Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Going on some sites, Chrome redirects me to some upload. Adware suspec


  • This topic is locked This topic is locked

#1
Recamen

Recamen

    Member

  • Member
  • PipPip
  • 15 posts

So a few days ago, I go browsing around on DeviantArt. Some message box pops up at the top of the screen saying something like "Your browser just crashed; click here to restore it". I'm thinking, "Ha! Yeah, right" and click to close it out. Instead it just asks me if I'd like to update my browser or something like that. I click "Cancel" and it just redirects me to some ad page. I immediately closed out that tab, figuring it was just trying to throw a virus at me.

 

The problem is, this sort of thing hasn't really stopped. I've seen it pop up again on DeviantArt and on another site, and when it does, I can't click anywhere else but on the box. When I do so, even if it's to close out the box, it redirects me to some download which it tries very hard to force upon me. I figure, "Okay, something's up" and rebooted this morning in Safe Mode to try and clear it out. I run Full Scans with Kaspersky and SuperAntiSpyware. The latter finds some tracking cookies (of course it will), but neither program finds anything. Seeing as how I examined the same site (not DeviantArt) with another, much older laptop, and nothing happened, I strongly suspect adware is on my computer... or at least, something that's trying to install adware.

 

The only thing is that it doesn't seem to pop up on other sites I normally frequent. However, I suspect it's just a matter of time before it pops up on my favorite haunts, too.

 

Is there anything else I can use to sort this problem out?

 

Thanks,

 

~ Recamen


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings Recamen and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

  • Right click frst.png to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

Addition.txt

frst-addition.png

  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

  • FRST.txt
  • Addition.txt

  • 0

#3
Recamen

Recamen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Alrighty, it actually popped up right away on installing. It didn't ask me about running as administrator, and I believe I'm on Windows 8 but it didn't ask me about the SmartScreen stuff. If that could throw off the results, please let me know. But in any case:

 

Here's the log for FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Albert (administrator) on ALBERTRON8 on 24-01-2015 15:37:15
Running from C:\Users\Albert\Downloads
Loaded Profiles: Albert (Available profiles: Albert)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Pokki) C:\Users\Albert\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-04] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\...\MountPoints2: {b7dfe944-72e9-11e4-825e-3010b378649c} - "E:\LaunchU3.exe" -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.h...HPtab&tp=iehome
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.h...HPtab&tp=iehome
SearchScopes: HKLM -> {7BEDFAB3-E666-478C-91EF-9E3F358F9CFF} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {7BEDFAB3-E666-478C-91EF-9E3F358F9CFF} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-1348129997-3731563846-1013290669-1002 -> {7BEDFAB3-E666-478C-91EF-9E3F358F9CFF} URL = http://www.amazon.co...s={searchTerms}
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_key[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-11-23]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-22]
CHR Extension: (Google Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-22]
CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-22]
CHR Extension: (BetterPonymotes) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkmhlceghomaajdimmejkhldnpleoea [2014-11-26]
CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-22]
CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-11-26]
CHR Extension: (Google Sheets) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-22]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2014-11-22]
CHR Extension: (Google Wallet) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-22]
CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 0033951416732354mcinstcleanup; C:\Windows\TEMP\003395~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-01] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-01] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-04] (Hewlett-Packard Development Company, L.P.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-21] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3897856 2014-05-14] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-11-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [799944 2014-11-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-11-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-11-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-21] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 15:37 - 2015-01-24 15:37 - 00024850 _____ () C:\Users\Albert\Downloads\FRST.txt
2015-01-24 15:36 - 2015-01-24 15:37 - 00000000 ____D () C:\FRST
2015-01-24 15:35 - 2015-01-24 15:35 - 02129920 _____ (Farbar) C:\Users\Albert\Downloads\FRST64.exe
2015-01-22 21:51 - 2015-01-22 21:51 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\SUPERAntiSpyware.com
2015-01-22 21:50 - 2015-01-24 15:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-22 21:50 - 2015-01-22 21:50 - 00001827 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-22 21:50 - 2015-01-22 21:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-22 21:50 - 2015-01-22 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-22 21:49 - 2015-01-22 21:49 - 21061680 _____ (SUPERAntiSpyware) C:\Users\Albert\Downloads\SUPERAntiSpyware.exe
2015-01-21 19:57 - 2015-01-21 19:57 - 00002579 _____ () C:\Users\Albert\Downloads\gotta-go-fast- (4).o8d
2015-01-13 15:46 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 15:46 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 15:46 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 15:46 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 15:46 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 15:46 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 15:46 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-13 15:46 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 15:46 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-13 15:46 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 15:46 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 15:46 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 15:46 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 15:46 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 15:46 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 15:46 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 15:46 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 15:46 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 15:46 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 15:46 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 15:46 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 15:46 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-13 15:46 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-13 15:46 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-13 15:46 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-13 15:46 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-13 15:46 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 15:46 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 15:46 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 15:46 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 15:46 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 07:41 - 2015-01-12 07:41 - 00002201 _____ () C:\Users\Albert\Downloads\launch (6).ica
2015-01-12 07:39 - 2015-01-12 15:54 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\ICAClient
2015-01-12 07:39 - 2015-01-12 07:39 - 00000000 ____D () C:\Users\Albert\AppData\Local\Citrix
2015-01-12 07:39 - 2015-01-12 07:39 - 00000000 ____D () C:\ProgramData\Citrix
2015-01-12 07:39 - 2015-01-12 07:39 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-01-12 07:38 - 2015-01-12 07:38 - 14194632 _____ (Citrix Systems, Inc.) C:\Users\Albert\Downloads\CitrixOnlinePluginWeb.exe
2015-01-12 07:36 - 2015-01-12 07:36 - 00002200 _____ () C:\Users\Albert\Downloads\launch (4).ica
2015-01-10 14:31 - 2015-01-10 14:31 - 00002567 _____ () C:\Users\Albert\Downloads\gotta-go-fast- (3).o8d
2015-01-07 20:20 - 2015-01-07 20:20 - 00002562 _____ () C:\Users\Albert\Downloads\gotta-go-fast- (2).o8d
2015-01-05 17:53 - 2015-01-05 17:53 - 00002392 _____ () C:\Users\Albert\Downloads\gotta-go-fast- (1).o8d
2015-01-05 16:52 - 2015-01-05 16:52 - 00002341 _____ () C:\Users\Albert\Downloads\it-s-not-a-trap- (1).o8d
2015-01-03 15:50 - 2015-01-03 16:02 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Apple Computer
2015-01-03 15:50 - 2015-01-03 15:50 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-03 15:50 - 2015-01-03 15:50 - 00000000 ____D () C:\Users\Albert\AppData\Local\Apple Computer
2015-01-03 15:50 - 2015-01-03 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-03 15:50 - 2015-01-03 15:50 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-03 15:50 - 2015-01-03 15:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-03 15:50 - 2015-01-03 15:50 - 00000000 ____D () C:\Program Files\iTunes
2015-01-03 15:50 - 2015-01-03 15:50 - 00000000 ____D () C:\Program Files\iPod
2015-01-03 15:50 - 2015-01-03 15:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-03 15:50 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-03 15:49 - 2015-01-03 15:49 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-03 15:49 - 2015-01-03 15:49 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-03 15:49 - 2015-01-03 15:49 - 00000000 ____D () C:\Users\Albert\AppData\Local\Apple
2015-01-03 15:49 - 2015-01-03 15:49 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-03 15:48 - 2015-01-03 15:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-03 15:45 - 2015-01-03 15:46 - 122418480 _____ (Apple Inc.) C:\Users\Albert\Downloads\iTunes64Setup.exe
2015-01-03 15:42 - 2015-01-03 15:43 - 109829936 _____ (Apple Inc.) C:\Users\Albert\Downloads\iTunesSetup.exe
2014-12-31 22:25 - 2014-12-31 22:25 - 00002249 _____ () C:\Users\Albert\Downloads\it-s-not-a-trap-.o8d
2014-12-31 19:40 - 2014-12-31 19:40 - 00002254 _____ () C:\Users\Albert\Downloads\gotta-go-fast-.o8d
2014-12-31 19:24 - 2014-12-31 19:24 - 00001101 _____ () C:\Users\Albert\Desktop\notepad - Shortcut.lnk
2014-12-31 05:14 - 2014-12-31 05:14 - 00002200 _____ () C:\Users\Albert\Downloads\launch (3).ica
2014-12-31 05:12 - 2014-12-31 05:12 - 00002201 _____ () C:\Users\Albert\Downloads\launch (2).ica
2014-12-31 05:10 - 2014-12-31 05:10 - 00002201 _____ () C:\Users\Albert\Downloads\launch (1).ica
2014-12-31 05:09 - 2014-12-31 05:09 - 00002201 _____ () C:\Users\Albert\Downloads\launch.ica
2014-12-27 22:18 - 2015-01-15 21:28 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Sword of the Stars - The Pit
2014-12-27 22:11 - 2014-12-27 22:11 - 00000222 _____ () C:\Users\Albert\Desktop\Sword of the Stars The Pit.url
2014-12-25 10:20 - 2014-12-27 17:12 - 00000000 ____D () C:\Users\Albert\Documents\SpellForce
2014-12-25 10:20 - 2014-12-25 10:20 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-12-25 10:19 - 2014-12-25 10:19 - 00000601 _____ () C:\Windows\DirectX.log
2014-12-25 10:06 - 2014-12-25 10:06 - 00000221 _____ () C:\Users\Albert\Desktop\SpellForce Platinum Edition.url
2014-12-25 01:11 - 2014-12-25 01:13 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Beat Hazard
2014-12-25 01:10 - 2014-12-25 01:10 - 00000221 _____ () C:\Users\Albert\Desktop\Beat Hazard.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 15:31 - 2014-11-23 03:46 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1348129997-3731563846-1013290669-1002
2015-01-24 15:27 - 2014-11-23 03:43 - 00000000 ____D () C:\Users\Albert\Documents\Youcam
2015-01-24 15:26 - 2014-11-23 22:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-24 15:26 - 2014-11-23 03:44 - 00000000 ___RD () C:\Users\Albert\OneDrive
2015-01-24 15:26 - 2014-11-22 19:55 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 15:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-24 12:00 - 2014-11-22 19:56 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 12:00 - 2014-11-22 19:55 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 11:24 - 2014-03-18 04:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 11:19 - 2013-08-22 09:46 - 00025531 _____ () C:\Windows\setupact.log
2015-01-24 11:19 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 11:18 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-24 09:46 - 2014-10-21 08:37 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-24 09:45 - 2014-11-23 03:29 - 01062274 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 16:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-22 21:46 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-21 19:47 - 2014-12-13 19:47 - 00003170 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAlbert
2015-01-21 19:47 - 2014-12-13 19:47 - 00000358 _____ () C:\Windows\Tasks\HPCeeScheduleForAlbert.job
2015-01-20 15:37 - 2014-11-26 11:51 - 00000000 ____D () C:\Users\Albert\Documents\Excel Files
2015-01-19 16:32 - 2014-12-11 07:11 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 16:32 - 2014-12-11 07:11 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-19 10:40 - 2014-11-24 10:16 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-19 10:40 - 2014-11-24 10:14 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-15 21:28 - 2014-11-23 22:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-13 16:26 - 2014-11-26 18:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 16:17 - 2014-11-26 18:05 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-03 15:49 - 2014-10-21 08:44 - 00000000 ____D () C:\ProgramData\Apple
2014-12-31 22:44 - 2014-10-21 08:51 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-31 05:12 - 2014-11-23 03:40 - 00000000 ____D () C:\Users\Albert\AppData\Local\Packages
2014-12-27 22:11 - 2014-11-23 23:01 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
 
Some content of TEMP:
====================
C:\Users\Albert\AppData\Local\Temp\Extract.exe
C:\Users\Albert\AppData\Local\Temp\SP66894.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 12:34
 
==================== End Of Log ============================
 
And here is the log for Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Albert at 2015-01-24 15:38:09
Running from C:\Users\Albert\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9E8542D5-EC57-3E45-13FE-AC6CA55FD9E2}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.1.5112 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - Crackshell)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4C0ABC2F-CC83-4417-8B3E-A26A04FBB860}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{E9FA2CA2-B7B2-43E6-8449-A1618B042EAE}) (Version: 1.1.3 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version:  - MinMax Games Ltd.)
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
SpellForce: Platinum Edition (HKLM-x32\...\Steam App 39540) (Version:  - Phenomic)
Start Menu (HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\...\Pokki) (Version: 0.269.2.450 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version:  - Kerberos Productions Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-01-2015 15:49:30 Installed iTunes
12-01-2015 11:03:09 Scheduled Checkpoint
19-01-2015 19:36:42 Scheduled Checkpoint
22-01-2015 21:21:30 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BE6DB91-0827-48EA-BA0E-11DB0995E29C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)
Task: {54878EB1-CAE6-45C1-8102-043CFFED50DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {575888B8-8F54-4962-AF6B-DFB7E649E7D4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5B9CA6E7-2F80-4C0A-8BFE-4649364F8D33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {6A1AA0B2-2B44-41AE-89AD-834D05A8A30D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {79AFE033-A5A8-45BA-83BD-D8FAD617DAB6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {91D498CD-01CA-4B88-B29A-6E8185D473C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {A765316F-EAA3-4D4F-92AA-3B72FF97EA1E} - System32\Tasks\HPCeeScheduleForAlbert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C296B2FA-2B9D-4237-B2CD-BC79335AC0E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)
Task: {D1889F01-5BAD-4953-94B4-12FC39AAA37A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {EFF20818-C0B4-40B0-8864-9C1308B2F233} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {F4E5FF0E-CB74-4180-AEAA-BEDD85380447} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {FD1C7C0F-DE77-42D9-A73B-12853E27F38D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAlbert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-06-01 00:13 - 2014-06-01 00:13 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-06-01 00:12 - 2014-06-01 00:12 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2015-01-24 12:00 - 2015-01-20 22:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-24 12:00 - 2015-01-20 22:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-24 12:00 - 2015-01-20 22:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Albert\OneDrive:ms-properties
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1348129997-3731563846-1013290669-500 - Administrator - Disabled)
Albert (S-1-5-21-1348129997-3731563846-1013290669-1002 - Administrator - Enabled) => C:\Users\Albert
Guest (S-1-5-21-1348129997-3731563846-1013290669-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1348129997-3731563846-1013290669-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2015 00:50:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (01/24/2015 00:47:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (01/24/2015 11:19:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 003395~1.EXE, version: 7.8.712.2, time stamp: 0x5321d133
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x73776f64
Faulting process id: 0x73c
Faulting application start time: 0x003395~1.EXE0
Faulting application path: 003395~1.EXE1
Faulting module path: 003395~1.EXE2
Report Id: 003395~1.EXE3
Faulting package full name: 003395~1.EXE4
Faulting package-relative application ID: 003395~1.EXE5
 
Error: (01/24/2015 09:44:34 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (01/24/2015 09:36:08 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (01/23/2015 04:18:39 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (01/23/2015 04:18:39 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (01/23/2015 04:18:39 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (01/23/2015 04:18:38 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (01/23/2015 04:18:33 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
 
System errors:
=============
Error: (01/24/2015 11:19:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0033951416732354) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/24/2015 11:18:52 AM) (Source: DCOM) (EventID: 10005) (User: ALBERTRON8)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/24/2015 11:18:34 AM) (Source: DCOM) (EventID: 10005) (User: ALBERTRON8)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/24/2015 11:18:29 AM) (Source: DCOM) (EventID: 10005) (User: ALBERTRON8)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (01/24/2015 11:18:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (01/24/2015 11:18:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
Error: (01/24/2015 11:17:32 AM) (Source: DCOM) (EventID: 10005) (User: ALBERTRON8)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/24/2015 11:07:32 AM) (Source: DCOM) (EventID: 10005) (User: ALBERTRON8)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/24/2015 11:05:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
Error: (01/24/2015 10:57:32 AM) (Source: DCOM) (EventID: 10005) (User: ALBERTRON8)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Microsoft Office Sessions:
=========================
Error: (01/24/2015 00:50:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe
 
Error: (01/24/2015 00:47:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe
 
Error: (01/24/2015 11:19:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 003395~1.EXE7.8.712.25321d133unknown0.0.0.000000000c000000573776f6473c01d037f187c68070C:\Windows\TEMP\003395~1.EXEunknownc992c043-a3e4-11e4-826a-3010b378649c
 
Error: (01/24/2015 09:44:34 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 
 
Error: (01/24/2015 09:36:08 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 
 
Error: (01/23/2015 04:18:39 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 
 
Error: (01/23/2015 04:18:39 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 
 
Error: (01/23/2015 04:18:39 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 
 
Error: (01/23/2015 04:18:38 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 
 
Error: (01/23/2015 04:18:33 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 
 
 
==================== Memory info =========================== 
 
Processor: AMD FX-7500 Radeon R7, 10 Compute Cores 4C+6G 
Percentage of memory in use: 29%
Total physical RAM: 5090.07 MB
Available physical RAM: 3580.31 MB
Total Pagefile: 5922.07 MB
Available Pagefile: 4012.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:668.66 GB) (Free:610.69 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:28.96 GB) (Free:2.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, for the scan purposes it's fine but for the next stage, please ensure you have saved the FRST64.exe file to your desktop. You currently have it in C:\Users\Albert\Downloads - you can just copy the file to your desktop - then right click and select run as administrator.
 
In general your PC is in good shape. let's see how it is after the next few actions.
 
Step 1
FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   1.05KB   48 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2
  jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3
 adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 
Items I need to see in your next post:


  • 0

#5
Recamen

Recamen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Okay, the FRST log looks like this:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Albert at 2015-01-24 19:33:11 Run:1
Running from C:\Users\Albert\Desktop
Loaded Profiles: Albert (Available profiles: Albert)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
createrestorepoint:
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\...\MountPoints2: {b7dfe944-72e9-11e4-825e-3010b378649c} - "E:\LaunchU3.exe" -a
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] 
S2 0033951416732354mcinstcleanup; C:\Windows\TEMP\003395~1.EXE [836168 2014-03-13] (McAfee, Inc.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
C:\Windows\TEMP\003395~1.EXE
emptytemp:
end
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ISUSPM => value deleted successfully.
HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.
"HKU\S-1-5-21-1348129997-3731563846-1013290669-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7dfe944-72e9-11e4-825e-3010b378649c}" => Key deleted successfully.
HKCR\CLSID\{b7dfe944-72e9-11e4-825e-3010b378649c} => Key not found. 
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
0033951416732354mcinstcleanup => Service deleted successfully.
McAPExe => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mcpltsvc => Service deleted successfully.
McProxy => Service deleted successfully.
mfecore => Service deleted successfully.
MSK80Service => Service deleted successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
C:\Windows\TEMP\003395~1.EXE => Moved successfully.
EmptyTemp: => Removed 887.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:34:27 ====
 
I'll get in the JRT and ADWCleaner steps once I see the links - it doesn't look like you posted them. I'm sorry, but could you please post the links for each program? Good to know the PC looks okay for the most part. 

  • 0

#6
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Sorry - for some reason my links were broken
 
Junkware Removal Tool
 
ADWCleaner


  • 0

#7
Recamen

Recamen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Thank you! Incidentally, here's the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Albert on Sat 01/24/2015 at 21:51:51.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Albert\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/24/2015 at 21:57:03.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#8
Recamen

Recamen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

And here's the ADWCleaner log. Note that I did not have anything removed afterward as you instructed, so if anything looks odd please let me know. Thanks!

 

# AdwCleaner v4.109 - Report created 24/01/2015 at 22:14:18
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Albert - ALBERTRON8
# Running from : C:\Users\Albert\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Pokki
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.91
 
[C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1062 octets] - [24/01/2015 22:14:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1122 octets] ##########

  • 0

#9
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Just a few remnants that adwcleaner found so lets remove them and do a Malwarebytes scan as a differential to see if the others missed anything.
Have you been having the pop ups again or have they gone?


First...

adwcleaner.pngRe-run AdwCleaner

Close all open windows and browsers.

  • Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Then...

Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here (or re-run it if you already have it installed)

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • If threats are detected, click the Apply Actions button.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
     

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

Items I need to see in your next post:
 

  • ADWcleaner results
  • MBAM log

 

 


  • 0

#10
Recamen

Recamen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I do get the ads, though it doesn't seem to be as frequent on DeviantArt... or at least, it hasn't happened in a while. If I go onto the other site, a nintendocosmos article on the N64, I get redirected to some site called "adfly". I've never seen the adfly site on DeviantArt - there, after a time, some box would pop up saying my browser crashed like I described above. But like I said, it doesn't seem to be happening on DeviantArt anymore, so there's that. It may be nothing after all... it's just that I see these things happen and feared the worst.

 

Results and log forthcoming!


  • 0

Advertisements


#11
Recamen

Recamen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I should also note that the ad pop-ups have not happened elsewhere... I typically frequent three sites, but nothing's happened on any of those. Nor has anything happened on any financial sites I use.

 

Anyway, here's the ADWCleaner log:

 

# AdwCleaner v4.109 - Report created 25/01/2015 at 11:19:21
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Albert - ALBERTRON8
# Running from : C:\Users\Albert\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.91
 
[C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1206 octets] - [24/01/2015 22:14:18]
AdwCleaner[R1].txt - [1266 octets] - [25/01/2015 11:17:55]
AdwCleaner[S0].txt - [1158 octets] - [25/01/2015 11:19:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1218 octets] ##########
 
MBAM log forthcoming.

  • 0

#12
Recamen

Recamen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

And here's the Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/25/2015
Scan Time: 11:28:35 AM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.25.08
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Albert
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338737
Time Elapsed: 24 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
There was nothing. At this point, if you think I'm alright, I'd believe it. It looks like there were some sketchy things, but nothing that would actually cause trouble. I guess it's more on the site's end than mine. That's fine by me, since I just wanted to look something up and came across the nintendocosmos article anyway. Just weirded me out that the older laptop wasn't molested, but maybe that was just random chance.

  • 0

#13
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

According to the logs you are clean. You didn't have much on there to start with, nothing that would cause major issues so I think it could just have been the sites also. Adfly does pop up quite a bit with a skip button, I see it many times myself.
 
For a final check, run the following, I don't expect it to find anything apart from the stuff we have already quarantined as you have kaspersky and it is very good but it always worth a differential with a different engine. Then we will clean up the tools that we have used.
 
Anti-Virus Scan
Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>

  • Click Run Eset Online Scanner

Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start[
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#14
Recamen

Recamen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

How do I disable my AV software? I don't see anything that would let me do that.

 

Also, am I able to just clean up whatever was used by the usual method (i.e., highlight->right click->delete)? I'll hold onto Malwarebytes as I've used that on my old laptop in the past, but everything else I probably no longer need at this time.


  • 0

#15
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
To disable Kaspersky:
  • Open the main application window
  • On the right upper corner click Settings
  • On the upper part of the Settings window select Advanced Settings
  • On the left part of the Settings window select Self-Defense item
  • On the right part of the window under Self-Defense
    • If you wish to disable the program self-defense uncheck Enable Self-Defense
    • If you wish to enable the program self-defense check Enable Self-Defense
  • In the right lower corner click the OK button
You can delete the files manually but the quarantines won't be removed.
 
We have a utility that does it all for you and make sure they are all gone.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP