up on my homepage.   I am available to work on this cleanup full time the next couple days.

 

You guys are always my goto place.

 

randy


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by Laptop (administrator) on LAPTOP-PC on 24-12-2014 19:45:53
Running from C:\Users\Laptop\Downloads
Loaded Profile: Laptop (Available profiles: Laptop & bart)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Akamai Technologies, Inc.) C:\Users\Laptop\AppData\Local\Akamai\netsession_win.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Akamai Technologies, Inc.) C:\Users\Laptop\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (2)\sldworks_fs.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Laptop\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Run: [DellSystemDetect] => C:\Users\Laptop\AppData\Local\Apps\2.0\N609R9OV.1BX\G5YDWZNB.ZP9\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-07-20] (Dell)
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\RunOnce: [Adobe Speed Launcher] => 1419346204
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk
ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=461703385&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=461703385&ir=
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rchTerms}&r=353
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=461703385&ir=
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF ProfilePath: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\t2mfldmg.default
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1790939574-762709250-2766489150-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Laptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\t2mfldmg.default\user.js
FF Extension: Bitdefender QuickScan - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\t2mfldmg.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-08-31]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-07]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0C0B0EzyyEzztGyE0DtCtCtGyC0F0FyBtGyEyCyDyCtGyC0BzyyCtC0EyE0D0DtDtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0DyCyD0F0B0FtGyEtC0A0EtGyEzytCyBtG0Azz0CyEtGyByD0DyDtDyByEyByBtByD0C2Q&cr=461703385&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0C0B0EzyyEzztGyE0DtCtCtGyC0F0FyBtGyEyCyDyCtGyC0BzyyCtC0EyE0D0DtDtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0DyCyD0F0B0FtGyEtC0A0EtGyEzytCyBtG0Azz0CyEtGyByD0DyDtDyByEyByBtByD0C2Q&cr=461703385&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-07]
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-07]
CHR Extension: (Google Search) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-07]
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-07]
CHR HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [77352 2013-03-28] (Dassault Systèmes SolidWorks Corp.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6237800 2010-04-30] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-09-05] (NVIDIA Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-12-02] (SolidWorks) [File not signed]
S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-24 19:45 - 2014-12-24 19:46 - 00022445 _____ () C:\Users\Laptop\Downloads\FRST.txt
2014-12-24 19:44 - 2014-12-24 19:45 - 00000000 ____D () C:\FRST
2014-12-24 19:44 - 2014-12-24 19:44 - 02122240 _____ (Farbar) C:\Users\Laptop\Downloads\FRST64.exe
2014-12-23 07:42 - 2014-12-23 07:42 - 00018705 _____ () C:\mbam detected.txt
2014-12-23 07:24 - 2014-12-24 17:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-23 07:24 - 2014-12-23 07:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-23 07:24 - 2014-12-23 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-23 07:23 - 2014-12-23 07:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-23 07:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-23 07:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 00:06 - 2014-12-17 00:06 - 00022528 _____ () C:\Users\Laptop\AppData\Local\dsisetup2287432982.exe
2014-12-13 20:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-10 08:37 - 2014-12-10 08:38 - 03677488 _____ (Logitech Inc.) C:\Users\Laptop\Downloads\SetPoint6.65.62_smart.exe
2014-12-10 08:36 - 2014-12-10 08:36 - 02566424 _____ (Logitech) C:\Users\Laptop\Downloads\G500sFlash-64.exe
2014-12-10 08:34 - 2014-12-10 08:35 - 02050328 _____ (Logitech) C:\Users\Laptop\Downloads\G500sFlash-32.exe
2014-12-08 12:23 - 2014-12-10 18:40 - 00000000 ____D () C:\AutoCAD 2015 Beyond the Basics Class Files
2014-12-08 07:59 - 2014-12-08 07:59 - 00000000 ____D () C:\Users\Laptop\Downloads\balearica
2014-12-08 07:46 - 2014-12-08 07:49 - 02310239 _____ () C:\Users\Laptop\Downloads\balearica (1).zip
2014-12-08 07:27 - 2014-12-08 07:29 - 02310239 _____ () C:\Users\Laptop\Downloads\balearica.zip
2014-12-01 17:06 - 2014-12-17 00:06 - 00000010 _____ () C:\Users\Laptop\AppData\Local\DSI.DAT
2014-12-01 17:06 - 2014-12-01 17:06 - 00022528 _____ () C:\Users\Laptop\AppData\Local\dsisetup2906464762.exe
2014-11-26 11:53 - 2014-11-26 11:53 - 00048330 _____ () C:\Users\Laptop\Documents\Aerial flap linkage 55.bak
2014-11-26 11:33 - 2014-11-26 11:35 - 00000277 _____ () C:\Users\Laptop\Documents\plot.log
2014-11-26 10:13 - 2014-11-26 22:19 - 00040093 _____ () C:\Users\Laptop\Documents\Aerial flap linkage 55.dwg
2014-11-25 17:08 - 2014-11-26 10:02 - 00042325 _____ () C:\Users\Laptop\Documents\Aerial flap linkage on btm skin.dwg
2014-11-25 17:08 - 2014-11-26 09:42 - 00037851 _____ () C:\Users\Laptop\Documents\Aerial flap linkage.dwg
2014-11-25 09:17 - 2014-11-25 09:17 - 02603008 _____ () C:\Users\Laptop\Downloads\15) Deposition.ppt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-24 19:41 - 2012-11-17 12:33 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{240E4B9B-B7D5-4AE5-9F7F-89B4F516F6CF}
2014-12-24 19:38 - 2013-10-01 08:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-24 19:27 - 2014-10-08 11:45 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1790939574-762709250-2766489150-1000.job
2014-12-24 19:13 - 2013-12-07 19:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 07:59 - 2012-11-17 12:15 - 01314509 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 22:13 - 2013-12-07 19:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 07:51 - 2009-07-13 21:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 07:51 - 2009-07-13 21:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 07:50 - 2014-09-24 10:07 - 00000000 ___RD () C:\Users\Laptop\Google Drive
2014-12-23 07:48 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 07:44 - 2013-11-27 16:47 - 00000000 ____D () C:\Windows\SolidWorks
2014-12-23 07:44 - 2012-12-11 20:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-23 07:44 - 2012-12-11 20:05 - 00303106 _____ () C:\Windows\PFRO.log
2014-12-23 07:44 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 07:44 - 2009-07-13 21:51 - 00053610 _____ () C:\Windows\setupact.log
2014-12-23 07:24 - 2014-01-10 11:10 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Malwarebytes
2014-12-23 07:23 - 2014-01-10 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 00:06 - 2013-12-19 01:36 - 00000181 _____ () C:\Users\Laptop\AppData\Roaming\WB.CFG
2014-12-13 08:09 - 2013-10-23 08:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-13 06:17 - 2014-10-08 11:45 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1790939574-762709250-2766489150-1000
2014-12-11 17:16 - 2013-12-07 19:19 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 20:38 - 2013-10-01 08:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 20:38 - 2013-10-01 08:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 20:38 - 2013-10-01 08:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 19:01 - 2013-11-27 16:29 - 00000000 ____D () C:\Users\Laptop\AppData\Local\cache
2014-12-05 16:20 - 2014-02-20 12:20 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\HpUpdate
2014-11-25 17:08 - 2014-01-30 21:08 - 00000000 ____D () C:\Users\Laptop\Documents\ACAD drawings
2014-11-24 16:55 - 2013-11-27 16:47 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\SolidWorks
 
Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\Temp\6_Offer_19.exe
C:\Users\Laptop\AppData\Local\Temp\Checkupdate.exe
C:\Users\Laptop\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Laptop\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Laptop\AppData\Local\Temp\GfxDbMash.dll
C:\Users\Laptop\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Laptop\AppData\Local\Temp\helper.exe
C:\Users\Laptop\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Laptop\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Laptop\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Laptop\AppData\Local\Temp\Quarantine.exe
C:\Users\Laptop\AppData\Local\Temp\sqlite3.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 00:28
 
==================== End Of Log ============================

  • 0

#4
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
Ran by Laptop at 2014-12-24 19:47:19
Running from C:\Users\Laptop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.31.1111 - Foxit Corporation)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell System Detect Bootstrapper (HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\8e3135b376bd523e) (Version: 5.1.0.41 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version:  - )
Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 6.4.8.2093 (HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\GoToMeeting) (Version: 6.4.8.2093 - CitrixOnline)
GreatArcadeHits (HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{29B1CB33-32C3-4762-85DA-8CEADDC36EA7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5922 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.2.5.0 - NVIDIA Corporation)
NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{B1D45D48-A4D4-495F-A693-681EA9846754}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
SolidProfessor (HKLM\...\{D2B100E4-86A8-44C1-AF53-3B534CDF089C}) (Version: 1.0.0 - SolidProfessor)
SolidWorks 2013 x64 Edition SP03 (HKLM-x32\...\SolidWorks Installation Manager 20130-40300-1100-100) (Version: 21.3.0.60 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP03 (Version: 21.130.60 - SolidWorks) Hidden
SolidWorks eDrawings 2013 x64 Edition SP03 (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP03 x64 Edition (Version: 21.30.60 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP03 x64 Edition (Version: 21.30.60 - SolidWorks Corporation) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version:  - )
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1790939574-762709250-2766489150-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1790939574-762709250-2766489150-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1790939574-762709250-2766489150-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1790939574-762709250-2766489150-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1790939574-762709250-2766489150-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Restore Points  =========================
 
23-11-2014 07:36:46 Windows Update
26-11-2014 16:36:59 Windows Update
30-11-2014 08:33:52 Windows Update
03-12-2014 09:22:42 Windows Update
07-12-2014 09:22:49 Windows Update
08-12-2014 07:57:29 Removed WinZip 18.5
11-12-2014 19:02:30 Windows Update
15-12-2014 08:48:55 Windows Update
19-12-2014 08:46:55 Windows Update
23-12-2014 07:31:14 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {5782CC16-52F9-4F3C-9EC4-1BB617F50019} - \UpdaterEX No Task File <==== ATTENTION
Task: {64E36CC5-5E3E-4DFD-A3BE-D73ADFA64CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {69371B8A-6E11-49EC-A5B7-F273454C0B3F} - System32\Tasks\{D2A9BBCC-87D5-48E2-9FBC-99750D18C2E5} => pcalua.exe -a C:\Users\Laptop\Desktop\sw\SW2013_SP0.0_64bits_Crack_[hispargentino]\SW2013_SP0.0_[hispargentino]\setup.exe -d C:\Users\Laptop\Desktop\sw\SW2013_SP0.0_64bits_Crack_[hispargentino]\SW2013_SP0.0_[hispargentino]
Task: {7068124D-9EB8-4BAE-B59D-FA7CB4853ACC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {7311F00B-9D80-46EF-B06B-58968945AD35} - System32\Tasks\G2MUpdateTask-S-1-5-21-1790939574-762709250-2766489150-1000 => C:\Users\Laptop\AppData\Local\Citrix\GoToMeeting\2093\g2mupdate.exe [2014-12-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {8FA821A4-45CB-4A79-B381-1D27061213F1} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {BD8A1012-738A-4888-ADC9-85C203CD9B94} - \GreatArcadeHits No Task File <==== ATTENTION
Task: {E2B04AB2-7E1D-4BE1-9D77-A381671F03C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {EC6783E1-C203-4320-A0D3-67585C099A06} - System32\Tasks\{AE1AB881-EEFC-4FCF-82C8-30F65BCDDA81} => pcalua.exe -a C:\dell\drivers\R243252\setup.exe -d C:\dell\drivers\R243252
Task: {FD2657A8-DDA7-489E-B2A1-5233A857B031} - System32\Tasks\{6AEC449D-30AD-47A3-AA89-DC045A3EAD92} => pcalua.exe -a C:\Users\Laptop\Downloads\QuickTimeInstaller.exe -d C:\Users\Laptop\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1790939574-762709250-2766489150-1000.job => C:\Users\Laptop\AppData\Local\Citrix\GoToMeeting\2093\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-08 12:56 - 2013-08-29 15:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-04-30 05:52 - 2010-04-30 05:52 - 06237800 _____ () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2013-08-29 13:00 - 2013-09-05 02:36 - 02493728 _____ () C:\Program Files\NVIDIA Corporation\nView\nview64.dll
2013-08-29 12:19 - 2012-09-05 11:51 - 00686744 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2013-08-29 13:00 - 2013-09-05 02:37 - 00496928 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-03-28 21:34 - 2013-03-28 21:34 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (2)\sldBodyDiffu.dll
2013-08-29 13:00 - 2013-09-05 02:36 - 02151712 _____ () C:\Program Files\NVIDIA Corporation\nView\nview.dll
2014-12-23 07:50 - 2014-12-23 07:50 - 00098816 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32api.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00110080 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\pywintypes27.dll
2014-12-23 07:50 - 2014-12-23 07:50 - 00364544 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\pythoncom27.dll
2014-12-23 07:50 - 2014-12-23 07:50 - 00045568 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\_socket.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 01160704 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\_ssl.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00320512 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32com.shell.shell.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00713216 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\_hashlib.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 01175040 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\wx._core_.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00805888 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\wx._gdi_.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00811008 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\wx._windows_.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 01062400 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\wx._controls_.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00735232 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\wx._misc_.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00128512 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\_elementtree.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00127488 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\pyexpat.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00557056 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\pysqlite2._sqlite.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00087552 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\_ctypes.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00119808 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32file.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00108544 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32security.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00007168 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\hashobjs_ext.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00167936 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32gui.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00018432 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32event.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00038912 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32inet.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00011264 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32crypt.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00070656 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\wx._html2.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00027136 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\_multiprocessing.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00035840 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32process.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00686080 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\unicodedata.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00122368 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\wx._wizard.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00024064 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32pipe.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00025600 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32pdh.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00525640 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\windows._lib_cacheinvalidation.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00010240 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\select.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00017408 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32profile.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00022528 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\win32ts.pyd
2014-12-23 07:50 - 2014-12-23 07:50 - 00078336 _____ () C:\Users\Laptop\AppData\Local\Temp\_MEI47722\wx._animate.pyd
2014-12-11 17:15 - 2014-12-05 18:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 17:15 - 2014-12-05 18:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 17:15 - 2014-12-05 18:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 17:15 - 2014-12-05 18:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-11 17:15 - 2014-12-05 18:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1790939574-762709250-2766489150-500 - Administrator - Disabled)
bart (S-1-5-21-1790939574-762709250-2766489150-1003 - Administrator - Enabled) => C:\Users\bart
Guest (S-1-5-21-1790939574-762709250-2766489150-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1790939574-762709250-2766489150-1002 - Limited - Enabled)
Laptop (S-1-5-21-1790939574-762709250-2766489150-1000 - Administrator - Enabled) => C:\Users\Laptop
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Broadcom USH
Description: Broadcom USH
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/17/2014 00:06:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsisetup2287432982.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: dsisetup2287432982.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00002810
Faulting process id: 0xf48
Faulting application start time: 0xdsisetup2287432982.exe0
Faulting application path: dsisetup2287432982.exe1
Faulting module path: dsisetup2287432982.exe2
Report Id: dsisetup2287432982.exe3
 
Error: (12/13/2014 08:08:17 AM) (Source: MsiInstaller) (EventID: 1024) (User: Laptop-PC)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (12/09/2014 11:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4
Faulting module name: python27.dll, version: 2.7.6150.1013, time stamp: 0x53908705
Exception code: 0xc0000005
Fault offset: 0x000a312e
Faulting process id: 0x125c
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
 
Error: (12/01/2014 05:06:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsisetup2906464762.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: dsisetup2906464762.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00002810
Faulting process id: 0x1b0c
Faulting application start time: 0xdsisetup2906464762.exe0
Faulting application path: dsisetup2906464762.exe1
Faulting module path: dsisetup2906464762.exe2
Report Id: dsisetup2906464762.exe3
 
Error: (10/25/2014 06:55:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 7.0.670.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11e8
 
Start Time: 01cff05a4eefef55
 
Termination Time: 218
 
Application Path: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
 
Report Id:
 
Error: (10/25/2014 06:47:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 7.0.670.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1abc
 
Start Time: 01cff059f67af793
 
Termination Time: 219
 
Application Path: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
 
Report Id:
 
Error: (10/25/2014 06:39:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 7.0.670.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1918
 
Start Time: 01cff0575e1bc1db
 
Termination Time: 156
 
Application Path: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
 
Report Id:
 
Error: (10/25/2014 06:26:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 7.0.670.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7f8
 
Start Time: 01cff05429b3fbf9
 
Termination Time: 266
 
Application Path: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
 
Report Id:
 
Error: (10/15/2014 10:07:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UPDATE~1.EXE, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bda75
Exception code: 0xc0000005
Fault offset: 0x60262505
Faulting process id: 0x3bf0
Faulting application start time: 0xUPDATE~1.EXE0
Faulting application path: UPDATE~1.EXE1
Faulting module path: UPDATE~1.EXE2
Report Id: UPDATE~1.EXE3
 
Error: (10/04/2014 07:59:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 73985892
 
 
System errors:
=============
Error: (12/23/2014 07:44:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 
%%2
 
Error: (12/23/2014 07:17:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 
%%2
 
Error: (12/14/2014 08:45:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.189.1985.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (12/14/2014 08:34:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 
%%2
 
Error: (12/14/2014 08:16:09 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.189.1985.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (12/13/2014 08:05:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 
%%2
 
Error: (12/10/2014 06:50:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 
%%2
 
Error: (12/08/2014 07:17:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 
%%2
 
Error: (12/02/2014 09:11:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 
%%2
 
Error: (11/28/2014 08:22:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (12/17/2014 00:06:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsisetup2287432982.exe0.0.0.02a425e19dsisetup2287432982.exe0.0.0.02a425e19c000000500002810f4801d019c7f97a8229C:\Users\Laptop\AppData\Local\dsisetup2287432982.exeC:\Users\Laptop\AppData\Local\dsisetup2287432982.exe3a27d2c7-85bb-11e4-ade1-f07bcbab03a4
 
Error: (12/13/2014 08:08:17 AM) (Source: MsiInstaller) (EventID: 1024) (User: Laptop-PC)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)
 
Error: (12/09/2014 11:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: googledrivesync.exe1.18.7821.2489509418e4python27.dll2.7.6150.101353908705c0000005000a312e125c01d012f1d47c4893C:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Users\Laptop\AppData\Local\Temp\_MEI50802\python27.dll5b421fa7-8036-11e4-8479-f07bcbab03a4
 
Error: (12/01/2014 05:06:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsisetup2906464762.exe0.0.0.02a425e19dsisetup2906464762.exe0.0.0.02a425e19c0000005000028101b0c01d00dc3dc9918d8C:\Users\Laptop\AppData\Local\dsisetup2906464762.exeC:\Users\Laptop\AppData\Local\dsisetup2906464762.exe1cad3628-79b7-11e4-85be-f07bcbab03a4
 
Error: (10/25/2014 06:55:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe7.0.670.111e801cff05a4eefef55218C:\Program Files (x86)\Java\jre7\bin\javaw.exe
 
Error: (10/25/2014 06:47:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe7.0.670.11abc01cff059f67af793219C:\Program Files (x86)\Java\jre7\bin\javaw.exe
 
Error: (10/25/2014 06:39:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe7.0.670.1191801cff0575e1bc1db156C:\Program Files (x86)\Java\jre7\bin\javaw.exe
 
Error: (10/25/2014 06:26:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe7.0.670.17f801cff05429b3fbf9266C:\Program Files (x86)\Java\jre7\bin\javaw.exe
 
Error: (10/15/2014 10:07:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UPDATE~1.EXE0.0.0.02a425e19netprofm.dll_unloaded0.0.0.04a5bda75c0000005602625053bf001cfe8fee0683217C:\Users\Laptop\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXEnetprofm.dll45596821-54f2-11e4-b5f1-f07bcbab03a4
 
Error: (10/04/2014 07:59:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 73985892
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 820 @ 1.73GHz
Percentage of memory in use: 32%
Total physical RAM: 8181.83 MB
Available physical RAM: 5483.35 MB
Total Pagefile: 16361.84 MB
Available Pagefile: 13161 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:218.81 GB) (Free:128.63 GB) NTFS
Drive d: () (Fixed) (Total:19.53 GB) (Free:19.44 GB) NTFS
Drive f: (SolidWorks1) (CDROM) (Total:6.3 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 48E2F468)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

  • 0

#5
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

I have the java update suggesting I update but when I tried it didn't seem to finish.


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I have the java update suggesting I update but when I tried it didn't seem to finish.


Please don't update or download any new software while we are cleaning your machine as per my instructions here.
 

Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Cracked Software Warning and Program Uninstalls


There are signs in the logs of your machine having potentially illegal cracked Solid Works software. I wanted to ensure that you knew that we don't condone or support the use of such software and to suggest that you uninstall it.

Please uninstall the following programs as they are malware/adware related programs or are a risk to the security of your machine.

Akamai NetSession Interface

GreatArcadeHits



Step 2: Fix with FRST


Note: Before proceeding with this step, please move FRST64.exe from here C:\Users\Laptop\Downloads to your Desktop or the fix will not work.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=461703385&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=461703385&ir=
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=461703385&ir=
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0C0B0EzyyEzztGyE0DtCtCtGyC0F0FyBtGyEyCyDyCtGyC0BzyyCtC0EyE0D0DtDtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0DyCyD0F0B0FtGyEtC0A0EtGyEzytCyBtG0Azz0CyEtGyByD0DyDtDyByEyByBtByD0C2Q&cr=461703385&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0C0B0EzyyEzztGyE0DtCtCtGyC0F0FyBtGyEyCyDyCtGyC0BzyyCtC0EyE0D0DtDtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0DyCyD0F0B0FtGyEtC0A0EtGyEzytCyBtG0Azz0CyEtGyByD0DyDtDyByEyByBtByD0C2Q&cr=461703385&ir="
CHR HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X]
Task: {5782CC16-52F9-4F3C-9EC4-1BB617F50019} - \UpdaterEX No Task File <==== ATTENTION
Task: {BD8A1012-738A-4888-ADC9-85C203CD9B94} - \GreatArcadeHits No Task File <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.


Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

How is the machine running?

  • 0

#7
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
First stopped responding. It won't close?
  • 0

#8
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Frst stopped responding and it won't close?
  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Frst stopped responding and it won't close?


Some times FRST will say it's not responding, especially if it has a lot of temp files to get rid of. Please re-run the fix, and even though it may say it's not responding, let it continue and it will conclude properly.
  • 0

#10
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

I had to turn it off and back on and it ran a chkdsk.

  This time FRST ran in minutes.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014
Ran by Laptop at 2014-12-25 07:31:55 Run:2
Running from C:\Users\Laptop\Desktop
Loaded Profile: Laptop (Available profiles: Laptop & bart)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=461703385&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=461703385&ir=
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-1790939574-762709250-2766489150-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=461703385&ir=
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0C0B0EzyyEzztGyE0DtCtCtGyC0F0FyBtGyEyCyDyCtGyC0BzyyCtC0EyE0D0DtDtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0DyCyD0F0B0FtGyEtC0A0EtGyEzytCyBtG0Azz0CyEtGyByD0DyDtDyByEyByBtByD0C2Q&cr=461703385&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0C0B0EzyyEzztGyE0DtCtCtGyC0F0FyBtGyEyCyDyCtGyC0BzyyCtC0EyE0D0DtDtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0DyCyD0F0B0FtGyEtC0A0EtGyEzytCyBtG0Azz0CyEtGyByD0DyDtDyByEyByBtByD0C2Q&cr=461703385&ir="
CHR HKU\S-1-5-21-1790939574-762709250-2766489150-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X]
Task: {5782CC16-52F9-4F3C-9EC4-1BB617F50019} - \UpdaterEX No Task File <==== ATTENTION
Task: {BD8A1012-738A-4888-ADC9-85C203CD9B94} - \GreatArcadeHits No Task File <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found. 
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found.
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value not found.
HKU\S-1-5-21-1790939574-762709250-2766489150-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found. 
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found. 
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
"HKU\S-1-5-21-1790939574-762709250-2766489150-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
vToolbarUpdater17.3.0 => Service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5782CC16-52F9-4F3C-9EC4-1BB617F50019} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD8A1012-738A-4888-ADC9-85C203CD9B94} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits => Key not found. 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 275.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 07:38:15 ====

  • 0

Advertisements


#11
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Laptop on Thu 12/25/2014 at  7:47:13.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWhilokii_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\plurpush"
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{474C9E80-3692-45E5-82F4-BCF2B3128FB3}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{615EF976-3534-4421-AFB8-862033A4892C}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{665B613E-E142-45D8-B0AC-F1683E6116D4}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{7114F5E3-2B1D-43BB-9137-1869D2C300F3}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{855C93C3-0B97-4E75-80B5-6F1391ABD519}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{886A4753-A8EC-4DCD-9D39-12547C57FE53}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{C2672B77-9538-4FBC-BB79-D2FE6C0187BF}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{C386F213-A1E4-42DC-BEB7-0A9995EC813A}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D691C40E-4F4C-40D8-9C40-2D2AE4EC288B}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D6B8B6AB-4D83-451B-A6FC-9E45C6E69697}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D8AFEB72-631D-4409-A917-8F36B4158392}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\t2mfldmg.default\user.js
Successfully deleted the following from C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\t2mfldmg.default\prefs.js
 
user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAtFtBt
user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAtFt
user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAt
Emptied folder: C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\t2mfldmg.default\minidumps [8 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/25/2014 at  7:58:43.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#12
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
# AdwCleaner v4.106 - Report created 25/12/2014 at 08:08:25
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\wangzhisong\AppData\Local\Mobogenie
File Deleted : C:\END
File Deleted : C:\Users\Laptop\daemonprocess.txt
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKLM\SOFTWARE\InstallCore
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP435E35A4-918A-470C-A49C-67E80EC284BC&q={searchTerms}&SSPV=
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP435E35A4-918A-470C-A49C-67E80EC284BC&q={searchTerms}&SSPV=
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP435E35A4-918A-470C-A49C-67E80EC284BC&q={searchTerms}&SSPV=
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP435E35A4-918A-470C-A49C-67E80EC284BC&q={searchTerms}&SSPV=
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0A0BtDtA0AyEtDtAyD0EtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0C0B0EzyyEzztGyE0DtCtCtGyC0F0FyBtGyEyCyDyCtGyC0BzyyCtC0EyE0D0DtDtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0DyCyD0F0B0FtGyEtC0A0EtGyEzytCyBtG0Azz0CyEtGyByD0DyDtDyByEyByBtByD0C2Q&cr=461703385&ir=
 
*************************
 
AdwCleaner[R0].txt - [6587 octets] - [08/01/2014 13:17:53]
AdwCleaner[R1].txt - [6647 octets] - [09/01/2014 09:20:07]
AdwCleaner[R2].txt - [1200 octets] - [09/01/2014 09:27:01]
AdwCleaner[R3].txt - [3943 octets] - [25/12/2014 08:04:15]
AdwCleaner[S0].txt - [6649 octets] - [09/01/2014 09:22:07]
AdwCleaner[S1].txt - [1263 octets] - [09/01/2014 09:29:53]
AdwCleaner[S2].txt - [3815 octets] - [25/12/2014 08:08:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3875 octets] ##########

  • 0

#13
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

The machine actually had been running ok.  I did have an astromendu chrome window opening at browser startup.   and some sort of spyware removal add pop up.   at my new place comcast has me throttled back to 25MB if I get that?, so everything has seemed slow. 


  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

The machine actually had been running ok.  I did have an astromendu chrome window opening at browser startup.   and some sort of spyware removal add pop up.   at my new place comcast has me throttled back to 25MB if I get that?, so everything has seemed slow.


Has the astromenda and spyware popup stopped appearing when you open Chrome?
  • 0

#15
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

I think I had stopped astromendu when I ran MBAM prior to posting here.  or it went away early on. 


  • 0






Similar Topics


Also tagged with one or more of these keywords: astromenda

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP