Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware problem (I think!) .... please help. [Closed]

Started by rubakka , Feb 07 2015 03:18 PM
malwsre virus pop-ups add-on pop-up-virus saveradon-virus

  • This topic is locked This topic is locked

#1
rubakka
Posted 07 February 2015 - 03:18 PM

rubakka

    New Member

  • Member
  • Pip
  • 8 posts

Hello - thank you so much for your help!! I believe this all started when I downloaded the 'hola' plug in. Afterwards, I started to get a lot of pop-up adds and it says "saverad on" in the corner of each pop-up. I've just installed a malwarebytes anti malware on my surface pro. I'm sorry, that's all I can think of. I'm not the best with computers. Please let me know if you require any further information and I will get that to you! Thanks again!! -R 


  • 0

Advertisements

#2
dbreeze
Posted 07 February 2015 - 10:34 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi rubakka,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Only one of these will run on the system; that is the correct one to keep (delete the other).
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
rubakka
Posted 08 February 2015 - 01:10 PM

rubakka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi, 

 

Thanks for helping me out. here are the Logs:

 

Farbar Service Scanner Version: 17-01-2015
Ran by r (administrator) on 08-02-2015 at 11:05:43
Running from "C:\Users\r\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
Please let me know if you need anything else.
 
Thanks.

  • 0

#4
dbreeze
Posted 08 February 2015 - 07:51 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

That's nice on the Service Tool but it is not what we asked for.
 
Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#5
rubakka
Posted 08 February 2015 - 11:57 PM

rubakka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi,

 

here is is (hopefully).

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by r (administrator) on REBECCA on 08-02-2015 21:52:18
Running from C:\Users\r\Desktop
Loaded Profiles: r (Available profiles: r)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Marvell Semiconductors, Inc.) C:\Windows\System32\mvbtrcsvcx64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Spotify Ltd) C:\Users\r\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\r\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-01-10] (LogMeIn, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\Run: [SkyDrive] => C:\Users\r\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation)
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\Run: [Spotify] => C:\Users\r\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-09] (Spotify Ltd)
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\Run: [Facebook Update] => C:\Users\r\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-14] (Facebook Inc.)
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\Run: [Spotify Web Helper] => C:\Users\r\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-09] (Spotify Ltd)
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\MountPoints2: {89022983-0294-11e4-beb7-6045bde99481} - "D:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\MountPoints2: {97ed781e-f976-11e2-be6f-6045bde99481} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\MountPoints2: {ce47e6a6-d3a9-11e3-beae-6045bde99481} - "D:\LaunchU3.exe" -a
Startup: C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SeaverAidedOn -> {9ec91c84-306d-4daf-a58a-225ceec1857a} -> C:\Program Files (x86)\SeaverAidedOn\3R66sWSGa0z2ox.x64.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: saver  box -> {ea7d823d-d571-4b09-8e32-ba53cbc85a42} -> C:\Program Files (x86)\saver  box\sOAv8OD1ratgIo.x64.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: SeaverAidedOn -> {9ec91c84-306d-4daf-a58a-225ceec1857a} -> C:\Program Files (x86)\SeaverAidedOn\3R66sWSGa0z2ox.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: saver  box -> {ea7d823d-d571-4b09-8e32-ba53cbc85a42} -> C:\Program Files (x86)\saver  box\sOAv8OD1ratgIo.dll ()
Toolbar: HKU\S-1-5-21-3972895398-2692782183-784820064-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3972895398-2692782183-784820064-1001 -> No Name - {1ADDAC21-D2DB-4C6A-8DD6-9E88D42BB035} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3972895398-2692782183-784820064-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\r\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\user.js
FF SearchPlugin: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\searchplugins\yahoo-1.xml
FF Extension: CoupScaaNunnEer - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\Extensions\[email protected] [2015-02-04]
FF Extension: SaverAddoNN - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\Extensions\[email protected] [2015-02-04]
FF Extension: Adblock Plus - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-24]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Bio3D) - C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
CHR Plugin: (ChemDraw) - C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DIRECTV Player) - C:\Users\r\AppData\Local\DIRECTV Player\npPlayerPlugin.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\r\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\r\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-20]
CHR Extension: (Google Drive) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25]
CHR Extension: (YouTube) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-20]
CHR Extension: (Google Search) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-20]
CHR Extension: (Google Wallet) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Gmail) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-04-09] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-10] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-10] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-01-10] (LogMeIn, Inc.)
S3 Marvell AVASTAR Bluetooth Radio Adapter; C:\Windows\system32\mvbtrcsvcx64.exe [97792 2013-03-08] (Marvell Semiconductors, Inc.) [File not signed]
R2 Marvell Bluetooth Radio Control Service; C:\WINDOWS\system32\mvbtrcsvcx64.exe [97792 2013-03-08] (Marvell Semiconductors, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
U3 mvbtradio; C:\WINDOWS\system32\mvbtrcsvcx64.exe [97792 2013-03-08] (Marvell Semiconductors, Inc.) [File not signed]
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 372ab9f0; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.31\OptProMon.dll",ENT
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-02-05] ()
S3 kbfilter; C:\Windows\System32\drivers\SurfaceTouchCover.sys [29256 2012-12-11] (Microsoft Corporation)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-01-10] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-26] (Intel Corporation)
R3 mwlu97w8; C:\Windows\system32\DRIVERS\mwlu97w8x64.sys [1602560 2014-05-28] (Marvell Semiconductors, Inc.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [1614768 2014-05-15] (Microsoft Corporation)
R3 TrackpadSettingsDriver; C:\Windows\System32\drivers\TrackpadSettingsDriver.sys [46168 2013-03-25] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 21:52 - 2015-02-08 21:52 - 00020145 _____ () C:\Users\r\Desktop\FRST.txt
2015-02-08 21:51 - 2015-02-08 21:52 - 00000000 ____D () C:\FRST
2015-02-08 21:50 - 2015-02-08 21:50 - 02132992 _____ (Farbar) C:\Users\r\Downloads\FRST64 (1).exe
2015-02-08 21:50 - 2015-02-08 21:50 - 02132992 _____ (Farbar) C:\Users\r\Desktop\FRST64 (1).exe
2015-02-08 17:48 - 2015-02-08 17:49 - 01085424 _____ (Download Manager) C:\Users\r\Downloads\Unconfirmed 178667.crdownload
2015-02-08 13:00 - 2015-02-08 13:00 - 00046712 _____ () C:\Users\r\Downloads\Thermal Data.xlsx
2015-02-08 12:35 - 2015-02-08 12:36 - 11252224 _____ () C:\Users\r\Downloads\hemophilia_VWD (1).ppt
2015-02-08 12:24 - 2015-02-08 12:24 - 11252224 _____ () C:\Users\r\Downloads\hemophilia_VWD.ppt
2015-02-08 12:24 - 2015-02-08 12:24 - 00664064 _____ () C:\Users\r\Downloads\309_33147_KofiAtsinaAbnormalBleedingAmbulatory.ppt
2015-02-08 11:05 - 2015-02-08 11:05 - 00001106 _____ () C:\Users\r\Downloads\FSS.txt
2015-02-08 11:03 - 2015-02-08 11:03 - 00415232 _____ (Farbar) C:\Users\r\Desktop\FSS.exe
2015-02-08 11:02 - 2015-02-08 11:02 - 01124352 _____ (Farbar) C:\Users\r\Downloads\FRST (1).exe
2015-02-08 10:59 - 2015-02-08 10:59 - 02132992 _____ (Farbar) C:\Users\r\Downloads\FRST64.exe
2015-02-08 10:58 - 2015-02-08 10:58 - 01124352 _____ (Farbar) C:\Users\r\Downloads\FRST.exe
2015-02-05 10:50 - 2015-02-05 10:50 - 00000000 ____D () C:\Users\r\AppData\Local\LogMeInIgnition
2015-02-05 10:47 - 2015-02-08 00:20 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-05 10:47 - 2015-02-06 13:36 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-05 10:47 - 2015-02-06 13:36 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-05 10:47 - 2015-02-05 10:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-02-05 10:47 - 2015-02-05 10:47 - 27684864 _____ () C:\Users\r\Downloads\LogMeIn.msi
2015-02-05 10:47 - 2015-02-05 10:47 - 00001024 _____ () C:\.rnd
2015-02-05 10:47 - 2015-02-05 10:47 - 00000000 ____D () C:\Users\r\AppData\Local\LogMeIn
2015-02-05 10:47 - 2015-01-10 10:46 - 00107392 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-02-05 10:47 - 2015-01-10 10:46 - 00092520 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2015-02-05 10:47 - 2015-01-10 10:46 - 00035688 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-02-05 10:47 - 2015-01-10 10:38 - 00072216 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys
2015-02-05 10:31 - 2015-02-05 10:31 - 00002194 _____ () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIDELITY IT (3).lnk
2015-02-05 10:30 - 2015-02-05 10:30 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-02-05 10:28 - 2015-02-05 10:28 - 00027228 _____ () C:\WINDOWS\system32\.crusader
2015-02-05 10:25 - 2015-02-05 10:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-05 10:24 - 2015-02-05 10:25 - 11225840 _____ (SurfRight B.V.) C:\Users\r\Downloads\HitmanPro_x64 (1).exe
2015-02-05 10:21 - 2015-02-05 10:22 - 11225840 _____ (SurfRight B.V.) C:\Users\r\Downloads\HitmanPro_x64.exe
2015-02-05 10:00 - 2015-02-05 10:00 - 00002194 _____ () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIDELITY IT (2).lnk
2015-02-05 09:39 - 2015-02-08 18:22 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 09:39 - 2015-02-05 09:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 09:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-05 09:39 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-05 09:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-05 09:38 - 2015-02-05 09:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\r\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-05 09:34 - 2015-02-05 09:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\r\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-05 09:32 - 2015-02-06 02:59 - 00000000 ____D () C:\Users\r\AppData\Local\LogMeIn Rescue Applet
2015-02-05 09:32 - 2015-02-05 09:32 - 00002220 _____ () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIDELITY IT.lnk
2015-02-04 19:07 - 2015-02-08 10:51 - 00000020 _____ () C:\Users\r\AppData\Roaming\appdataFr3.bin
2015-02-03 19:12 - 2015-02-03 19:13 - 00000000 ____D () C:\Program Files (x86)\SaverAddoNN
2015-02-03 19:12 - 2015-02-03 19:13 - 00000000 ____D () C:\Program Files (x86)\saver  box
2015-02-03 19:12 - 2015-02-03 19:12 - 00000000 ____D () C:\Program Files (x86)\Holmes
2015-02-03 08:20 - 2015-02-03 08:20 - 00000000 ____D () C:\ProgramData\occplolinipgdpodomnciceljmmiepog
2015-02-03 08:20 - 2015-02-03 08:20 - 00000000 ____D () C:\Program Files (x86)\Tumblr Shortcuts
2015-02-03 08:20 - 2015-02-03 08:20 - 00000000 ____D () C:\Program Files (x86)\realDealo
2015-02-03 03:20 - 2015-02-03 03:20 - 00000000 ____D () C:\Program Files (x86)\CoupScaaNunnEer
2015-02-02 23:17 - 2015-02-05 10:28 - 00000000 ____D () C:\Program Files (x86)\deaL4real
2015-02-02 23:17 - 2015-02-04 23:46 - 00000000 ____D () C:\ProgramData\10368842916747477957
2015-02-02 23:17 - 2015-02-02 23:17 - 00000000 ____D () C:\Program Files (x86)\SeaverAidedOn
2015-01-26 16:05 - 2015-01-26 16:05 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2015-01-21 07:59 - 2015-02-05 10:14 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-01-14 17:57 - 2015-01-20 15:16 - 00000000 ____D () C:\Users\r\AppData\Roaming\vlc
2015-01-14 17:56 - 2015-01-14 17:56 - 00003810 _____ () C:\WINDOWS\System32\Tasks\UpdateAdmin
2015-01-14 17:56 - 2015-01-14 17:56 - 00001089 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-14 17:56 - 2015-01-14 17:56 - 00000064 _____ () C:\Users\r\AppData\Local\bcafdfcff6a9e262160d7dea8733e42e
2015-01-14 17:56 - 2015-01-14 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-14 17:56 - 2015-01-14 17:56 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-14 00:15 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 00:15 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 00:15 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 00:15 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 00:15 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 00:15 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 00:15 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 00:15 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 00:15 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 00:15 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 00:15 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 00:15 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 00:15 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 00:15 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 00:15 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 00:15 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 00:15 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 00:15 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 00:15 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 00:15 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 00:15 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 00:15 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 00:15 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 00:15 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 00:15 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 00:15 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 00:15 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 00:15 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 00:15 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 00:15 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 00:15 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-10 13:08 - 2015-01-10 13:08 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-10 12:59 - 2013-11-07 11:51 - 787751712 _____ () C:\Users\r\Desktop\Friday.Night.Lights.2004.720p.BrRip.x264.YIFY.mp4
2015-01-10 12:58 - 2015-01-10 13:00 - 00000000 ____D () C:\Users\r\Desktop\New Jack City (1991)
2015-01-10 12:58 - 2015-01-10 12:58 - 00000000 ____D () C:\Users\r\Desktop\The Other Woman (2014)
2015-01-10 12:57 - 2015-01-10 13:00 - 00000000 ____D () C:\Users\r\Desktop\In.Time.2011.R5.DVDRip.XVID.Clear.AC3.5.1.HQ.Hive-CM8
2015-01-10 12:44 - 2015-01-10 12:54 - 00000000 ____D () C:\Users\r\Desktop\Entourage
2015-01-10 10:38 - 2015-01-10 10:38 - 00035616 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr.dll
2015-01-10 10:38 - 2015-01-10 10:38 - 00014624 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr2.dll
2015-01-10 10:38 - 2015-01-10 10:38 - 00011552 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 21:46 - 2013-09-20 18:00 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 21:11 - 2013-08-22 06:46 - 00321358 _____ () C:\WINDOWS\setupact.log
2015-02-08 21:08 - 2014-03-18 23:31 - 01862151 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-08 21:08 - 2013-08-14 21:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-08 21:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-08 20:55 - 2014-11-09 13:47 - 00000346 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-02-08 19:27 - 2013-08-14 21:22 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3972895398-2692782183-784820064-1001UA.job
2015-02-08 18:15 - 2013-09-04 13:19 - 00175906 _____ () C:\Users\r\AppData\Local\CDXLExtendedShim.log
2015-02-08 18:15 - 2013-08-01 12:55 - 00004952 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for REBECCA-r Rebecca
2015-02-08 17:42 - 2014-04-12 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 17:00 - 2014-03-19 10:53 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C01D50BD-1025-4B42-8DEA-6F3A43570E7F}
2015-02-08 13:00 - 2013-07-30 16:17 - 00000000 ____D () C:\Users\r\AppData\Local\Packages
2015-02-08 11:19 - 2014-12-16 20:48 - 00003612 _____ () C:\WINDOWS\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3972895398-2692782183-784820064-1001
2015-02-08 11:04 - 2013-08-06 23:24 - 00000000 ____D () C:\Users\r\AppData\Roaming\Spotify
2015-02-08 10:53 - 2013-07-30 16:28 - 00000000 ___DO () C:\Users\r\SkyDrive
2015-02-08 10:50 - 2013-09-20 18:00 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 22:27 - 2013-08-14 21:22 - 00000906 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3972895398-2692782183-784820064-1001Core.job
2015-02-07 20:58 - 2013-07-30 16:25 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3972895398-2692782183-784820064-1001
2015-02-07 17:09 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-07 11:17 - 2013-11-13 23:29 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-06 13:35 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-06 13:35 - 2013-08-22 05:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-06 12:42 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-06 02:59 - 2013-08-06 23:24 - 00000000 ____D () C:\Users\r\AppData\Local\Spotify
2015-02-05 10:30 - 2013-11-13 23:20 - 00048762 _____ () C:\WINDOWS\PFRO.log
2015-02-05 10:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-02-04 13:08 - 2013-08-14 21:52 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 11:20 - 2014-03-28 11:12 - 00000000 ____D () C:\Users\r\Documents\ATLAS
2015-02-03 11:31 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 18:29 - 2014-09-22 15:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 17:38 - 2014-09-22 15:13 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-01-21 17:38 - 2014-09-22 15:13 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-01-21 17:38 - 2014-09-22 15:13 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-01-21 17:38 - 2014-09-22 15:13 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 17:38 - 2013-08-26 21:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-17 13:38 - 2014-08-12 18:17 - 00000000 ____D () C:\Users\r\AppData\Roaming\HpUpdate
2015-01-17 11:09 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-15 23:13 - 2014-03-18 23:25 - 00000000 ____D () C:\WINDOWS\Firmware
2015-01-14 06:18 - 2013-08-17 08:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 06:15 - 2013-08-04 19:12 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 14:46 - 2013-09-20 18:01 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-11 22:12 - 2013-08-22 06:44 - 00497904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2015-02-04 19:07 - 2015-02-08 10:51 - 0000020 _____ () C:\Users\r\AppData\Roaming\appdataFr3.bin
2014-01-09 19:53 - 2014-11-17 15:53 - 0000240 _____ () C:\Users\r\AppData\Roaming\WB.CFG
2015-01-14 17:56 - 2015-01-14 17:56 - 0000064 _____ () C:\Users\r\AppData\Local\bcafdfcff6a9e262160d7dea8733e42e
2013-09-04 13:19 - 2015-02-08 18:15 - 0175906 _____ () C:\Users\r\AppData\Local\CDXLExtendedShim.log
2014-08-12 18:16 - 2014-08-12 18:16 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\r\AppData\Local\Temp\optprosetup.exe
C:\Users\r\AppData\Local\Temp\Sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-06 13:46
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by r at 2015-02-08 21:53:08
Running from C:\Users\r\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\Amazon Kindle) (Version:  - Amazon)
ATLAS.ti (HKLM-x32\...\{251659B0-5D87-41EC-B00B-D414E3713375}) (Version: 7.1.07.0 - ATLAS.ti Scientific Software Development GmbH)
Brain Explorer 2 (HKLM-x32\...\{544E11B3-59BA-4B15-BCDC-6A23337F0DD4}) (Version: 2.3.2.2376 - Allen Institute)
CambridgeSoft ChemBioDraw Ultra 13.0 (HKLM-x32\...\{8A6A245D-D0CE-477F-A5D0-8F339B4FF921}) (Version: 13.0 - CambridgeSoft Corporation)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Font Installer Packages (HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\Font Installer Packages) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LogMeIn (HKLM-x32\...\{72B46C07-7EB2-4146-9B03-422296E12C4E}) (Version: 4.1.4830 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MestReNova LITE 5.2.5-5780 (HKLM-x32\...\MestReNova LITE) (Version: 5.2.5-5780 - Mestrelab Research S.L.)
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.1.0000 - ETS)
Spotify (HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3972895398-2692782183-784820064-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\r\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
21-01-2015 07:58:45 Removed UpdateAdmin
27-01-2015 19:04:21 Windows Update
03-02-2015 21:22:10 Scheduled Checkpoint
05-02-2015 10:14:44 Removed UpdateAdmin
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AA79391-133F-46A4-82BC-35571DBBD5B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {0EC2FADF-46A7-44C7-8F10-F8EAFF9E37E4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {30FFABDE-A936-4B07-9A13-E09E65E26574} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {43AEF627-47EE-43CE-8352-17A5BFCD3158} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3972895398-2692782183-784820064-1001
Task: {47A14AAF-AB53-421F-9C8F-AA84725351BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20] (Google Inc.)
Task: {57DEB4E9-97FA-463E-827E-31B18C87FED6} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {7DF0A397-65DF-4548-BAA8-B741825B9BFA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3972895398-2692782183-784820064-1001UA => C:\Users\r\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-14] (Facebook Inc.)
Task: {89639624-9FAE-4C14-B78A-CEB316F2BCBC} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3972895398-2692782183-784820064-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {A0BC1556-A083-47EB-A989-993C8E35CC6D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-14] (Microsoft Corporation)
Task: {B196BFC7-E7FF-4F74-9768-519A6CA5E3B6} - System32\Tasks\UpdateAdmin => C:\Users\r\AppData\Local\UpdateAdmin\UpdateAdmin.exe
Task: {B53CF219-3FD6-419F-A906-1453EB8034C6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for REBECCA-r Rebecca => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-14] (Microsoft Corporation)
Task: {D680639B-BCDB-4E4C-801E-27AEC7AE6002} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3972895398-2692782183-784820064-1001
Task: {E43B347A-AC5F-4029-8B0F-6C355D67C945} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E6762194-4594-4295-A6C8-3CA2731CC79F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {FA140229-8410-42D2-88AE-69EBC324FCAE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3972895398-2692782183-784820064-1001Core => C:\Users\r\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-14] (Facebook Inc.)
Task: {FB42EF57-B5FA-4BB3-8311-26E895134E0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3972895398-2692782183-784820064-1001Core.job => C:\Users\r\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3972895398-2692782183-784820064-1001UA.job => C:\Users\r\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-07-30 16:26 - 2013-10-31 09:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-07-30 16:26 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-07-30 16:26 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-12-07 08:27 - 2012-12-07 08:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-01-14 15:55 - 2014-01-14 15:55 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-19 10:06 - 2013-11-12 23:21 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-12-11 15:57 - 2014-01-14 15:49 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-09-19 10:09 - 2013-11-12 23:22 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-12-11 16:00 - 2014-01-14 15:55 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-09-19 10:06 - 2013-11-12 23:21 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-12-11 15:57 - 2014-01-14 15:49 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2014-09-24 21:35 - 2014-09-24 21:35 - 00081056 _____ () C:\Users\r\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2014-04-12 19:59 - 2014-04-12 19:59 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-13 14:46 - 2015-01-08 16:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-13 14:46 - 2015-01-08 16:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-13 14:46 - 2015-01-08 16:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-13 14:46 - 2015-01-08 16:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-13 14:46 - 2015-01-08 16:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
2013-07-30 16:26 - 2013-07-30 16:27 - 01286256 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\PPRESOURCES.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\r\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\r\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\StartupApproved\StartupFolder: => "StickyNote.lnk"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3972895398-2692782183-784820064-500 - Administrator - Disabled)
Guest (S-1-5-21-3972895398-2692782183-784820064-501 - Limited - Disabled)
r (S-1-5-21-3972895398-2692782183-784820064-1001 - Administrator - Enabled) => C:\Users\r
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2015 08:31:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2015 08:31:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/08/2015 10:50:30 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/08/2015 09:30:30 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/08/2015 00:20:07 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/07/2015 08:33:27 PM) (Source: DCOM) (EventID: 10010) (User: REBECCA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (02/07/2015 08:33:27 PM) (Source: DCOM) (EventID: 10010) (User: REBECCA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (02/07/2015 08:31:27 PM) (Source: DCOM) (EventID: 10010) (User: REBECCA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (02/07/2015 08:30:10 PM) (Source: DCOM) (EventID: 10010) (User: REBECCA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (02/07/2015 08:29:26 PM) (Source: DCOM) (EventID: 10010) (User: REBECCA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (02/07/2015 08:29:26 PM) (Source: DCOM) (EventID: 10010) (User: REBECCA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (02/07/2015 08:29:26 PM) (Source: DCOM) (EventID: 10010) (User: REBECCA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
 
Microsoft Office Sessions:
=========================
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (02/07/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (02/07/2015 08:31:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (02/07/2015 08:31:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: REBECCA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-03 18:17:55.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 18:17:55.127
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 18:17:54.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 18:17:54.842
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 18:17:54.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 18:17:54.551
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 18:17:54.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 18:17:54.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 18:17:54.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 18:17:52.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 84%
Total physical RAM: 3979.71 MB
Available physical RAM: 623.21 MB
Total Pagefile: 8426.95 MB
Available Pagefile: 2161.85 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:110.08 GB) (Free:29.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 317BAFE4)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Thanks. 

  • 0

#6
dbreeze
Posted 09 February 2015 - 03:03 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

That was the correct scanner; thank you.  If you have a problem with any of the following steps, please stop and come back here, tell me what is happening and we will work through it together.

STEP# 1 >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Font Installer Packages

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


STEP# 2 >>>>


Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

Attached Files


  • 0

#7
rubakka
Posted 09 February 2015 - 11:10 PM

rubakka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi,

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by r at 2015-02-09 21:05:02 Run:1
Running from C:\Users\r\Desktop
Loaded Profiles: r (Available profiles: r)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\MountPoints2: {89022983-0294-11e4-beb7-6045bde99481} - "D:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\MountPoints2: {97ed781e-f976-11e2-be6f-6045bde99481} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\...\MountPoints2: {ce47e6a6-d3a9-11e3-beae-6045bde99481} - "D:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: SeaverAidedOn -> {9ec91c84-306d-4daf-a58a-225ceec1857a} -> C:\Program Files (x86)\SeaverAidedOn\3R66sWSGa0z2ox.x64.dll ()
BHO: saver  box -> {ea7d823d-d571-4b09-8e32-ba53cbc85a42} -> C:\Program Files (x86)\saver  box\sOAv8OD1ratgIo.x64.dll ()
BHO-x32: SeaverAidedOn -> {9ec91c84-306d-4daf-a58a-225ceec1857a} -> C:\Program Files (x86)\SeaverAidedOn\3R66sWSGa0z2ox.dll ()
BHO-x32: saver  box -> {ea7d823d-d571-4b09-8e32-ba53cbc85a42} -> C:\Program Files (x86)\saver  box\sOAv8OD1ratgIo.dll ()
Toolbar: HKU\S-1-5-21-3972895398-2692782183-784820064-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3972895398-2692782183-784820064-1001 -> No Name - {1ADDAC21-D2DB-4C6A-8DD6-9E88D42BB035} -  No File
C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\user.js
FF Extension: CoupScaaNunnEer - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\Extensions\[email protected] [2015-02-04]
FF Extension: SaverAddoNN - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\Extensions\[email protected] [2015-02-04]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (DIRECTV Player) - C:\Users\r\AppData\Local\DIRECTV Player\npPlayerPlugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S2 372ab9f0; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.31\OptProMon.dll",ENT
S4 LMIRfsClientNP; No ImagePath
C:\Program Files (x86)\SeaverAidedOn\3R66sWSGa0z2ox.x64.dll
C:\Program Files (x86)\saver  box\sOAv8OD1ratgIo.x64.dll
C:\Program Files (x86)\SeaverAidedOn\3R66sWSGa0z2ox.dll
C:\Program Files (x86)\saver  box\sOAv8OD1ratgIo.dll
2015-02-03 19:12 - 2015-02-03 19:13 - 00000000 ____D () C:\Program Files (x86)\SaverAddoNN
2015-02-03 19:12 - 2015-02-03 19:13 - 00000000 ____D () C:\Program Files (x86)\saver  box
2015-02-03 19:12 - 2015-02-03 19:12 - 00000000 ____D () C:\Program Files (x86)\Holmes
2015-02-03 08:20 - 2015-02-03 08:20 - 00000000 ____D () C:\ProgramData\occplolinipgdpodomnciceljmmiepog
2015-02-03 08:20 - 2015-02-03 08:20 - 00000000 ____D () C:\Program Files (x86)\Tumblr Shortcuts
2015-02-03 08:20 - 2015-02-03 08:20 - 00000000 ____D () C:\Program Files (x86)\realDealo
2015-02-03 03:20 - 2015-02-03 03:20 - 00000000 ____D () C:\Program Files (x86)\CoupScaaNunnEer
2015-02-02 23:17 - 2015-02-05 10:28 - 00000000 ____D () C:\Program Files (x86)\deaL4real
2015-02-02 23:17 - 2015-02-04 23:46 - 00000000 ____D () C:\ProgramData\10368842916747477957
2015-02-02 23:17 - 2015-02-02 23:17 - 00000000 ____D () C:\Program Files (x86)\SeaverAidedOn
2015-01-14 17:56 - 2015-01-14 17:56 - 0000064 _____ () C:\Users\r\AppData\Local\bcafdfcff6a9e262160d7dea8733e42e
C:\Users\r\AppData\Local\Temp\optprosetup.exe
C:\Users\r\AppData\Local\Temp\Sqlite3.dll
Task: {43AEF627-47EE-43CE-8352-17A5BFCD3158} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3972895398-2692782183-784820064-1001
Task: {57DEB4E9-97FA-463E-827E-31B18C87FED6} - \Optimizer Pro Schedule No Task File <==== ATTENTION
EmptyTemp:
Reboot:
end
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-3972895398-2692782183-784820064-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89022983-0294-11e4-beb7-6045bde99481}" => Key deleted successfully.
HKCR\CLSID\{89022983-0294-11e4-beb7-6045bde99481} => Key not found. 
"HKU\S-1-5-21-3972895398-2692782183-784820064-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97ed781e-f976-11e2-be6f-6045bde99481}" => Key deleted successfully.
HKCR\CLSID\{97ed781e-f976-11e2-be6f-6045bde99481} => Key not found. 
"HKU\S-1-5-21-3972895398-2692782183-784820064-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce47e6a6-d3a9-11e3-beae-6045bde99481}" => Key deleted successfully.
HKCR\CLSID\{ce47e6a6-d3a9-11e3-beae-6045bde99481} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ec91c84-306d-4daf-a58a-225ceec1857a}" => Key deleted successfully.
"HKCR\CLSID\{9ec91c84-306d-4daf-a58a-225ceec1857a}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ea7d823d-d571-4b09-8e32-ba53cbc85a42}" => Key deleted successfully.
"HKCR\CLSID\{ea7d823d-d571-4b09-8e32-ba53cbc85a42}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ec91c84-306d-4daf-a58a-225ceec1857a}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9ec91c84-306d-4daf-a58a-225ceec1857a}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ea7d823d-d571-4b09-8e32-ba53cbc85a42}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{ea7d823d-d571-4b09-8e32-ba53cbc85a42}" => Key deleted successfully.
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
HKU\S-1-5-21-3972895398-2692782183-784820064-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1ADDAC21-D2DB-4C6A-8DD6-9E88D42BB035} => value deleted successfully.
HKCR\CLSID\{1ADDAC21-D2DB-4C6A-8DD6-9E88D42BB035} => Key not found. 
C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\user.js => Moved successfully.
C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\Extensions\[email protected] => Moved successfully.
C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\z693s1u3.default\Extensions\[email protected] => Moved successfully.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
C:\Users\r\AppData\Local\DIRECTV Player\npPlayerPlugin.dll not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll not found.
C:\windows\SysWOW64\npDeployJava1.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
372ab9f0 => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
C:\Program Files (x86)\SeaverAidedOn\3R66sWSGa0z2ox.x64.dll => Moved successfully.
C:\Program Files (x86)\saver  box\sOAv8OD1ratgIo.x64.dll => Moved successfully.
C:\Program Files (x86)\SeaverAidedOn\3R66sWSGa0z2ox.dll => Moved successfully.
C:\Program Files (x86)\saver  box\sOAv8OD1ratgIo.dll => Moved successfully.
C:\Program Files (x86)\SaverAddoNN => Moved successfully.
C:\Program Files (x86)\saver  box => Moved successfully.
C:\Program Files (x86)\Holmes => Moved successfully.
C:\ProgramData\occplolinipgdpodomnciceljmmiepog => Moved successfully.
C:\Program Files (x86)\Tumblr Shortcuts => Moved successfully.
C:\Program Files (x86)\realDealo => Moved successfully.
C:\Program Files (x86)\CoupScaaNunnEer => Moved successfully.
C:\Program Files (x86)\deaL4real => Moved successfully.
C:\ProgramData\10368842916747477957 => Moved successfully.
C:\Program Files (x86)\SeaverAidedOn => Moved successfully.
C:\Users\r\AppData\Local\bcafdfcff6a9e262160d7dea8733e42e => Moved successfully.
C:\Users\r\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\r\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43AEF627-47EE-43CE-8352-17A5BFCD3158}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43AEF627-47EE-43CE-8352-17A5BFCD3158}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3972895398-2692782183-784820064-1001 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Push Notification Data File-S-1-5-21-3972895398-2692782183-784820064-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57DEB4E9-97FA-463E-827E-31B18C87FED6}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57DEB4E9-97FA-463E-827E-31B18C87FED6} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => Key not found. 
EmptyTemp: => Removed 2.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:05:55 ====
 
 
Thanks!

  • 0

#8
dbreeze
Posted 10 February 2015 - 12:51 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

First >>>>
 
How is your system running?
 
Second >>>>
 
We need to have Google Chrome repaired by uninstalling it and re-installing.
 
1) Download the offline installer for Chrome 64bit from [url=http://[http://www.google.co...orm=win64]]here to your desktop.
2) Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Google Chrome

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
 
3) Reboot your system.
4) Install Chrome using the file on your desktop you downloaded in the the first step.
 
Third >>>>
 
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


  • 0

#9
rubakka
Posted 10 February 2015 - 12:37 PM

rubakka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

1- my system is running more slowly. Also, pop up ads appear when I use certain websites on any browser (chrome-which was uninstalled and reinstalled as per your instructions, firefox or internet explorer). I would say it's worst when using internet explorer.

 

2- done

 

3- The following is the report log:

 

# AdwCleaner v4.110 - Logfile created 10/02/2015 at 10:25:23
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : r - REBECCA
# Running from : C:\Users\r\Desktop\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\r\AppData\roaming\Mozilla\Firefox\Profiles\z693s1u3.default\invalidprefs.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[z693s1u3.default] - Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
[z693s1u3.default] - Line Found : user_pref("extensions.s.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=suma0101&cd=2XzuyEtN2Y1L1QzuyCtByEyD0B0D0EzyzyyEzztCtC0B0C0FtNtDzytDtC0B&cr=650047608&ir=");

-\\ Google Chrome v40.0.2214.111

[C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************

AdwCleaner[R0].txt - [2083 bytes] - [10/02/2015 10:25:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2142 bytes] ##########

 

Thank you again!!
 


  • 0

#10
dbreeze
Posted 10 February 2015 - 09:26 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
FIRST

Please run AdwCleaner again (if you don't have it running from the last scan) and

a) Click the Scan Button and wait for the scan to finish, (If Adwcleaner has been left open at the finish of the scan this is already done).

b) Make sure in your case all the items under each TAB are ticked / checked then ....

c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.

d) It should create a new log afterwards (with S0 in the name).

e) Please attach or copy the log into your reply here.

 

SECOND

Malwarebytes' Anti-Malware
Please start Malwarebytes Anti-Malware from either the Start Menu shortcut or the desktop shortcut (if you have one).

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.
MBAMfoundMalwarescan_zpsafe36848.png

Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please attach the report file to a post here; I will review the file and script what needs to be removed.
  • 0

#11
rubakka
Posted 11 February 2015 - 01:31 PM

rubakka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here's the script from AdwCleaner: 

 

# AdwCleaner v4.110 - Logfile created 11/02/2015 at 11:25:22
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 8.1 Pro  (x64)
# Username : r - REBECCA
# Running from : C:\Users\r\Desktop\adwcleaner_4.110.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\r\AppData\roaming\Mozilla\Firefox\Profiles\z693s1u3.default\invalidprefs.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\InstallCore
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
[z693s1u3.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
[z693s1u3.default\prefs.js] - Line Deleted : user_pref("extensions.s.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=suma0101&cd=2XzuyEtN2Y1L1QzuyCtByEyD0B0D0EzyzyyEzztCtC0B0C0FtNtDzytDtC0B&cr=650047608&ir=");
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [2253 bytes] - [10/02/2015 10:25:23]
AdwCleaner[R1].txt - [2175 bytes] - [11/02/2015 11:21:00]
AdwCleaner[S0].txt - [2116 bytes] - [11/02/2015 11:25:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2175  bytes] ##########
 
 
Thanks!

  • 0

#12
rubakka
Posted 11 February 2015 - 01:49 PM

rubakka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

As for the Malwarebytes scan, no items were detected. Here's a copy of that log: 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-02-11
Scan Time: 11:32:20 AM
Logfile: Malware Scan Log_2_11.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.11.07
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: r
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337006
Time Elapsed: 12 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Thanks again for all your help
-R

  • 0

#13
dbreeze
Posted 12 February 2015 - 10:47 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here. Also, please note that this scan can take a while to run.

  • Please go here to run the scan and click on Run ESET Online Scanner
  • abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps
  • The next screen will be the ESET Online Scanner installer
  • Getinstallerpopup_zps569f8772.png
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and select Save File
  • downloadsave_zpsb758563f.png
  • Save the file to your desktop; you should see a file like this when the download is finished
  • desktopfile_zps98a1ee89.png Double click on this to start the installation of the ESET Online Scanner
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • TOU_zps4ecd3406.png
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Enable detection of potentially unwanted applications is selected.
  • Now click on Advanced Settings and configure the options as follows:
    • Remove found threats is Not checked
    • Scan archives is checked
    • Scan for potentially unsafe applications is checked
    • Enable Anti-Stealth Technology is checked
  • Now click on: Start
  • Loadsettings_2014-08-23_zps3f2d0c88.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • Downloadingsignatures_zps36c38587.png
  • When completed the Online Scan will begin automatically.
  • Scanningdisplay_zpsec3aac14.png
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if any malware was detected, the summary screen will show a warning.
  • Threatsfound_zpsfe95fb4e.png
  • On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
  • Exporttotextfile_zps16cb487f.png
  • Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
  • UninstallcheckedandFinish_zps6fb26ad8.pn
  • Use Notepad to open the logfile you save on your desktop.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


  • 0

#14
dbreeze
Posted 20 February 2015 - 09:14 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malwsre, virus, pop-ups, add-on, pop-up-virus, saveradon-virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP