Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Saveron and Optimizer Pro v3.2 on friends computer [Solved]

Started by commanderk , Feb 16 2015 03:23 AM
Saveron Optimizer Pro v3.2

  • This topic is locked This topic is locked

#1
commanderk
Posted 16 February 2015 - 03:23 AM

commanderk

    Member

  • Member
  • PipPip
  • 64 posts

My daughter brought her friends computer for me to help fix. I've removed a bunch of new stuff and it runs better, but still has problems.

 

I put AVG on for virus protection. She has 29 more days of that. I've also installed Malwarebites and run it. They both removed some things, but like I said before, there're still problems.

 

Here's the OTL report:

 

 

OTL logfile created on: 2/16/2015 1:14:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 51.00% Memory free
7.61 Gb Paging File | 5.31 Gb Available in Paging File | 69.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 409.92 Gb Free Space | 88.03% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/16 01:03:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL (1).exe
PRC - [2015/01/06 21:58:48 | 003,440,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2015/01/06 21:57:06 | 003,674,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2015/01/06 21:49:50 | 000,309,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/12/05 17:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/12/04 05:27:52 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 12:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/02 22:34:37 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
MOD - [2015/01/02 22:33:32 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2015/01/02 22:33:12 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2015/01/02 22:33:01 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2015/01/02 22:32:51 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2015/01/02 22:31:54 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2015/01/02 22:31:43 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2015/01/02 22:31:24 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/12/05 17:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 17:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 17:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 17:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/11 18:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/12 00:06:52 | 002,449,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/02/05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/21 08:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/13 17:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (b0551d12)
SRV - [2015/01/06 21:58:48 | 003,440,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2015/01/06 21:49:50 | 000,309,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/02/16 00:24:09 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/08 21:24:26 | 000,260,888 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/11/18 21:42:04 | 000,203,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/10/10 15:14:32 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/10/05 20:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/08/28 20:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/07/18 14:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/18 20:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 20:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/06 07:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/20 09:07:08 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/10/30 10:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/30 05:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/26 11:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/15 19:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/02 11:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/28 17:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 18:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 07:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/09 04:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 51 A1 62 BD 49 D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
 
[2014/05/01 19:50:16 | 000,032,592 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Slides = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: Google Docs = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: Google Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Sheets = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll File not found
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A4A2200-EC47-4ED7-9D18-1BB890D00E87}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (_C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/16 01:15:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2015/02/16 00:10:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/02/15 23:51:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2015/02/15 23:51:36 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieUserList
[2015/02/15 23:51:36 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieSiteList
[2015/02/15 23:51:36 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieBrowserModeList
[2015/02/15 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ssavveron
[2015/02/15 22:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\dnaiingipchpdgglmecikhcaacfdilgb
[2015/02/15 22:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Facebook Chat Platinum
[2015/02/15 20:30:43 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/15 20:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/15 20:30:19 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/15 20:30:19 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/15 20:30:19 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/02/15 20:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/02/15 20:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/02/15 20:02:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2015/02/15 19:52:16 | 000,000,000 | ---D | C] -- C:\Intel
[2015/02/15 19:28:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG
[2015/02/15 19:27:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Avg
[2015/02/15 19:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2015/02/15 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2015/02/15 18:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2015/02/15 18:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Web TuneUp
[2015/02/15 18:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Web TuneUp
[2015/02/15 18:10:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG2015
[2015/02/15 18:09:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2015/02/15 18:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2015/02/15 18:07:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2015/02/15 18:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2015/02/15 18:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2015/02/15 18:01:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015/02/15 18:01:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\MFAData
[2015/02/15 18:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015/02/15 18:01:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Avg2015
[2015/02/15 17:58:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Intel Corporation
[2015/02/15 17:58:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/02/15 17:58:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2015/02/15 17:58:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Google
[2015/02/15 17:58:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2015/02/15 17:58:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
[2015/02/15 17:58:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2015/02/15 17:58:21 | 000,000,000 | -H-D | C] -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2015/02/15 17:58:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2015/02/15 17:58:10 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2015/02/15 17:58:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Templates
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Start Menu
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\PrintHood
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\NetHood
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\My Videos
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\My Pictures
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\My Music
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\My Documents
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Local Settings
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\History
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Application Data
[2015/02/15 17:58:05 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Application Data
[2015/02/15 17:58:04 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2015/02/15 17:58:04 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2015/02/15 17:58:04 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2015/02/15 17:58:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp
[2015/02/15 17:58:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Help
[2015/02/15 17:58:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft
[2015/02/15 17:58:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2015/02/15 17:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitSaaver
[2015/02/15 17:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaverExtenssioon
[2015/02/15 17:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewSaever
[2015/02/15 17:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FounDeaLs
[2015/01/27 00:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\deala4me
[2015/01/27 00:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\savinuShop
[2015/01/23 23:35:51 | 000,000,000 | -HSD | C] -- C:\vseqrntn.bin
[2015/01/23 23:24:01 | 000,350,784 | ---- | C] (DOM LLC) -- C:\Windows\SysNative\DOM_Component64.dll
[2015/01/23 23:23:41 | 000,304,768 | ---- | C] (DOM LLC) -- C:\Windows\SysWow64\DOM_Component.dll
[2015/01/23 23:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cloud File Backup
[2015/01/22 18:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2015/01/20 22:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BitSaaver
[2013/06/18 15:33:38 | 010,395,072 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[11 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/16 01:03:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2015/02/16 00:56:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/16 00:31:14 | 000,000,020 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\appdataFr3.bin
[2015/02/16 00:30:18 | 000,025,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/16 00:30:18 | 000,025,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/16 00:24:09 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/16 00:22:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/16 00:21:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/16 00:21:42 | 3063,029,760 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/16 00:13:14 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/02/16 00:13:14 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/16 00:13:14 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/16 00:13:04 | 000,775,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/15 23:51:31 | 000,001,411 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/02/15 20:30:27 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/15 20:17:47 | 000,434,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/15 18:00:18 | 000,002,283 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/02/15 18:00:18 | 000,002,259 | ---- | M] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2015/02/15 17:20:15 | 000,004,760 | ---- | M] () -- C:\Windows\SysWow64\DOM_Component.ini
[2015/02/15 17:20:15 | 000,002,512 | ---- | M] () -- C:\Windows\SysWow64\DOM_ComponentOff.ini
[2015/02/15 17:20:15 | 000,002,512 | ---- | M] () -- C:\Windows\SysNative\DOM_ComponentOff.ini
[11 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/15 23:51:31 | 000,001,411 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/02/15 20:30:27 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/15 18:23:59 | 000,000,020 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\appdataFr3.bin
[2015/02/15 17:58:23 | 000,002,283 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/02/15 17:58:23 | 000,002,259 | ---- | C] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2015/02/15 17:58:23 | 000,001,417 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2015/02/15 17:58:04 | 000,002,104 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2015/02/15 17:58:04 | 000,000,290 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2015/02/15 17:58:04 | 000,000,272 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2015/01/23 23:24:11 | 000,004,760 | ---- | C] () -- C:\Windows\SysWow64\DOM_Component.ini
[2015/01/23 23:24:11 | 000,002,512 | ---- | C] () -- C:\Windows\SysWow64\DOM_ComponentOff.ini
[2015/01/23 23:24:11 | 000,002,512 | ---- | C] () -- C:\Windows\SysNative\DOM_ComponentOff.ini
[2015/01/09 16:03:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/18 14:40:50 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/02/15 19:28:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG
[2015/02/15 18:10:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2015
[2015/02/15 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
ruggie_uk
Posted 16 February 2015 - 07:44 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings commanderk and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

 

 

First we will deal with a few items and in the next post we will look with a fresh scan to see where we are :)

 

Step 1
 

OTL fix

Ensure OTL is located on your desktop. If it is not, then please download from http://oldtimer.geekstogo.com/OTL.exe and save it to your desktop.

If you are using Windows Vista/7/8 then right click it and select Run As Administrator. If you are using XP then please double click on OTL.exe to start it.

Copy the text in the following box (do not include the word Quote). To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.
 

:commands
[createrestorepoint]

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 51 A1 62 BD 49 D0 01  [binary data]
[2015/02/15 23:51:36 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieUserList
[2015/02/15 23:51:36 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieSiteList
[2015/02/15 23:51:36 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieBrowserModeList
[2015/02/15 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ssavveron
[2015/02/15 22:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\dnaiingipchpdgglmecikhcaacfdilgb
[2015/02/15 22:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Facebook Chat Platinum
[2015/02/15 17:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitSaaver
[2015/02/15 17:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaverExtenssioon
[2015/02/15 17:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewSaever
[2015/02/15 17:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FounDeaLs
[2015/01/27 00:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\deala4me
[2015/01/27 00:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\savinuShop
[2015/01/20 22:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BitSaaver

:commands
[emptytemp]

Next, right click in the box named Custom Scans/Fixes and select paste.
 
otl-run-fix.jpg

This will insert the code into OTL.

Now click Run Fix

OTL will generate a report when it has finished. Please paste the contents of this report in your next post.

 

 

Step 2

 

 jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.
 

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Step 3

 

adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

 

Items I need to see in your next post:
 

  • OTL Log
  • JRT Log
  • ADWCleaner Scan Log

 

 

 


  • 0

#3
commanderk
Posted 16 February 2015 - 03:22 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Ruggie,

 

Thanks for your help.

 

Here are the logs:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\INTERNET EXPLORER\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
C:\Users\Admin\AppData\Local\EmieUserList folder moved successfully.
C:\Users\Admin\AppData\Local\EmieSiteList folder moved successfully.
C:\Users\Admin\AppData\Local\EmieBrowserModeList folder moved successfully.
C:\PROGRAM Files (x86)\ssavveron folder moved successfully.
C:\ProgramData\dnaiingipchpdgglmecikhcaacfdilgb folder moved successfully.
C:\Program Files (x86)\Facebook Chat Platinum folder moved successfully.
C:\Program Files (x86)\BitSaaver folder moved successfully.
C:\Program Files (x86)\SaverExtenssioon folder moved successfully.
C:\Program Files (x86)\NewSaever folder moved successfully.
C:\Program Files (x86)\FounDeaLs folder moved successfully.
C:\Program Files (x86)\deala4me folder moved successfully.
C:\Program Files (x86)\savinuShop folder moved successfully.
C:\ProgramData\BitSaaver folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 13269522 bytes
->Temporary Internet Files folder emptied: 4951451 bytes
->Google Chrome cache emptied: 87655748 bytes
->Flash cache emptied: 492 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 718635449 bytes
->Temporary Internet Files folder emptied: 19267076 bytes
->FireFox cache emptied: 370747075 bytes
->Google Chrome cache emptied: 360860205 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 248646478 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes
RecycleBin emptied: 2058 bytes
 
Total Files Cleaned = 1,780.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02162015_124717
 
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(20150216122956808).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20150216122956808).log not found!
C:\Windows\temp\OWNER-PC-20150216-1229.log moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
 
JRT:
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Mon 02/16/2015 at 12:59:31.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\DigiCouponn
Successfully deleted: [Folder] C:\ProgramData\DiscountExeteenssii
Successfully deleted: [Folder] C:\ProgramData\FounDeaLs
Successfully deleted: [Folder] C:\ProgramData\NewSaever
Successfully deleted: [Folder] C:\ProgramData\SaverExtenssioon
Successfully deleted: [Folder] "C:\Program Files (x86)\developerts llc"
Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\super optimizer"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 13:05:11.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Adwcleaner:
 
 
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 13:09:43
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - OWNER-PC
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\BrowseForTheCause
Folder Found : C:\Program Files (x86)\Optimizer Pro 3.26
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\Program Files (x86)\uunaIasales
Folder Found : C:\ProgramData\221d85d9372896d7
Folder Found : C:\ProgramData\2458268139593963223
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\innpmfheilapnphohiebldnhcgjjflfk
Folder Found : C:\ProgramData\kipbleeleaafjfpacebiddpicjjnkhdm
Folder Found : C:\ProgramData\omehkpbjdpdbeenanekpopeddfgdkkmb
Folder Found : C:\Users\Owner\AppData\Local\Browser Extensions
Folder Found : C:\Users\Owner\AppData\Local\GeniusBox
Folder Found : C:\Users\Owner\AppData\Local\globalUpdate
Folder Found : C:\Users\Owner\AppData\Local\Pro_PC_Cleaner
Folder Found : C:\Users\Owner\AppData\Roaming\Developerts LLC USA
Folder Found : C:\Users\Owner\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3opqc2xh.default\Extensions\[email protected]
Folder Found : C:\Users\Owner\AppData\Roaming\Optimizer Pro
Folder Found : C:\Users\Owner\Documents\Optimizer Pro
Folder Found : C:\Users\Owner\Documents\ProPCCleaner
 
***** [ Scheduled tasks ] *****
 
Task Found : Digital Sites
Task Found : Optimizer Pro Schedule
Task Found : ProPCCleaner_Start
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66951628-3E5A-9C96-37EA-490E187974D5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0CyEtD0C0FzzzztGtCtCtCyEtG0CtAtA0FtGyE0A0EyDtGtAyDyDtDyEtDzz0E0Czzzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=2057450428&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0CyEtD0C0FzzzztGtCtCtCyEtG0CtAtA0FtGyE0A0EyDtGtAyDyDtDyEtDzz0E0Czzzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=2057450428&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0CyEtD0C0FzzzztGtCtCtCyEtG0CtAtA0FtGyE0A0EyDtGtAyDyDtDyEtDzz0E0Czzzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=2057450428&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0CyEtD0C0FzzzztGtCtCtCyEtG0CtAtA0FtGyE0A0EyDtGtAyDyDtDyEtDzz0E0Czzzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=2057450428&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk4_15_03&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1T1Q1JyEtN1L1G1B1V1N2Y1L1Qzu2StAyD0E0AtDyD0EyDtGtByBzytDtGyByE0A0BtGtDzytC0DtGtDyB0FyCzzzyzy0B0D0FyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=1143734865&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk4_15_03&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1T1Q1JyEtN1L1G1B1V1N2Y1L1Qzu2StAyD0E0AtDyD0EyDtGtByBzytDtGyByE0A0BtGtDzytC0DtGtDyB0FyCzzzyzy0B0D0FyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=1143734865&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : fpmeembnagmagppkgghhfjfdfajdfcah
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : oilkkkefbalmbfppgjmgjoefbclebkce
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : innpmfheilapnphohiebldnhcgjjflfk
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kipbleeleaafjfpacebiddpicjjnkhdm
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : omehkpbjdpdbeenanekpopeddfgdkkmb
*************************
 
AdwCleaner[R0].txt - [10836 bytes] - [16/02/2015 13:09:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10896 bytes] ##########
 
 
 
 

  • 0

#4
ruggie_uk
Posted 16 February 2015 - 04:07 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Thats great thanks :)
We will let adwcleaner finish up then take a deeper look.
How is it so far?

Step 1

adwcleaner.pngRe-run AdwCleaner

Close all open windows and browsers.
  • Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
Step 2

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.
  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below
    Drivers MD5
    shortcut.txt
    Addition.txt
    frst-addition.png
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Items I need to see in your next post:

  • Adwcleaner report
  • Frst logs
  • How is it running?

  • 0

#5
commanderk
Posted 16 February 2015 - 05:02 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Ruggie,

 

There are less popups. That's a good thing. There's still an error message when the computer starts that says "communicator.exe" isn't running or something like that.

 

Here are the logs. Again, thanks for your help.

 

 

# AdwCleaner v4.110 - Logfile created 16/02/2015 at 14:46:03
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - OWNER-PC
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\221d85d9372896d7
Folder Deleted : C:\ProgramData\2458268139593963223
Folder Deleted : C:\Program Files (x86)\BrowseForTheCause
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.26
Folder Deleted : C:\Program Files (x86)\uunaIasales
Folder Deleted : C:\Users\Owner\AppData\Local\Browser Extensions
Folder Deleted : C:\Users\Owner\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Owner\AppData\Local\GeniusBox
Folder Deleted : C:\Users\Owner\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\Owner\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Owner\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Owner\AppData\Roaming\Developerts LLC USA
Folder Deleted : C:\Users\Owner\Documents\Optimizer Pro
Folder Deleted : C:\Users\Owner\Documents\ProPCCleaner
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3opqc2xh.default\Extensions\[email protected]
Folder Deleted : C:\ProgramData\innpmfheilapnphohiebldnhcgjjflfk
Folder Deleted : C:\ProgramData\kipbleeleaafjfpacebiddpicjjnkhdm
Folder Deleted : C:\ProgramData\omehkpbjdpdbeenanekpopeddfgdkkmb
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Digital Sites
Task Deleted : Optimizer Pro Schedule
Task Deleted : ProPCCleaner_Start
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66951628-3E5A-9C96-37EA-490E187974D5}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0CyEtD0C0FzzzztGtCtCtCyEtG0CtAtA0FtGyE0A0EyDtGtAyDyDtDyEtDzz0E0Czzzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=2057450428&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0CyEtD0C0FzzzztGtCtCtCyEtG0CtAtA0FtGyE0A0EyDtGtAyDyDtDyEtDzz0E0Czzzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=2057450428&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0CyEtD0C0FzzzztGtCtCtCyEtG0CtAtA0FtGyE0A0EyDtGtAyDyDtDyEtDzz0E0Czzzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=2057450428&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0CyEtD0C0FzzzztGtCtCtCyEtG0CtAtA0FtGyE0A0EyDtGtAyDyDtDyEtDzz0E0Czzzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=2057450428&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk4_15_03&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1T1Q1JyEtN1L1G1B1V1N2Y1L1Qzu2StAyD0E0AtDyD0EyDtGtByBzytDtGyByE0A0BtGtDzytC0DtGtDyB0FyCzzzyzy0B0D0FyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=1143734865&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk4_15_03&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDyDyD0EtCtBtAyEyCyBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1T1Q1JyEtN1L1G1B1V1N2Y1L1Qzu2StAyD0E0AtDyD0EyDtGtByBzytDtGyByE0A0BtGtDzytC0DtGtDyB0FyCzzzyzy0B0D0FyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FtA0DyDtA0A0DtGtD0DzzzytGyEyDtDtCtGzz0FyDyBtGtCtD0ByCyB0E0EzztBtCyCyD2Q&cr=1143734865&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fpmeembnagmagppkgghhfjfdfajdfcah
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : oilkkkefbalmbfppgjmgjoefbclebkce
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : innpmfheilapnphohiebldnhcgjjflfk
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kipbleeleaafjfpacebiddpicjjnkhdm
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : omehkpbjdpdbeenanekpopeddfgdkkmb
 
*************************
 
AdwCleaner[R0].txt - [11044 bytes] - [16/02/2015 13:09:43]
AdwCleaner[R1].txt - [11104 bytes] - [16/02/2015 14:43:55]
AdwCleaner[S0].txt - [11142 bytes] - [16/02/2015 14:46:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11202  bytes] ##########
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Admin (administrator) on OWNER-PC on 16-02-2015 14:56:20
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Owner & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_287_ActiveX.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-12-04] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2415001886-1884734925-3288903782-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-15]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-15]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-15]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-15]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-15]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 b0551d12; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.26\OptProMon.dll",ENT
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 14:56 - 2015-02-16 14:56 - 00011501 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-16 14:55 - 2015-02-16 14:56 - 00000000 ____D () C:\FRST
2015-02-16 14:54 - 2015-02-16 14:54 - 02085888 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-02-16 13:09 - 2015-02-16 14:46 - 00000000 ____D () C:\AdwCleaner
2015-02-16 13:08 - 2015-02-16 14:54 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-02-16 13:08 - 2015-02-16 14:54 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-02-16 13:08 - 2015-02-16 14:54 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-02-16 13:07 - 2015-02-16 13:07 - 02112512 _____ () C:\Users\Admin\Desktop\AdwCleaner.exe
2015-02-16 13:05 - 2015-02-16 13:05 - 00002443 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-02-16 12:56 - 2015-02-16 12:56 - 01388274 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-02-16 12:47 - 2015-02-16 12:47 - 00000000 ____D () C:\_OTL
2015-02-16 01:21 - 2015-02-16 01:21 - 00056314 _____ () C:\Users\Admin\Downloads\Extras.Txt
2015-02-16 01:15 - 2015-02-16 01:03 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2015-02-16 01:12 - 2015-02-16 01:19 - 00081566 _____ () C:\Users\Admin\Downloads\OTL.Txt
2015-02-16 01:03 - 2015-02-16 01:03 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Downloads\OTL (1).exe
2015-02-16 00:07 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-16 00:07 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-02-16 00:07 - 2012-08-23 05:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-02-16 00:07 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-02-16 00:07 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-02-16 00:07 - 2012-08-23 01:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-16 00:06 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-16 00:06 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-16 00:06 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-16 00:06 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-16 00:02 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-16 00:02 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-16 00:02 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-16 00:02 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 23:51 - 2015-02-15 23:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2015-02-15 20:30 - 2015-02-16 14:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 20:30 - 2015-02-15 20:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-15 20:30 - 2015-02-15 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 20:30 - 2015-02-15 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-15 20:30 - 2015-02-15 20:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 20:30 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-15 20:30 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-15 20:30 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-15 20:29 - 2015-02-15 20:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-15 19:52 - 2015-02-15 19:52 - 00000000 ____D () C:\Intel
2015-02-15 19:50 - 2015-02-15 19:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-15 19:28 - 2015-02-15 19:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG
2015-02-15 19:27 - 2015-02-15 19:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg
2015-02-15 19:26 - 2015-02-15 19:29 - 00000000 ____D () C:\ProgramData\AVG
2015-02-15 19:24 - 2015-02-15 19:25 - 113399608 _____ (AVG Technologies) C:\Users\Admin\Downloads\avg_tuh_stf_all_2015_393_24c4.exe
2015-02-15 18:26 - 2015-02-15 18:26 - 00920460 _____ () C:\Users\Admin\Downloads\installer_adobe_flash_player_English.exe
2015-02-15 18:23 - 2015-02-16 00:31 - 00000020 _____ () C:\Users\Admin\AppData\Roaming\appdataFr3.bin
2015-02-15 18:23 - 2015-02-15 18:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2015-02-15 18:23 - 2015-02-03 19:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-15 18:23 - 2015-02-03 19:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-15 18:23 - 2015-02-03 19:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-15 18:23 - 2015-02-03 19:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-15 18:23 - 2015-02-03 19:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-15 18:23 - 2015-02-03 19:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-15 18:23 - 2015-02-03 19:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-15 18:23 - 2015-01-27 15:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-15 18:22 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-15 18:22 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-15 18:22 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 18:22 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-15 18:22 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-15 18:22 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-15 18:22 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-15 18:22 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-15 18:22 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-15 18:22 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-15 18:22 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-15 18:22 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-15 18:22 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-15 18:22 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-15 18:22 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-15 18:22 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-15 18:22 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-15 18:22 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-15 18:22 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-15 18:22 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-15 18:22 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-15 18:22 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-15 18:22 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-15 18:22 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-15 18:22 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-15 18:22 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-15 18:22 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-15 18:22 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-15 18:22 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-15 18:22 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-15 18:22 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-15 18:22 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-15 18:22 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-15 18:22 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-15 18:22 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-15 18:22 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-15 18:22 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-15 18:22 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-15 18:22 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-15 18:22 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-15 18:22 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-15 18:22 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-15 18:22 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-15 18:22 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-15 18:22 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-15 18:22 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-15 18:22 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-15 18:22 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-15 18:21 - 2015-02-15 20:02 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-02-15 18:21 - 2015-02-15 20:01 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-02-15 18:21 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-15 18:21 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-15 18:21 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-15 18:21 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-15 18:21 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-15 18:21 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-15 18:21 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-15 18:21 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-15 18:21 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-15 18:21 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-15 18:21 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-15 18:21 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-15 18:21 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-15 18:21 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-15 18:21 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-15 18:21 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-15 18:21 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-15 18:21 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-15 18:21 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-15 18:21 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-15 18:20 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-15 18:20 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-15 18:20 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-15 18:20 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-15 18:20 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-15 18:20 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-15 18:20 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-15 18:20 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-15 18:20 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-15 18:20 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-15 18:20 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-15 18:20 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-15 18:20 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-15 18:20 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-15 18:20 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-15 18:20 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-15 18:20 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-15 18:20 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-15 18:19 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-15 18:19 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-15 18:19 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-15 18:19 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-15 18:19 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-15 18:19 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-15 18:18 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-15 18:18 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-15 18:18 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-15 18:18 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-15 18:17 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-15 18:17 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-15 18:17 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-15 18:17 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-15 18:17 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-15 18:17 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-15 18:17 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-15 18:16 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-15 18:10 - 2015-02-15 18:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG2015
2015-02-15 18:09 - 2015-02-15 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2015-02-15 18:09 - 2015-02-15 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-15 18:07 - 2015-02-15 18:10 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-15 18:07 - 2015-02-15 18:07 - 00000000 ___HD () C:\$AVG
2015-02-15 18:06 - 2015-02-15 19:28 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-15 18:01 - 2015-02-16 14:42 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-15 18:01 - 2015-02-15 18:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg2015
2015-02-15 18:01 - 2015-02-15 18:01 - 04578024 _____ (AVG Technologies) C:\Users\Admin\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2015-02-15 18:01 - 2015-02-15 18:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\MFAData
2015-02-15 17:58 - 2015-02-15 18:00 - 00002259 _____ () C:\Users\Admin\Desktop\Google Chrome.lnk
2015-02-15 17:58 - 2015-02-15 17:58 - 00111536 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-15 17:58 - 2015-02-15 17:58 - 00001417 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 17:58 - 2015-02-15 17:58 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2015-02-15 17:58 - 2015-02-15 17:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-15 17:58 - 2015-02-15 17:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Intel Corporation
2015-02-15 17:58 - 2015-02-15 17:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-02-15 17:58 - 2015-02-15 17:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2015-02-15 17:58 - 2015-02-15 17:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-02-15 17:58 - 2015-02-15 17:58 - 00000000 ____D () C:\Users\Admin
2015-02-15 17:58 - 2015-01-04 20:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2015-02-15 17:58 - 2013-06-18 16:06 - 00002104 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-02-15 17:58 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-15 17:58 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-15 17:24 - 2015-02-15 17:24 - 00003102 _____ () C:\Windows\System32\Tasks\{22C88518-E941-464D-B476-6D0931C40A5D}
2015-01-23 23:35 - 2015-01-23 23:51 - 00000000 __SHD () C:\vseqrntn.bin
2015-01-23 23:24 - 2015-02-15 17:20 - 00004760 _____ () C:\Windows\SysWOW64\DOM_Component.ini
2015-01-23 23:24 - 2015-02-15 17:20 - 00002512 _____ () C:\Windows\SysWOW64\DOM_ComponentOff.ini
2015-01-23 23:24 - 2015-02-15 17:20 - 00002512 _____ () C:\Windows\system32\DOM_ComponentOff.ini
2015-01-23 23:24 - 2014-09-08 21:05 - 00350784 _____ (DOM LLC) C:\Windows\system32\DOM_Component64.dll
2015-01-23 23:23 - 2015-02-15 17:15 - 00000000 ____D () C:\Program Files (x86)\Cloud File Backup
2015-01-23 23:23 - 2014-09-08 21:05 - 00304768 _____ (DOM LLC) C:\Windows\SysWOW64\DOM_Component.dll
2015-01-23 23:22 - 2015-01-23 23:22 - 01802848 _____ (Double Opt Media Partners LLC) C:\Users\Owner\Downloads\update_installer.exe
2015-01-22 23:45 - 2015-01-22 23:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2015-01-22 18:33 - 2015-01-22 18:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2015-01-22 18:33 - 2015-01-22 18:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2015-01-22 18:32 - 2015-01-22 18:32 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-22 18:31 - 2015-01-22 18:31 - 00243416 _____ () C:\Users\Owner\Downloads\Firefox Setup Stub 35.0.exe
2015-01-21 22:21 - 2015-01-21 22:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 14:56 - 2013-08-02 18:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 14:51 - 2013-06-17 13:11 - 01359003 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 14:47 - 2014-03-31 17:25 - 00007844 _____ () C:\Windows\setupact.log
2015-02-16 14:47 - 2013-08-02 18:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 14:47 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 14:46 - 2009-07-13 20:45 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 14:46 - 2009-07-13 20:45 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 00:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2015-02-16 00:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-16 00:17 - 2015-01-04 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-16 00:13 - 2014-04-18 14:40 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-16 00:13 - 2009-07-13 21:13 - 00775084 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 23:59 - 2013-07-11 21:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-15 23:53 - 2013-06-17 16:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-15 23:30 - 2010-11-20 19:47 - 00500972 _____ () C:\Windows\PFRO.log
2015-02-15 22:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 21:25 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2015-02-15 20:17 - 2009-07-13 20:45 - 00434432 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 20:14 - 2015-01-02 22:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-15 20:14 - 2014-06-20 06:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-15 20:09 - 2015-01-03 21:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 20:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-15 19:36 - 2015-01-01 01:40 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-02-15 19:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-02-15 17:46 - 2013-06-17 15:19 - 00111536 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-15 17:32 - 2015-01-03 23:19 - 00000000 ____D () C:\Users\Owner\Documents\PCSX2
2015-02-15 17:28 - 2015-01-03 22:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-15 17:09 - 2013-06-17 14:52 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{12DD861C-6F94-4FD9-9E7C-7B169E4DE5C8}
2015-01-29 23:54 - 2015-01-07 23:53 - 00000161 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2015-01-29 21:25 - 2009-07-13 18:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-28 21:10 - 2013-06-17 13:16 - 00000000 ____D () C:\Users\Owner
2015-01-28 21:08 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-28 21:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-01-25 13:49 - 2014-12-28 17:48 - 00000000 ____D () C:\Users\Owner\Documents\Rainbow(Grandie Stuff
2015-01-23 23:33 - 2013-06-17 13:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2015-01-22 23:44 - 2013-06-18 16:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 23:44 - 2013-06-18 16:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 23:44 - 2013-06-18 16:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
 
==================== Files in the root of some directories =======
 
2013-06-18 15:33 - 2014-01-06 02:39 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-02-15 18:23 - 2015-02-16 00:31 - 0000020 _____ () C:\Users\Admin\AppData\Roaming\appdataFr3.bin
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-15 22:24
 
==================== End Of Log ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Admin at 2015-02-16 14:57:07
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4284 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.11 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-01-2015 23:59:47 Windows Update
27-01-2015 22:11:01 Restore Operation
15-02-2015 18:04:12 Installed AVG 2015
15-02-2015 18:06:18 Installed AVG 2015
15-02-2015 19:27:18 Installed AVG PC TuneUp 2015
15-02-2015 19:58:33 Removed AVG PC TuneUp 2015
15-02-2015 20:00:08 Removed AVG PC TuneUp 2015 (en-US)
15-02-2015 20:03:56 Windows Update
15-02-2015 23:53:05 Windows Update
16-02-2015 00:02:05 Windows Update
16-02-2015 00:07:15 Windows Update
16-02-2015 12:47:33 OTL Restore Point - 2/16/2015 12:47:29 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {20D2049A-7EC2-49E4-8928-5CA52B80E291} - System32\Tasks\{22C88518-E941-464D-B476-6D0931C40A5D} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {2B2354A2-FB93-4470-B8A3-E894A644AD07} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {3D4DE793-29C4-4142-B5BC-812CC95A0531} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {3FAA3165-0E05-4A64-8FD8-A568A3CD442B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {87F3EFDA-9E37-4918-8262-6E041E82AAFC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-12-24] (Microsoft Corporation)
Task: {B5877730-D204-451C-B25A-88086AB6C0BA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-24 20:43 - 2014-12-24 20:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-30 03:33 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-06-17 15:16 - 2009-10-02 12:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-24 19:32 - 2014-12-05 17:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-24 19:32 - 2014-12-05 17:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-24 19:32 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-24 19:32 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2415001886-1884734925-3288903782-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-2415001886-1884734925-3288903782-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2415001886-1884734925-3288903782-500 - Administrator - Disabled)
Guest (S-1-5-21-2415001886-1884734925-3288903782-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2415001886-1884734925-3288903782-1002 - Limited - Enabled)
Owner (S-1-5-21-2415001886-1884734925-3288903782-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/16/2015 02:49:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2015 02:47:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "ocimport,processorArchitecture="x86",type="win32",version="1.0.0.0"1".
Dependent Assembly ocimport,processorArchitecture="x86",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/16/2015 02:41:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2015 02:39:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "ocimport,processorArchitecture="x86",type="win32",version="1.0.0.0"1".
Dependent Assembly ocimport,processorArchitecture="x86",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/16/2015 01:26:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "ocimport,processorArchitecture="x86",type="win32",version="1.0.0.0"1".
Dependent Assembly ocimport,processorArchitecture="x86",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/16/2015 01:26:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/16/2015 02:48:42 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (02/16/2015 02:48:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 42%
Total physical RAM: 3894.84 MB
Available physical RAM: 2257.55 MB
Total Pagefile: 7787.88 MB
Available Pagefile: 5824.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:411.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 31AC024B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 

  • 0

#6
ruggie_uk
Posted 17 February 2015 - 03:43 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

It's looking pretty good so far, but this should clear it all up :)
 
Step 1
 
FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   1.59KB   154 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2
 
Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here (or re-run it if you already have it installed)

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • If threats are detected, click the Apply Actions button.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
     

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.
 
Step 3
 
Anti-Virus Scan
Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>

  • Click Run Eset Online Scanner

Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Items I need to see in your next post:
 

  • FRST Fixlog
  • Malwarebytes Report
  • ESET log

 

 


  • 0

#7
commanderk
Posted 17 February 2015 - 04:36 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Ruggie,

 

Here are the reports.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Admin at 2015-02-17 12:23:54 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin &  (Available profiles: Owner & Admin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
createrestorepoint:
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 b0551d12; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.26\OptProMon.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.26\
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
Task: {20D2049A-7EC2-49E4-8928-5CA52B80E291} - System32\Tasks\{22C88518-E941-464D-B476-6D0931C40A5D} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
C:\PROGRA~2\SearchProtect
emptytemp:
end
*****************
 
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
b0551d12 => Service deleted successfully.
"c:\Program Files (x86)\Optimizer Pro 3.26" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Communicator => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20D2049A-7EC2-49E4-8928-5CA52B80E291}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20D2049A-7EC2-49E4-8928-5CA52B80E291}" => Key deleted successfully.
C:\Windows\System32\Tasks\{22C88518-E941-464D-B476-6D0931C40A5D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{22C88518-E941-464D-B476-6D0931C40A5D}" => Key deleted successfully.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
EmptyTemp: => Removed 34.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:24:57 ====
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/17/2015
Scan Time: 12:39:02 PM
Logfile: 021715.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.17.10
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372544
Time Elapsed: 22 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
 
 
 
 
 
 
The last file doesn't show much. It found 11 things it wanted to fix I think. The system is running much better now. Thanks for your help.
 
 
 
 
 

  • 0

#8
ruggie_uk
Posted 17 February 2015 - 05:24 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
That's great, if there are no further problems then lets clean up. :)

Good news, it looks like your system is clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix-select.png
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 8
To turn on Automatic Updates yourself, follow these steps:
  • Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the bottom-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, then tapping or clicking Update and recovery.
  • Tap or click Choose how updates are installed.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.
It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.
JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:For Firefox, install the NoScript add-on.<li>For Chrome, install the ScriptNo add-on.
<span style='color: #FF0000'><strong class='bbc'>-->IMPORTANT
  • 0

#9
commanderk
Posted 17 February 2015 - 08:24 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Thanks again Ruggie,

 

As I said before, this is my daughter's friend's computer. Can you recommend a free virus software? I don't know if she has money to pay for one.

 

 

Log:

 

# DelFix v10.8 - Logfile created 17/02/2015 at 18:19:37
# Updated 29/07/2014 by Xplode
# Username : Admin - OWNER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Admin\Desktop\AdwCleaner.exe
Deleted : C:\Users\Admin\Desktop\Fixlog.txt
Deleted : C:\Users\Admin\Desktop\FRST64.exe
Deleted : C:\Users\Admin\Desktop\JRT.exe
Deleted : C:\Users\Admin\Desktop\OTL.exe
Deleted : C:\Users\Admin\Downloads\Extras.Txt
Deleted : C:\Users\Admin\Downloads\FRST64.exe
Deleted : C:\Users\Admin\Downloads\OTL.Txt
Deleted : C:\Users\Admin\Downloads\OTL (1).exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #101 [Restore Operation | 01/28/2015 06:11:01]
Deleted : RP #102 [Installed AVG 2015 | 02/16/2015 02:04:12]
Deleted : RP #103 [Installed AVG 2015 | 02/16/2015 02:06:18]
Deleted : RP #104 [Installed AVG PC TuneUp 2015 | 02/16/2015 03:27:18]
Deleted : RP #105 [Removed AVG PC TuneUp 2015 | 02/16/2015 03:58:33]
Deleted : RP #106 [Removed AVG PC TuneUp 2015 (en-US) | 02/16/2015 04:00:08]
Deleted : RP #107 [Windows Update | 02/16/2015 04:03:56]
Deleted : RP #108 [Windows Update | 02/16/2015 07:53:05]
Deleted : RP #109 [Windows Update | 02/16/2015 08:02:05]
Deleted : RP #110 [Windows Update | 02/16/2015 08:07:15]
Deleted : RP #111 [OTL Restore Point - 2/16/2015 12:47:29 PM | 02/16/2015 20:47:33]
Deleted : RP #113 [Restore Point Created by FRST | 02/17/2015 20:23:59]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#10
ruggie_uk
Posted 18 February 2015 - 02:07 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi.

 

I like Avast as a good free AV software - it requires registration using an email address but that's all.

https://www.avast.com/en-gb/index

 

Microsoft essentials is ok as basic protection

http://windows.micro...ntials-download


  • 0

#11
ruggie_uk
Posted 27 February 2015 - 06:55 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Saveron, Optimizer Pro v3.2

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP