Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus [Solved]

Started by peejaygee , Jan 12 2015 11:48 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 18 January 2015 - 04:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

Advertisements

#17
peejaygee
Posted 19 January 2015 - 03:57 PM

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

My browser is slighly more responsive. I am still getting pop-ups and my webpage changes to an ad.


  • 0

#18
Essexboy
Posted 20 January 2015 - 08:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could I have a fresh FRST scan please. Delete your current copy and download a fresh one

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • 0

#19
peejaygee
Posted 20 January 2015 - 04:20 PM

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by paulj_000 (administrator) on PC on 20-01-2015 21:55:17
Running from C:\Users\paulj_000\Downloads\FRST-OlderVersion
Loaded Profiles: paulj_000 (Available profiles: Sarah & paulj_000 & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780912 2013-09-20] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-17] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [uTorrent] => C:\Users\paulj_000\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-23] (BitTorrent Inc.)
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\MountPoints2: {47ae0b73-7caf-11e3-8259-806e6f6e6963} - "E:\start.exe"
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Bourne Supremacy.lnk
ShortcutTarget: The Bourne Supremacy.lnk -> C:\FRST\Quarantine\C\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}\The Bourne Supremacy.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...ast&type=agc511
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...age={startPage}
BHO: ApptaoU -> {398c41ce-7890-4119-83af-fb40b8a2f3a3} -> C:\ProgramData\ApptaoU\26PG4CpELGwceY.x64.dll ()
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ApptaoU -> {398c41ce-7890-4119-83af-fb40b8a2f3a3} -> C:\ProgramData\ApptaoU\26PG4CpELGwceY.dll ()
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: saVeroibbox - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> taplika.com
CHR DefaultSearchURL: Default -> http://Taplika.com/r...=1391740327&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]
CHR Extension: (Avast Online Security) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2015-01-12] (RaMMicHaeL)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccnfd_1_10_0_6; C:\Windows\System32\drivers\ccnfd_1_10_0_6.sys [58232 2015-01-07] (ClickCaption)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-20] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 15:12 - 2015-01-19 15:12 - 00243416 _____ () C:\Users\paulj_000\Downloads\Firefox Setup Stub 35.0 (1).exe
2015-01-17 22:24 - 2015-01-17 22:25 - 02186752 _____ () C:\Users\paulj_000\Downloads\AdwCleaner(1).exe
2015-01-17 11:30 - 2015-01-17 11:30 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 11:29 - 2015-01-17 11:29 - 00243416 _____ () C:\Users\paulj_000\Downloads\Firefox Setup Stub 35.0.exe
2015-01-15 22:32 - 2015-01-15 22:33 - 02125312 _____ (Farbar) C:\Users\paulj_000\Downloads\FRST64(1).exe
2015-01-14 23:34 - 2015-01-14 23:34 - 00029396 _____ () C:\Users\paulj_000\Desktop\adw1.txt
2015-01-14 23:24 - 2015-01-14 23:24 - 00588168 _____ () C:\Users\paulj_000\Downloads\setup.exe
2015-01-14 23:23 - 2015-01-14 23:23 - 02191360 _____ () C:\Users\paulj_000\Downloads\AdwCleaner (1).exe
2015-01-14 23:20 - 2015-01-14 23:20 - 00065536 _____ () C:\Users\paulj_000\Downloads\FLVPlayer-Chrome.exe
2015-01-14 23:12 - 2015-01-14 23:12 - 02191360 _____ () C:\Users\paulj_000\Downloads\AdwCleaner.exe
2015-01-14 21:56 - 2015-01-14 21:56 - 00001154 _____ () C:\Users\paulj_000\Desktop\Continue File Opener Installation.lnk
2015-01-14 21:55 - 2015-01-14 21:56 - 00783840 _____ ( ) C:\Users\paulj_000\Downloads\FileOpenerSetup.exe
2015-01-14 21:33 - 2015-01-14 21:33 - 00000000 ____D () C:\ProgramData\ApptaoU
2015-01-14 21:21 - 2015-01-20 21:55 - 00000000 ____D () C:\Users\paulj_000\Downloads\FRST-OlderVersion
2015-01-14 21:10 - 2015-01-14 22:05 - 00000000 ____D () C:\Program Files (x86)\ZPro
2015-01-13 19:58 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:58 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:58 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 19:58 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:58 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 19:58 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 19:58 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-13 19:58 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 19:58 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-13 19:58 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 19:58 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 19:58 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 19:58 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 19:58 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:58 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 19:58 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 19:58 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 19:58 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 19:58 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 19:58 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 19:58 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 19:58 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-13 19:58 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-13 19:58 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-13 19:58 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-13 19:58 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-13 19:58 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 19:58 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 19:58 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 19:58 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 19:58 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 19:18 - 2015-01-13 19:19 - 00000000 ____D () C:\Users\paulj_000\Downloads\The Interview WEBRiP - BLiTZCRiEG
2015-01-13 19:14 - 2015-01-13 19:14 - 00484368 _____ () C:\Users\paulj_000\Downloads\The_Interview_(2014)_WEB_DL_XviD_MP3_RARBG(1).exe
2015-01-13 19:14 - 2015-01-13 19:14 - 00000000 ____D () C:\Program Files (x86)\61a370f7-c453-4cca-9649-2d96e11dea29
2015-01-13 19:11 - 2015-01-13 19:11 - 00484368 _____ () C:\Users\paulj_000\Downloads\The_Interview_(2014)_WEB_DL_XviD_MP3_RARBG.exe
2015-01-13 19:01 - 2015-01-13 19:01 - 00002269 _____ () C:\Users\paulj_000\Desktop\aswMBR.txt
2015-01-13 19:01 - 2015-01-13 19:01 - 00000512 _____ () C:\Users\paulj_000\Desktop\MBR.dat
2015-01-13 18:52 - 2015-01-13 18:52 - 05200384 _____ (AVAST Software) C:\Users\paulj_000\Downloads\aswmbr.exe
2015-01-13 18:51 - 2015-01-13 18:51 - 00001169 _____ () C:\Users\paulj_000\Desktop\Addition - Shortcut.lnk
2015-01-13 18:51 - 2015-01-13 18:51 - 00001129 _____ () C:\Users\paulj_000\Desktop\FRST - Shortcut.lnk
2015-01-13 18:49 - 2015-01-13 18:50 - 00032754 _____ () C:\Users\paulj_000\Downloads\Addition.txt
2015-01-13 18:47 - 2015-01-13 18:50 - 00038174 _____ () C:\Users\paulj_000\Downloads\FRST.txt
2015-01-13 18:44 - 2015-01-20 21:55 - 00000000 ____D () C:\FRST
2015-01-13 18:44 - 2015-01-14 21:32 - 00001419 _____ () C:\Users\paulj_000\Desktop\FRST64 - Shortcut.lnk
2015-01-13 18:44 - 2015-01-14 21:29 - 00014033 _____ () C:\Users\paulj_000\Downloads\FRST64.exe
2015-01-12 22:01 - 2015-01-12 22:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-12 17:45 - 2015-01-12 17:45 - 00137762 _____ () C:\Users\paulj_000\Downloads\OTL.Txt
2015-01-12 17:45 - 2015-01-12 17:45 - 00137762 _____ () C:\Users\paulj_000\Desktop\OTL.Txt
2015-01-12 17:25 - 2015-01-12 17:25 - 00602112 _____ (OldTimer Tools) C:\Users\paulj_000\Downloads\OTL.exe
2015-01-12 16:59 - 2015-01-12 18:16 - 00000000 ____D () C:\Users\paulj_000\Downloads\The Bourne Supremacy (2004) [1080p]
2015-01-12 16:55 - 2015-01-12 16:55 - 00001666 _____ () C:\Users\paulj_000\Desktop\The Bourne Supremacy.lnk
2015-01-12 16:49 - 2015-01-12 16:49 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\Google
2015-01-12 16:42 - 2015-01-14 21:56 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-12 16:42 - 2015-01-12 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-01-12 16:42 - 2015-01-12 16:42 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-01-11 09:43 - 2015-01-11 09:43 - 00000000 ____D () C:\Users\paulj_000\Downloads\The Hobbit Battle Of The Five Armies (2014) DVDScr  x264 AAC [Mafia]
2015-01-07 19:04 - 2015-01-07 19:04 - 00058232 _____ (ClickCaption) C:\Windows\system32\Drivers\ccnfd_1_10_0_6.sys
2015-01-07 07:55 - 2015-01-07 07:56 - 00000000 ____D () C:\Users\paulj_000\Downloads\The.Drop.2014.WEB-DL.x264-RARBG
2014-12-28 14:05 - 2014-12-28 14:58 - 00000000 ____D () C:\Users\Sarah\Desktop\New folder
2014-12-28 12:25 - 2014-12-28 12:25 - 00000354 _____ () C:\Users\paulj_000\Desktop\All Control Panel Items - Shortcut.lnk
2014-12-23 13:15 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-23 13:14 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 21:54 - 2014-05-04 15:56 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 21:54 - 2014-05-04 15:56 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 21:52 - 2014-05-06 12:56 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{02818842-BFB5-4559-BA7D-2FE689C8B86C}
2015-01-20 21:49 - 2014-05-04 15:32 - 01241782 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 21:49 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-20 04:23 - 2014-05-05 09:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 22:37 - 2014-05-06 16:06 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\ClassicShell
2015-01-19 22:18 - 2014-05-06 13:04 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3242301468-3912853311-3031073808-1003
2015-01-19 21:54 - 2014-05-06 13:04 - 00000000 __RDO () C:\Users\paulj_000\SkyDrive
2015-01-19 21:13 - 2014-05-04 16:04 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\uTorrent
2015-01-19 21:12 - 2014-05-04 16:19 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ClassicShell
2015-01-19 19:13 - 2014-05-04 15:36 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F986E634-3E42-4B80-80BA-BBC8DF9E2D1E}
2015-01-19 12:19 - 2014-05-05 18:40 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-19 12:19 - 2014-05-05 11:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-19 10:26 - 2014-05-04 15:41 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3242301468-3912853311-3031073808-1001
2015-01-18 21:55 - 2014-11-15 08:11 - 00003152 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSarah
2015-01-18 21:55 - 2014-11-15 08:11 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForSarah.job
2015-01-18 19:08 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-18 18:56 - 2014-05-04 15:39 - 00000000 ___DO () C:\Users\Sarah\SkyDrive
2015-01-17 22:41 - 2014-11-26 08:10 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForpaulj_000.job
2015-01-17 22:41 - 2014-09-18 16:29 - 00003176 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForpaulj_000
2015-01-17 22:34 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 22:33 - 2014-06-09 16:42 - 00000000 ____D () C:\AdwCleaner
2015-01-17 22:33 - 2014-06-01 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 22:33 - 2013-08-26 06:01 - 00033524 _____ () C:\Windows\PFRO.log
2015-01-17 22:33 - 2013-08-22 14:46 - 00026670 _____ () C:\Windows\setupact.log
2015-01-17 22:33 - 2013-08-22 13:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-17 11:30 - 2014-11-08 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 11:30 - 2014-06-01 20:49 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-16 21:54 - 2014-05-04 15:57 - 00002268 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 23:31 - 2014-05-06 12:55 - 00000000 ____D () C:\Users\paulj_000
2015-01-14 23:30 - 2014-05-06 12:56 - 00001014 _____ () C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-14 23:30 - 2014-05-04 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-14 22:00 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-14 21:49 - 2014-05-04 15:56 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-14 21:49 - 2014-05-04 15:56 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-14 21:37 - 2014-12-10 11:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-14 21:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-13 23:03 - 2014-05-09 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 22:50 - 2014-05-09 15:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 22:48 - 2014-05-10 07:39 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\uTorrent
2015-01-13 19:23 - 2014-05-05 09:46 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 19:14 - 2014-01-13 22:29 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2015-01-12 19:46 - 2014-05-06 16:04 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\vlc
2015-01-12 16:49 - 2014-05-10 17:23 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\Google
2015-01-12 16:38 - 2013-08-22 13:25 - 00000226 _____ () C:\Windows\win.ini
2015-01-06 00:08 - 2014-12-10 09:20 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 00:08 - 2014-12-10 09:20 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-28 14:23 - 2014-05-04 15:35 - 00000000 ____D () C:\Users\Sarah
2014-12-28 14:05 - 2013-08-26 06:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\paulj_000\AppData\Roaming\BQXRVKM
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\paulj_000\AppData\Roaming\MPZU
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\paulj_000\AppData\Roaming\SCPP
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\paulj_000\AppData\Roaming\ZKYZ
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\paulj_000\AppData\Roaming\ZXAUFGTM

Some content of TEMP:
====================
C:\Users\paulj_000\AppData\Local\Temp\Quarantine.exe
C:\Users\paulj_000\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-19 10:27

==================== End Of Log ============================


  • 0

#20
Essexboy
Posted 21 January 2015 - 08:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first thing you must do is uninstall Chrome as it has changed to the developer version

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Bourne Supremacy.lnk
ShortcutTarget: The Bourne Supremacy.lnk -> C:\FRST\Quarantine\C\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}\The Bourne Supremacy.exe ()
BHO: ApptaoU -> {398c41ce-7890-4119-83af-fb40b8a2f3a3} -> C:\ProgramData\ApptaoU\26PG4CpELGwceY.x64.dll ()
BHO-x32: ApptaoU -> {398c41ce-7890-4119-83af-fb40b8a2f3a3} -> C:\ProgramData\ApptaoU\26PG4CpELGwceY.dll ()
FF Extension: saVeroibbox - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-14]
CHR DefaultSearchKeyword: Default -> taplika.com
CHR DefaultSearchURL: Default -> http://Taplika.com/r...=1391740327&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]
CHR Extension: (Avast Online Security) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]
R1 ccnfd_1_10_0_6; C:\Windows\System32\drivers\ccnfd_1_10_0_6.sys [58232 2015-01-07] (ClickCaption)
2015-01-14 21:33 - 2015-01-14 21:33 - 00000000 ____D () C:\ProgramData\ApptaoU
2015-01-14 21:21 - 2015-01-20 21:55 - 00000000 ____D () C:\Users\paulj_000\Downloads\FRST-OlderVersion
2015-01-14 21:10 - 2015-01-14 22:05 - 00000000 ____D () C:\Program Files (x86)\ZPro
2015-01-13 19:14 - 2015-01-13 19:14 - 00000000 ____D () C:\Program Files (x86)\61a370f7-c453-4cca-9649-2d96e11dea29
2015-01-07 19:04 - 2015-01-07 19:04 - 00058232 _____ (ClickCaption) C:\Windows\system32\Drivers\ccnfd_1_10_0_6.sys
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\paulj_000\AppData\Roaming\BQXRVKM
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\paulj_000\AppData\Roaming\MPZU
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\paulj_000\AppData\Roaming\SCPP
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\paulj_000\AppData\Roaming\ZKYZ
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\paulj_000\AppData\Roaming\ZXAUFGTM
C:\ProgramData\ApptaoU
C:\Users\paulj_000\AppData\Local\Google\Chrome
C:\Windows\System32\drivers\ccnfd_1_10_0_6.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#21
peejaygee
Posted 21 January 2015 - 03:27 PM

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by paulj_000 at 2015-01-21 19:56:00 Run:3
Running from C:\Users\paulj_000\Downloads\FRST-OlderVersion
Loaded Profiles: paulj_000 (Available profiles: Sarah & paulj_000 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Bourne Supremacy.lnk
ShortcutTarget: The Bourne Supremacy.lnk -> C:\FRST\Quarantine\C\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}\The Bourne Supremacy.exe ()
BHO: ApptaoU -> {398c41ce-7890-4119-83af-fb40b8a2f3a3} -> C:\ProgramData\ApptaoU\26PG4CpELGwceY.x64.dll ()
BHO-x32: ApptaoU -> {398c41ce-7890-4119-83af-fb40b8a2f3a3} -> C:\ProgramData\ApptaoU\26PG4CpELGwceY.dll ()
FF Extension: saVeroibbox - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-14]
CHR DefaultSearchKeyword: Default -> taplika.com
CHR DefaultSearchURL: Default -> http://Taplika.com/r...=1391740327&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]
CHR Extension: (Avast Online Security) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]
R1 ccnfd_1_10_0_6; C:\Windows\System32\drivers\ccnfd_1_10_0_6.sys [58232 2015-01-07] (ClickCaption)
2015-01-14 21:33 - 2015-01-14 21:33 - 00000000 ____D () C:\ProgramData\ApptaoU
2015-01-14 21:21 - 2015-01-20 21:55 - 00000000 ____D () C:\Users\paulj_000\Downloads\FRST-OlderVersion
2015-01-14 21:10 - 2015-01-14 22:05 - 00000000 ____D () C:\Program Files (x86)\ZPro
2015-01-13 19:14 - 2015-01-13 19:14 - 00000000 ____D () C:\Program Files (x86)\61a370f7-c453-4cca-9649-2d96e11dea29
2015-01-07 19:04 - 2015-01-07 19:04 - 00058232 _____ (ClickCaption) C:\Windows\system32\Drivers\ccnfd_1_10_0_6.sys
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\paulj_000\AppData\Roaming\BQXRVKM
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\paulj_000\AppData\Roaming\MPZU
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\paulj_000\AppData\Roaming\SCPP
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\paulj_000\AppData\Roaming\ZKYZ
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\paulj_000\AppData\Roaming\ZXAUFGTM
C:\ProgramData\ApptaoU
C:\Users\paulj_000\AppData\Local\Google\Chrome
C:\Windows\System32\drivers\ccnfd_1_10_0_6.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Bourne Supremacy.lnk => Moved successfully.
C:\FRST\Quarantine\C\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}\The Bourne Supremacy.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{398c41ce-7890-4119-83af-fb40b8a2f3a3}" => Key deleted successfully.
"HKCR\CLSID\{398c41ce-7890-4119-83af-fb40b8a2f3a3}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{398c41ce-7890-4119-83af-fb40b8a2f3a3}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{398c41ce-7890-4119-83af-fb40b8a2f3a3}" => Key deleted successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] => Moved successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
CHR Profile: C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn => Moved successfully.
C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => Moved successfully.
C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
ccnfd_1_10_0_6 => Unable to stop service
ccnfd_1_10_0_6 => Service deleted successfully.
C:\ProgramData\ApptaoU => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-21 21:26:08)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 21:26:08 ====


  • 0

#22
Essexboy
Posted 21 January 2015 - 04:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Has that produced any change ?

Could I have a fresh FRST scan please.
  • 0

#23
peejaygee
Posted 21 January 2015 - 04:52 PM

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

It appears to running normally now,

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by paulj_000 at 2015-01-21 22:49:41
Running from C:\FRST\Quarantine\C\Users\paulj_000\Downloads\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
ApptaoU (HKLM-x32\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version:  - ApptoU) <==== ATTENTION
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Click Caption 1.10.0.6 (HKLM-x32\...\ClickCaption_1.10.0.6) (Version: 1.10.0.6 - ClickCaption) <==== ATTENTION
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.15.0 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unchecky v0.3.6 (HKLM-x32\...\Unchecky) (Version: 0.3.6 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
ZPro (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f66fd764}) (Version:  - Software Publisher) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-01-2015 22:56:44 Windows Update
13-01-2015 22:48:13 Windows Update
14-01-2015 21:33:11 Restore Point Created by FRST
15-01-2015 21:37:22 Restore Point Created by FRST
21-01-2015 19:56:04 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2015-01-21 19:58 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {339C6966-42E1-4548-88C6-2643A3FCDAA2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {730F9641-517D-4F1D-86C8-F37EB1035397} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-13] (Microsoft Corporation)
Task: {7ED67540-BE36-4B4D-AE8D-68FB81748101} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {82FE9116-8346-435E-9025-8F1C62F4C5BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)
Task: {90D8E7B8-5C59-4F6A-83FD-582A4B9881BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {93522A0E-EF35-481F-AC7D-93A7A6CD74FA} - System32\Tasks\HPCeeScheduleForSarah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {9930B428-1660-4B05-8D9D-B9AF5D2D2950} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-04] (AVAST Software)
Task: {AAE5B805-69AF-4A0B-BE0F-88EF84C3A7BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)
Task: {AC448E35-F49E-467C-9673-142DEEB800AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {BA6D1F50-96D8-4D77-AAEF-6F91E020C0C7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-20] (Synaptics Incorporated)
Task: {C06E0D60-8CB1-43E0-9051-07199344192B} - System32\Tasks\HPCeeScheduleForpaulj_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {CD947758-E405-4E1B-87FA-307997F86FA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D741A10E-E986-488E-915E-C2F80853D899} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {E9BE54FB-6619-4A0B-8835-C9E5B76BF7E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {EF917C69-6FCB-486D-BC35-41032B9B0682} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForpaulj_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSarah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-11-25 21:36 - 2014-11-25 21:36 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-01-21 01:06 - 2015-01-21 01:06 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012001\algo.dll
2015-01-21 20:01 - 2015-01-21 20:01 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012101\algo.dll
2015-01-20 22:07 - 2015-01-20 22:07 - 00058880 _____ () C:\Program Files (x86)\Unchecky\bin\collector.dll
2014-05-04 15:54 - 2014-05-04 15:54 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-13 22:54 - 2013-08-05 07:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\paulj_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Sarah\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\StartupApproved\Run: => "uTorrent"

========================= Accounts: ==========================

Administrator (S-1-5-21-3242301468-3912853311-3031073808-500 - Administrator - Disabled)
Guest (S-1-5-21-3242301468-3912853311-3031073808-501 - Limited - Enabled) => C:\Users\Guest
paulj_000 (S-1-5-21-3242301468-3912853311-3031073808-1003 - Administrator - Enabled) => C:\Users\paulj_000
Sarah (S-1-5-21-3242301468-3912853311-3031073808-1001 - Administrator - Enabled) => C:\Users\Sarah

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 07:56:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9828de99-09f1-45a2-b068-86b7645dd5f4}

Error: (01/21/2015 02:17:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2890

Error: (01/21/2015 02:17:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2890

Error: (01/21/2015 02:17:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 10:52:01 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/19/2015 09:52:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.3.9600.16384, time stamp: 0x5215f6c5
Faulting module name: OmniPassCredProv.dll_unloaded, version: 8.0.0.57, time stamp: 0x525c1bc7
Exception code: 0xc0000005
Fault offset: 0x00000000000122eb
Faulting process ID: 0x2a5c
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report ID: LogonUI.exe3
Faulting package full name: LogonUI.exe4
Faulting package-relative application ID: LogonUI.exe5

Error: (01/19/2015 01:04:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6046

Error: (01/19/2015 01:04:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6046

Error: (01/19/2015 01:04:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:04:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3937


System errors:
=============
Error: (01/21/2015 08:16:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/21/2015 08:01:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/21/2015 08:00:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/21/2015 08:00:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/21/2015 08:00:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/21/2015 08:00:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/21/2015 08:00:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/21/2015 08:00:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/21/2015 08:00:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/21/2015 07:59:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (01/21/2015 07:56:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9828de99-09f1-45a2-b068-86b7645dd5f4}

Error: (01/21/2015 02:17:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2890

Error: (01/21/2015 02:17:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2890

Error: (01/21/2015 02:17:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 10:52:01 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/19/2015 09:52:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.163845215f6c5OmniPassCredProv.dll_unloaded8.0.0.57525c1bc7c000000500000000000122eb2a5c01d0342cb86b8a85C:\Windows\System32\LogonUI.exeOmniPassCredProv.dll76d93d36-a025-11e4-82bb-fc15b402f146

Error: (01/19/2015 01:04:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6046

Error: (01/19/2015 01:04:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6046

Error: (01/19/2015 01:04:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:04:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3937


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2810 @ 2.00GHz
Percentage of memory in use: 26%
Total physical RAM: 3992.59 MB
Available physical RAM: 2941.61 MB
Total Pagefile: 4696.59 MB
Available Pagefile: 3268.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.79 GB) (Free:756.66 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.94 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 20F5551E)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#24
Essexboy
Posted 22 January 2015 - 08:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You have posted just the addition.txt could you post the main FRST.txt as well please
  • 0

#25
peejaygee
Posted 22 January 2015 - 04:13 PM

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

There was no file when it rebooted and the only file named FRST.txt is dated as 13/1/15.


  • 0

Advertisements

#26
Essexboy
Posted 23 January 2015 - 06:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#27
Essexboy
Posted 26 January 2015 - 08:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP