I have not forgot about you, be with you soon.
Joe
Browser Hijacker removal
Started by
RiffRaffCat75
, Dec 29 2014 06:26 PM
#46
Posted 02 January 2015 - 07:49 AM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
I have not forgot about you, be with you soon.
Joe
#47
Posted 02 January 2015 - 06:49 PM
RiffRaffCat75
- Topic Starter
-
- Member
-
- 142 posts
Member
It's ok. I've been busy and now I'm not feeling so good. So we might have to get back on it in a day or 2. I'll post when I'm feeling better. Thanks for checking in. TTYL, Tara.
Edited by RiffRaffCat75, 02 January 2015 - 06:50 PM.
#48
Posted 12 January 2015 - 04:13 PM
RiffRaffCat75
- Topic Starter
-
- Member
-
- 142 posts
Member
I just wanted to let you know that I haven't forgot about this thread. I've just had a family member die last week and it took up most all my time last week. So I maybe able to get back on this tonight or tomorrow night.
#49
Posted 12 January 2015 - 04:20 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
Please take all the time you need. The topic will be here and remain open..
Joe
Please take all the time you need. The topic will be here and remain open..
Joe
#50
Posted 12 January 2015 - 04:53 PM
RiffRaffCat75
- Topic Starter
-
- Member
-
- 142 posts
Member
Okay thanks
#51
Posted 19 January 2015 - 11:33 PM
RiffRaffCat75
- Topic Starter
-
- Member
-
- 142 posts
Member
Question; if I do a backup of just my files like music, pictures, etc, will I still end up with the infection in those backed up files? I'd say so, but then again this virus is really only affecting the browsers.
#52
Posted 20 January 2015 - 03:30 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
Since so much time has transpired,
I would like to see another FRST64 log please:
Since so much time has transpired,
I would like to see another FRST64 log please:
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Under Optional Scan place a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
- Press Scan button.
- Please post both logs in your next reply.
#53
Posted 20 January 2015 - 10:30 PM
RiffRaffCat75
- Topic Starter
-
- Member
-
- 142 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Tara (administrator) on TARA-PC on 20-01-2015 23:20:52
Running from C:\Users\Tara\Desktop
Loaded Profiles: Tara (Available profiles: Tara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-09] (COMODO)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2774160 2012-08-09] (CANON INC.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {1788e690-2e4e-11e1-9c98-002622f6b188} - E:\iStudio.exe
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {3c56e40e-1de1-11e1-8b5b-002622f6b188} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {4ea64971-cded-11e2-97f8-002622f6b188} - F:\LaunchU3.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
SearchScopes: HKLM -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {04DA5C94-177F-4D4D-83E1-6CD897866D6E} URL = http://www.google.co...&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {823AF490-3221-41B8-B2C5-E41DF9A0AC7F} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL =
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bukg6d0w.default-1391961009061
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1859080137-3721507021-1121226713-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Tara\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-1859080137-3721507021-1121226713-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Tara\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bukg6d0w.default-1391961009061\Extensions\[email protected] [2014-11-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-01-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-01-19]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Web) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2014-12-16]
CHR Extension: (bokeha2) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgelifppepplifgopjhicenilabkedg [2014-06-22]
CHR Extension: (No Name) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-17]
CHR Extension: (eBay) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-06-13]
CHR Extension: (Google Cast) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-02-09]
CHR Extension: (Facebook) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-06-13]
CHR Extension: (Books of the Day) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdmgncnkffeankemamkodegfhijldpn [2014-06-17]
CHR Extension: (Google Search) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-17]
CHR Extension: (Netflix) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-06-17]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-09-24]
CHR Extension: (Pandora) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-06-13]
CHR Extension: (No Name) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2015-01-20]
CHR Extension: (Free Nook Books) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcfladddnnnjkjdfbfjcpgljdclaibfc [2014-06-17]
CHR Extension: (My Browser Page) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2014-06-13]
CHR Extension: (Pinterest ™ ) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldekkfiehnegbjkcmalkfcgfecambndd [2014-06-17]
CHR Extension: (Browse Save Win) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-12-26]
CHR Extension: (Google Maps) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-17]
CHR Extension: (Google Mail Checker) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-07-07]
CHR Extension: (WeatherBug) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-17]
CHR Extension: (Show Apps in new tab) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip [2014-06-17]
CHR Extension: (Adblock Pro) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-11-11]
CHR Extension: (My Chrome Theme) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-06-13]
CHR Extension: (Picasa) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-06-13]
CHR Extension: (Instagram for Chrome) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-22]
CHR Extension: (Gmail) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR Extension: (Send Link by Email or Gmail) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcgkgghkdfgfhiidfjkhmainebgmklf [2014-07-19]
CHR Extension: (App Launcher Customizer for Google™) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm [2014-06-13]
CHR Extension: (UnisaleS) - C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf\ [2014-06-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-28] (SUPERAntiSpyware.com)
S4 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-08-13] (Macrovision Europe Ltd.) [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-29] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
S2 MCSTRM; No ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2010-09-28] (Apple, Inc.) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 23:20 - 2015-01-20 23:21 - 00020998 _____ () C:\Users\Tara\Desktop\FRST.txt
2015-01-20 23:20 - 2015-01-20 23:20 - 00000000 ____D () C:\Users\Tara\Desktop\FRST-OlderVersion
2015-01-20 00:20 - 2015-01-20 00:20 - 00000000 ____D () C:\MAGICDVDCOPY_TEMP
2015-01-12 17:36 - 2015-01-12 17:37 - 00000000 ____D () C:\EEK
2015-01-12 17:25 - 2015-01-12 17:25 - 18467928 _____ () C:\Users\Tara\Downloads\RogueKillerX64.exe
2015-01-12 17:18 - 2015-01-12 17:25 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-01-12 17:18 - 2015-01-12 17:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-01 15:18 - 2015-01-03 19:43 - 00001776 _____ () C:\windows\system32\Drivers\fvstore.dat
2015-01-01 00:27 - 2015-01-01 00:26 - 01337256 _____ () C:\Users\Tara\Desktop\Tweaking.com-SetWindowsServicesToDefaultStartup.exe
2014-12-31 23:21 - 2015-01-20 23:20 - 02126848 _____ (Farbar) C:\Users\Tara\Desktop\FRST64.exe
2014-12-31 22:40 - 2014-12-28 20:31 - 01707939 _____ (Thisisu) C:\Users\Tara\Desktop\JRT.exe
2014-12-31 22:08 - 2014-12-31 22:05 - 01316632 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tara\Desktop\avgremoverx64.exe
2014-12-31 21:01 - 2014-12-31 21:01 - 00000000 ____D () C:\Users\Tara\Desktop\backups
2014-12-31 20:16 - 2014-12-31 20:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tara\Desktop\HijackThis.exe
2014-12-31 19:34 - 2014-12-31 19:34 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-31 19:29 - 2015-01-03 19:44 - 00000224 _____ () C:\windows\setupact.log
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 _____ () C:\windows\setuperr.log
2014-12-31 19:28 - 2014-12-31 22:36 - 00002424 _____ () C:\windows\PFRO.log
2014-12-29 23:32 - 2014-12-31 23:19 - 00000000 ____D () C:\Users\Tara\Desktop\Dump when done
2014-12-29 22:53 - 2015-01-20 23:21 - 00000000 ____D () C:\FRST
2014-12-29 22:41 - 2014-12-29 22:41 - 02173952 _____ () C:\Users\Tara\Desktop\AdwCleaner.exe
2014-12-29 00:41 - 2014-12-29 00:41 - 00000000 ____D () C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0
2014-12-29 00:38 - 2014-12-29 00:38 - 04909382 _____ () C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip
2014-12-28 23:24 - 2014-12-28 23:50 - 00000000 ____D () C:\Users\Tara\Doctor Web
2014-12-28 22:28 - 2014-12-28 22:28 - 00000000 ____D () C:\windows\ERUNT
2014-12-28 22:04 - 2014-12-31 22:36 - 00000000 ____D () C:\AdwCleaner
2014-12-28 21:48 - 2014-12-28 23:13 - 00009890 _____ () C:\windows\system32\.crusader
2014-12-28 21:30 - 2014-12-28 21:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-28 21:22 - 2014-12-28 21:22 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-28 21:21 - 2014-12-28 21:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-28 21:20 - 2014-12-28 21:20 - 00638888 _____ (Oracle Corporation) C:\Users\Tara\Downloads\chromeinstall-8u25.exe
2014-12-28 20:12 - 2014-12-28 20:12 - 00000000 __SHD () C:\Users\Tara\AppData\Local\EmieBrowserModeList
2014-12-28 18:35 - 2014-12-28 18:35 - 00000000 ____D () C:\Users\Tara\Downloads\new_patient_forms
2014-12-27 23:49 - 2014-12-28 20:21 - 00000000 ____D () C:\NPE
2014-12-27 23:00 - 2014-12-28 21:22 - 00000000 ____D () C:\Users\Tara\AppData\Local\NPE
2014-12-27 22:59 - 2014-12-27 23:00 - 03060320 ____N (Symantec Corporation) C:\Users\Tara\Downloads\NPE.exe
2014-12-27 21:08 - 2014-12-27 21:08 - 00017153 _____ () C:\Users\Tara\Documents\CisReport_x64_v8.0.0.4344_20141227-210803.zip
2014-12-27 20:57 - 2014-12-27 20:57 - 00016802 _____ () C:\Users\Tara\Documents\CisReport_x64_v8.0.0.4344_20141227-205705.zip
2014-12-27 19:37 - 2014-12-27 19:37 - 00000276 _____ () C:\windows\Tasks\Uninstaller_SkipUac_Tara.job
2014-12-27 19:16 - 2015-01-20 23:15 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-12-27 19:16 - 2014-12-27 19:16 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-12-27 19:16 - 2014-12-27 19:16 - 00000000 ____D () C:\windows\System32\Tasks\COMODO
2014-12-27 19:16 - 2014-12-27 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-12-27 19:15 - 2014-12-27 19:15 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-27 19:15 - 2014-12-27 19:15 - 00000000 ____D () C:\Program Files\COMODO
2014-12-27 19:13 - 2014-12-27 19:16 - 00000000 ____D () C:\ProgramData\Comodo
2014-12-27 19:13 - 2014-12-27 19:13 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-12-27 19:12 - 2014-12-27 19:12 - 00000000 ____D () C:\windows\pss
2014-12-27 01:02 - 2014-12-27 01:04 - 17011275 _____ () C:\Users\Tara\Downloads\Attachments_20141227.zip
2014-12-26 02:21 - 2014-12-26 02:21 - 00000000 ____D () C:\windows\SysWOW64\X86
2014-12-26 02:21 - 2014-12-26 02:21 - 00000000 ____D () C:\windows\SysWOW64\AMD64
2014-12-26 02:20 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\Browse Save Win
2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\YoUtubeeAAdBBloccke
2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\unIsuales
2014-12-26 02:18 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\UnisaleS
2014-12-26 02:18 - 2014-12-26 02:18 - 00000000 ____D () C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf
2014-12-24 23:51 - 2014-12-24 23:51 - 04277052 _____ () C:\Users\Tara\Downloads\new_patient_forms.zip
2014-12-24 18:33 - 2014-12-24 18:33 - 00000498 _____ () C:\Users\Tara\Desktop\sdfbsfb.txt
2014-12-24 18:33 - 2014-12-24 18:33 - 00000233 _____ () C:\Users\Tara\Desktop\mvlskfn.txt
2014-12-23 19:55 - 2014-12-23 19:55 - 00000000 ____D () C:\Users\Tara\Downloads\collagesetcatherinealise20x24
2014-12-23 19:41 - 2014-12-23 19:55 - 195454418 _____ () C:\Users\Tara\Downloads\collagesetcatherinealise20x24.zip
2014-12-22 15:38 - 2014-12-22 15:38 - 00000000 ____D () C:\Users\Tara\Downloads\ChristmasSeries
2014-12-22 15:35 - 2014-12-22 15:37 - 92095222 _____ () C:\Users\Tara\Downloads\ChristmasSeries.zip
2014-12-22 00:03 - 2014-12-22 00:05 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-12-22 00:02 - 2014-12-22 00:02 - 00002048 _____ () C:\Users\Public\Desktop\Canon My Image Garden.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 23:18 - 2014-07-28 16:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-20 23:18 - 2009-07-14 00:13 - 00920378 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-20 23:16 - 2014-06-19 12:21 - 01535957 _____ () C:\windows\WindowsUpdate.log
2015-01-20 23:15 - 2013-06-30 20:46 - 00000202 _____ () C:\windows\Tasks\AutoKMSDaily.job
2015-01-20 23:15 - 2012-03-31 21:23 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 23:15 - 2010-01-27 22:37 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 23:15 - 2010-01-27 22:37 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 14:56 - 2014-08-26 19:12 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 09:09 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 09:09 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 19:44 - 2013-06-30 20:46 - 00000198 _____ () C:\windows\Tasks\AutoKMS.job
2015-01-03 19:44 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-01 18:04 - 2010-03-06 15:58 - 00000000 ____D () C:\Users\Tara\Documents\My Docs
2015-01-01 15:13 - 2010-09-25 19:10 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-31 21:01 - 2011-01-19 19:38 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\uTorrent
2014-12-31 20:53 - 2012-03-31 21:23 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-31 20:53 - 2012-03-31 21:23 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-31 20:53 - 2011-05-23 12:54 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 19:32 - 2010-12-21 13:44 - 00000000 ____D () C:\Users\Tara\Tracing
2014-12-31 19:31 - 2011-12-24 01:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-30 00:08 - 2014-11-18 18:13 - 00002156 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2014-12-30 00:08 - 2010-12-30 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-12-30 00:08 - 2010-01-27 20:44 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-29 23:23 - 2011-08-13 22:37 - 00001945 _____ () C:\windows\epplauncher.mif
2014-12-29 21:27 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-29 21:23 - 2010-01-27 20:35 - 00000000 ____D () C:\Users\Tara
2014-12-29 19:46 - 2010-01-28 18:42 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-29 00:42 - 2014-08-03 10:44 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-28 23:50 - 2013-03-24 17:41 - 00000000 ____D () C:\Users\Tara\Documents\Tools
2014-12-28 22:21 - 2014-06-19 12:08 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\ProductData
2014-12-28 22:21 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-28 22:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-12-28 21:21 - 2013-10-21 20:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-28 19:29 - 2014-12-20 23:06 - 00000000 ____D () C:\Users\Tara\Desktop\slide show folder
2014-12-28 00:09 - 2014-06-19 12:07 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-27 23:00 - 2009-12-08 07:09 - 00000000 ____D () C:\ProgramData\Norton
2014-12-26 01:26 - 2013-08-30 21:15 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\vlc
2014-12-22 00:03 - 2013-07-16 12:21 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\Canon
2014-12-21 23:58 - 2014-07-29 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-12-21 23:57 - 2011-04-16 15:35 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-12-21 01:45 - 2013-05-14 21:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2012-05-29 18:18 - 2012-11-04 10:23 - 0000004 _____ () C:\Users\Tara\AppData\Roaming\097EFC
2010-12-02 16:14 - 2010-12-02 16:14 - 0099384 _____ () C:\Users\Tara\AppData\Roaming\inst.exe
2012-05-29 18:18 - 2012-11-04 10:23 - 0870128 _____ () C:\Users\Tara\AppData\Roaming\mcs.rma
2010-12-02 16:14 - 2010-12-02 16:14 - 0007859 _____ () C:\Users\Tara\AppData\Roaming\pcouffin.cat
2010-12-02 16:14 - 2010-12-02 16:14 - 0001167 _____ () C:\Users\Tara\AppData\Roaming\pcouffin.inf
2010-12-02 16:15 - 2010-12-02 16:15 - 0000034 _____ () C:\Users\Tara\AppData\Roaming\pcouffin.log
2010-12-02 16:14 - 2010-12-02 16:14 - 0082816 _____ (VSO Software) C:\Users\Tara\AppData\Roaming\pcouffin.sys
2014-06-19 12:08 - 2014-06-19 12:08 - 0000024 _____ () C:\Users\Tara\AppData\Roaming\temp.ini
2013-11-05 22:23 - 2013-11-05 22:23 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Tara\AppData\Local\BcsKtYcHW.dll
2011-11-23 12:56 - 2012-07-14 19:11 - 0007609 _____ () C:\Users\Tara\AppData\Local\resmon.resmoncfg
2012-07-27 20:48 - 2012-07-27 20:48 - 0000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some content of TEMP:
====================
C:\Users\Tara\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Tara\AppData\Local\Temp\Quarantine.exe
C:\Users\Tara\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-11 08:54
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Tara at 2015-01-20 23:22:47
Running from C:\Users\Tara\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.31 - Piriform)
COMODO Internet Security Premium (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
G-Force (HKLM-x32\...\G-Force) (Version: 3.9.1 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Helium Music Manager 8.6.3 (HKLM-x32\...\{BA722179-62EA-4090-923D-D324CE1A691D}}_is1) (Version: 8.6.3.10770 - Intermedia Software)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 5.5.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 5.5.0 - )
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)
Magic DVD Copier V6.0.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
OverDrive Media Console (HKLM-x32\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Sansa Updater (HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
SUPERAntiSpyware Free Edition (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.34.0.1000 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.9.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.2 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Utility Common Driver (x32 Version: 1.0.50.26C - TOSHIBA) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
==================== Restore Points =========================
29-12-2014 23:16:35 IObit Uninstaller restore point
03-01-2015 19:38:52 Windows Update
11-01-2015 08:54:32 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03F9070A-5A20-40E3-B751-5C21C3891F48} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: {1C5D2BC5-FE07-4F93-9EBD-E6EE923FD22F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {1EC71138-9E7D-4616-BCB0-F698035F9EF3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {47D15932-46E7-4773-B0A2-0DCB921B3662} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49577359-A6B6-49AB-91A2-21684EB026BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {578F1192-1993-4CFB-BE8D-0313179F3C0A} - System32\Tasks\ASC8_SkipUac_Tara => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {58153365-5162-40A0-9C21-8C1177CAB3B1} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {64F13734-F1FB-4772-886A-BAD5126771FE} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {728DFC5B-7877-4328-B355-A02437F8307C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {8E9A080E-70F4-4915-8820-0F219DD6DFA3} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit)
Task: {9A410B12-0A63-4721-9B24-28099D99C093} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {C846FC04-7914-474A-90B6-D53F3F11A11A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-31] (Adobe Systems Incorporated)
Task: {CE05969B-0FC9-45B3-BBBF-01DF0F43A336} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {DD6900B1-4F3D-46F5-BED2-E8B920BFA00B} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {DF4E01B6-A7C1-4A3C-8129-6F6025675124} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E005A836-F296-442D-B094-F37CE6C45A38} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC91DDAC-E007-4907-A47C-40E02A461AE8} - System32\Tasks\Uninstaller_SkipUac_Tara => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {F7368C04-0816-44B5-A260-8740FCBE8EF3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Uninstaller_SkipUac_Tara.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) =============
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdZnID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AVG Security Toolbar Service => 3
MSCONFIG\Services: avg9emc => 2
MSCONFIG\Services: avg9wd => 2
MSCONFIG\Services: avgfws9 => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Gadget Service => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: RoxLiveShare10 => 2
MSCONFIG\Services: RSELSVC => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WiseBootAssistant => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: YahooAUService => 2
========================= Accounts: ==========================
Administrator (S-1-5-21-1859080137-3721507021-1121226713-500 - Administrator - Disabled)
Guest (S-1-5-21-1859080137-3721507021-1121226713-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1859080137-3721507021-1121226713-1002 - Limited - Enabled)
Tara (S-1-5-21-1859080137-3721507021-1121226713-1001 - Administrator - Enabled) => C:\Users\Tara
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Tara-PC.local already in use; will try Tara-PC-2.local instead
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Tara-PC.local. Addr 192.168.1.14
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.13:5353 4 Tara-PC.local. Addr 192.168.1.13
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5803
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5803
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1841
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1841
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 00:11:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Tara-PC.local already in use; will try Tara-PC-2.local instead
System errors:
=============
Error: (01/20/2015 11:16:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :0" could not be registered on the interface with IP address 192.168.1.14.
The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 11:16:16 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :20" could not be registered on the interface with IP address 192.168.1.14.
The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 11:16:16 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{ABBD19A7-87D5-4393-8868-5DFD67803C94} because another computer on the network has the same name. The server could not start.
Error: (01/20/2015 11:16:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :0" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 11:16:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :20" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 11:16:15 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{ABBD19A7-87D5-4393-8868-5DFD67803C94} because another computer on the network has the same name. The server could not start.
Error: (01/20/2015 11:15:13 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/20/2015 00:20:13 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :0" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.18 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 00:11:18 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :20" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.18 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 00:11:18 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :0" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.18 did not allow the name to be claimed by
this computer.
Microsoft Office Sessions:
=========================
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Tara-PC.local already in use; will try Tara-PC-2.local instead
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Tara-PC.local. Addr 192.168.1.14
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.13:5353 4 Tara-PC.local. Addr 192.168.1.13
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5803
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5803
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1841
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1841
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 00:11:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Tara-PC.local already in use; will try Tara-PC-2.local instead
==================== Memory info ===========================
Processor: AMD Turion™ II Dual-Core Mobile M520
Percentage of memory in use: 34%
Total physical RAM: 3838.36 MB
Available physical RAM: 2515.91 MB
Total Pagefile: 7674.9 MB
Available Pagefile: 5803.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (TI105757W0A) (Fixed) (Total:287.7 GB) (Free:111.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: D06ABEA8)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=17)
==================== End Of Log ============================
#54
Posted 20 January 2015 - 11:00 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
Forgot to answer your question:
Thanks for those log reports, I'll look them over, from a quick glance I see a browser issue or 2, I can't be on line much longer tonite so if you could run a Malwarebytes scan in the mean time that would be great and I'll see it the afternoon Tomorrow. That will get us off to a good start again on this machine.
Looks like you already have Malwarebytes installed so you may not have to download it, here are the instructions for running it if you need them. Please post the log from Malwarebytes.
Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log
Forgot to answer your question:
You can back up those files if you want.if I do a backup of just my files like music, pictures, etc, will I still end up with the infection in those backed up files?
Thanks for those log reports, I'll look them over, from a quick glance I see a browser issue or 2, I can't be on line much longer tonite so if you could run a Malwarebytes scan in the mean time that would be great and I'll see it the afternoon Tomorrow. That will get us off to a good start again on this machine.
Looks like you already have Malwarebytes installed so you may not have to download it, here are the instructions for running it if you need them. Please post the log from Malwarebytes.
Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log
#55
Posted 21 January 2015 - 05:36 PM
RiffRaffCat75
- Topic Starter
-
- Member
-
- 142 posts
Member
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/21/2015
Scan Time: 5:34:09 PM
Logfile: logs1.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.21.11
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tara
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357739
Time Elapsed: 40 min, 8 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST, , [8ac77a7db0d9191d1f56f805699b9070],
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST, , [b0a1f9fe5c2dd75fa6cfc5380afa6d93],
Registry Values: 2
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST|1, , [8ac77a7db0d9191d1f56f805699b9070],
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST|1, , [b0a1f9fe5c2dd75fa6cfc5380afa6d93],
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 2
PUP.Optional.ReMarkable.A, C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, , [75dc2dcaa6e360d63fc8eb0c1ee6ab55],
PUP.Optional.ReMarkable.A, C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, , [341d609782073bfbdc2b72857391728e],
Physical Sectors: 0
(No malicious items detected)
(end)
#56
Posted 22 January 2015 - 06:56 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
Thanks. I'm running behind a bit with everyone.
We should run AdwCleaner and Junkware removal tool again to check things. These tools should be on the desktop already from before. I'll re- post the instructions here again for you for using those tools so you don't have to look for them in the thread:
Next
Please download AdwCleaner by Xplode onto your Desktop.
Thanks. I'm running behind a bit with everyone.
We should run AdwCleaner and Junkware removal tool again to check things. These tools should be on the desktop already from before. I'll re- post the instructions here again for you for using those tools so you don't have to look for them in the thread:
Next
Please download AdwCleaner by Xplode onto your Desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click the Scan button and wait for the process to complete.
- Click the Report button and the report will open in Notepad.
- NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
- Click on the Clean button follow the prompts.
- A log file will automatically open after the scan has finished and the PC has rebooted.
- Please post the content of that log file with your next answer.
- You can find the log file at C:\AdwCleaner
- Next
Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.
In your next reply post;- The AdwCleaner [SO].txt Log
- The JRT.txt Log
Joe
#57
Posted 22 January 2015 - 10:53 PM
RiffRaffCat75
- Topic Starter
-
- Member
-
- 142 posts
Member
Hey, just wanted to let you know that I am working on this right now, but once I post the logs I've got to hit the hay. We can get back on it soon.
#58
Posted 22 January 2015 - 11:03 PM
RiffRaffCat75
- Topic Starter
-
- Member
-
- 142 posts
Member
I'm a little bit f'd up right now, so I don't know if these are the right logs or not. If not, I'll redo them tomorrow.
# AdwCleaner v4.108 - Report created 22/01/2015 at 23:14:50
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tara - TARA-PC
# Running from : C:\Users\Tara\Desktop\adwcleaner_4.108.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
-\\ Google Chrome v39.0.2171.95
[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bbmegnmpleoagolcnjnejdacakedpcgd
*************************
AdwCleaner[R0].txt - [12832 octets] - [28/12/2014 22:04:59]
AdwCleaner[R1].txt - [1874 octets] - [29/12/2014 22:14:09]
AdwCleaner[R2].txt - [1028 octets] - [29/12/2014 22:42:03]
AdwCleaner[R3].txt - [1578 octets] - [31/12/2014 22:32:52]
AdwCleaner[R4].txt - [2053 octets] - [22/01/2015 23:10:22]
AdwCleaner[S0].txt - [12221 octets] - [28/12/2014 22:07:58]
AdwCleaner[S1].txt - [1733 octets] - [29/12/2014 22:36:46]
AdwCleaner[S2].txt - [1090 octets] - [29/12/2014 22:45:30]
AdwCleaner[S3].txt - [1645 octets] - [31/12/2014 22:36:03]
AdwCleaner[S4].txt - [1988 octets] - [22/01/2015 23:14:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2048 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tara on Thu 01/22/2015 at 23:22:09.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 23:58:17.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#59
Posted 25 January 2015 - 02:42 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
Those are the correct logs.
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
In your next reply post:
(Fixlog.txt).
Thanks
Joe
Those are the correct logs.
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {1788e690-2e4e-11e1-9c98-002622f6b188} - E:\iStudio.exe
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {3c56e40e-1de1-11e1-8b5b-002622f6b188} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {4ea64971-cded-11e2-97f8-002622f6b188} - F:\LaunchU3.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {04DA5C94-177F-4D4D-83E1-6CD897866D6E} URL = http://www.google.co...&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {823AF490-3221-41B8-B2C5-E41DF9A0AC7F} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL =
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Browse Save Win) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-12-26]
CHR Extension: (UnisaleS) - C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf\ [2014-06-13]
2014-12-31 22:08 - 2014-12-31 22:05 - 01316632 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tara\Desktop\avgremoverx64.exe
2014-12-26 02:20 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\Browse Save Win
2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\unIsuales
2014-12-26 02:18 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\UnisaleS
2014-12-26 02:18 - 2014-12-26 02:18 - 00000000 ____D () C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf
AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdZnID
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
Click Format and ensure Wordwrap is unchecked.Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
In your next reply post:
(Fixlog.txt).
Thanks
Joe
#60
Posted 28 January 2015 - 10:39 PM
RiffRaffCat75
- Topic Starter
-
- Member
-
- 142 posts
Member
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Tara at 2015-01-28 23:31:28 Run:1
Running from C:\Users\Tara\Desktop
Loaded Profiles: Tara (Available profiles: Tara)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {1788e690-2e4e-11e1-9c98-002622f6b188} - E:\iStudio.exe
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {3c56e40e-1de1-11e1-8b5b-002622f6b188} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {4ea64971-cded-11e2-97f8-002622f6b188} - F:\LaunchU3.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {04DA5C94-177F-4D4D-83E1-6CD897866D6E} URL = http://www.google.co...&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {823AF490-3221-41B8-B2C5-E41DF9A0AC7F} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL =
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Browse Save Win) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-12-26]
CHR Extension: (UnisaleS) - C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf\ [2014-06-13]
2014-12-31 22:08 - 2014-12-31 22:05 - 01316632 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tara\Desktop\avgremoverx64.exe
2014-12-26 02:20 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\Browse Save Win
2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\unIsuales
2014-12-26 02:18 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\UnisaleS
2014-12-26 02:18 - 2014-12-26 02:18 - 00000000 ____D () C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf
AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdZnID
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1788e690-2e4e-11e1-9c98-002622f6b188}" => Key deleted successfully.
HKCR\CLSID\{1788e690-2e4e-11e1-9c98-002622f6b188} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c56e40e-1de1-11e1-8b5b-002622f6b188}" => Key deleted successfully.
HKCR\CLSID\{3c56e40e-1de1-11e1-8b5b-002622f6b188} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ea64971-cded-11e2-97f8-002622f6b188}" => Key deleted successfully.
HKCR\CLSID\{4ea64971-cded-11e2-97f8-002622f6b188} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89CAE492-3A46-498F-B884-EEF33CDA12B1}" => Key deleted successfully.
HKCR\CLSID\{89CAE492-3A46-498F-B884-EEF33CDA12B1} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{822D2C43-7515-4E10-92D0-9AB57007834B}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{822D2C43-7515-4E10-92D0-9AB57007834B} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89CAE492-3A46-498F-B884-EEF33CDA12B1}" => Key deleted successfully.
HKCR\CLSID\{89CAE492-3A46-498F-B884-EEF33CDA12B1} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04DA5C94-177F-4D4D-83E1-6CD897866D6E}" => Key deleted successfully.
HKCR\CLSID\{04DA5C94-177F-4D4D-83E1-6CD897866D6E} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{822D2C43-7515-4E10-92D0-9AB57007834B}" => Key deleted successfully.
HKCR\CLSID\{822D2C43-7515-4E10-92D0-9AB57007834B} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{823AF490-3221-41B8-B2C5-E41DF9A0AC7F}" => Key deleted successfully.
HKCR\CLSID\{823AF490-3221-41B8-B2C5-E41DF9A0AC7F} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89CAE492-3A46-498F-B884-EEF33CDA12B1}" => Key deleted successfully.
HKCR\CLSID\{89CAE492-3A46-498F-B884-EEF33CDA12B1} => Key not found.
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => Moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf => Moved successfully.
C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf\ => Moved successfully.
C:\Users\Tara\Desktop\avgremoverx64.exe => Moved successfully.
C:\Program Files (x86)\Browse Save Win => Moved successfully.
C:\Program Files (x86)\unIsuales => Moved successfully.
C:\Program Files (x86)\UnisaleS => Moved successfully.
"C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf" => File/Directory not found.
"C:\windows\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Tara\Desktop\AdwCleaner.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Tara\Desktop\HijackThis.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Tara\Downloads\chromeinstall-8u25.exe" => ":$CmdTcID" ADS not found.
C:\Users\Tara\Downloads\chromeinstall-8u25.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Tara\Downloads\RogueKillerX64.exe" => ":$CmdTcID" ADS not found.
C:\Users\Tara\Downloads\RogueKillerX64.exe => ":$CmdZnID" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SMR430" => Key deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 335.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 23:32:25 ====
Ran by Tara at 2015-01-28 23:31:28 Run:1
Running from C:\Users\Tara\Desktop
Loaded Profiles: Tara (Available profiles: Tara)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {1788e690-2e4e-11e1-9c98-002622f6b188} - E:\iStudio.exe
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {3c56e40e-1de1-11e1-8b5b-002622f6b188} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {4ea64971-cded-11e2-97f8-002622f6b188} - F:\LaunchU3.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {04DA5C94-177F-4D4D-83E1-6CD897866D6E} URL = http://www.google.co...&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {823AF490-3221-41B8-B2C5-E41DF9A0AC7F} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL =
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Browse Save Win) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-12-26]
CHR Extension: (UnisaleS) - C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf\ [2014-06-13]
2014-12-31 22:08 - 2014-12-31 22:05 - 01316632 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tara\Desktop\avgremoverx64.exe
2014-12-26 02:20 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\Browse Save Win
2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\unIsuales
2014-12-26 02:18 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\UnisaleS
2014-12-26 02:18 - 2014-12-26 02:18 - 00000000 ____D () C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf
AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdZnID
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1788e690-2e4e-11e1-9c98-002622f6b188}" => Key deleted successfully.
HKCR\CLSID\{1788e690-2e4e-11e1-9c98-002622f6b188} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c56e40e-1de1-11e1-8b5b-002622f6b188}" => Key deleted successfully.
HKCR\CLSID\{3c56e40e-1de1-11e1-8b5b-002622f6b188} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ea64971-cded-11e2-97f8-002622f6b188}" => Key deleted successfully.
HKCR\CLSID\{4ea64971-cded-11e2-97f8-002622f6b188} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89CAE492-3A46-498F-B884-EEF33CDA12B1}" => Key deleted successfully.
HKCR\CLSID\{89CAE492-3A46-498F-B884-EEF33CDA12B1} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{822D2C43-7515-4E10-92D0-9AB57007834B}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{822D2C43-7515-4E10-92D0-9AB57007834B} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89CAE492-3A46-498F-B884-EEF33CDA12B1}" => Key deleted successfully.
HKCR\CLSID\{89CAE492-3A46-498F-B884-EEF33CDA12B1} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04DA5C94-177F-4D4D-83E1-6CD897866D6E}" => Key deleted successfully.
HKCR\CLSID\{04DA5C94-177F-4D4D-83E1-6CD897866D6E} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{822D2C43-7515-4E10-92D0-9AB57007834B}" => Key deleted successfully.
HKCR\CLSID\{822D2C43-7515-4E10-92D0-9AB57007834B} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{823AF490-3221-41B8-B2C5-E41DF9A0AC7F}" => Key deleted successfully.
HKCR\CLSID\{823AF490-3221-41B8-B2C5-E41DF9A0AC7F} => Key not found.
"HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89CAE492-3A46-498F-B884-EEF33CDA12B1}" => Key deleted successfully.
HKCR\CLSID\{89CAE492-3A46-498F-B884-EEF33CDA12B1} => Key not found.
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => Moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf => Moved successfully.
C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf\ => Moved successfully.
C:\Users\Tara\Desktop\avgremoverx64.exe => Moved successfully.
C:\Program Files (x86)\Browse Save Win => Moved successfully.
C:\Program Files (x86)\unIsuales => Moved successfully.
C:\Program Files (x86)\UnisaleS => Moved successfully.
"C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf" => File/Directory not found.
"C:\windows\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Tara\Desktop\AdwCleaner.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Tara\Desktop\HijackThis.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Tara\Downloads\chromeinstall-8u25.exe" => ":$CmdTcID" ADS not found.
C:\Users\Tara\Downloads\chromeinstall-8u25.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Tara\Downloads\RogueKillerX64.exe" => ":$CmdTcID" ADS not found.
C:\Users\Tara\Downloads\RogueKillerX64.exe => ":$CmdZnID" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SMR430" => Key deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 335.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 23:32:25 ====
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
