Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

1-888-402-9127 removal ads [Solved]


  • This topic is locked This topic is locked

#1
rmp0012002

rmp0012002

    Member

  • Member
  • PipPip
  • 64 posts

I have not gotten a specific program but a security pop-up asking to call a number to have malware removed and my information has been compromised. Searches like google adds a bunch of ads plus whatever it is will open new ads in seperate windows. Only contact is the number 1-888-402-9127. Your assistance would be appreciated.

 
 

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

 

  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you.  This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly"  This will send an email to you as soon as I reply to your topic,  allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry.  All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to.  Some of these tools can be very dangerous if used improperly.  Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process.  It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean.  Just because there is a lack of symptoms does not indicate a clean machine.  I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine.  Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask.  There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed!  Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY!  Do not use these fixes on any other machine, each fix is tailor made for your system only.  Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs.  I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

 

 


  • 0

#3
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Thank you pystriker. Ater a system restore it seems to be gone but my Mcafee is picking up Artemis and I'm only on this site and the FarBar site. I have posted the first log below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by PolingJr (administrator) on POLINGJR-PC on 20-02-2015 19:16:21
Running from C:\Users\PolingJr\Desktop
Loaded Profiles: PolingJr (Available profiles: PolingJr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [McAfeeWrapperApplication] => C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe [453344 2011-05-11] (McAfee, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [495746 2011-02-14] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [ospd_us_751] => "C:\Program Files (x86)\ospd_us_751\ospd_us_751.exe"
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-09] (Dell)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.33\OptProLauncher.exe
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1647807983-224733842-2809336357-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1647807983-224733842-2809336357-1000] => http=127.0.0.1:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 - (No Name) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No File
URLSearchHook: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {449A4DAD-7A59-40D8-B83F-833637B6300C} URL =
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 -> DefaultScope {EC913308-64E4-4E7B-A97C-2233DD89446D} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 -> {449A4DAD-7A59-40D8-B83F-833637B6300C} URL = http://search.condui...3741108614&UM=2
SearchScopes: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....erms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 -> {EC913308-64E4-4E7B-A97C-2233DD89446D} URL = https://search.yahoo...p={searchTerms}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {7F6AFBF1-E065-4627-A2FD-810366367D01} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: GreatArcadeHits Add-on -> {D0C21091-FF8E-432C-9006-0540E81BA9D7} -> C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5BEBE49A-7AB0-442A-B18A-F649FA41E974}: [NameServer] 167.206.7.4,167.206.112.138

FireFox:
========
FF ProfilePath: C:\Users\PolingJr\AppData\Roaming\Mozilla\Firefox\Profiles\q6p49eqs.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN34140492531939127&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Secure Search
FF Homepage: hxxp://www.yahoo.com/
FF Keyword.URL:
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\PolingJr\AppData\Roaming\Mozilla\Firefox\Profiles\q6p49eqs.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: LavaFox V2 - C:\Users\PolingJr\AppData\Roaming\Mozilla\Firefox\Profiles\q6p49eqs.default\Extensions\[email protected] [2015-01-11]
FF Extension: LavaFox V2-Green - C:\Users\PolingJr\AppData\Roaming\Mozilla\Firefox\Profiles\q6p49eqs.default\Extensions\[email protected] [2015-01-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-31]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-12-28]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-10]
FF HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi
FF Extension: GreatArcadeHits Add-on - C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi [2014-07-04]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\PolingJr\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-06]
CHR Extension: (Google Drive) - C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-06]
CHR Extension: (YouTube) - C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-06]
CHR Extension: (Google Search) - C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-06]
CHR Extension: (Connect DLC 2) - C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffekppndigniegkobcngkdmaadbhhonj [2013-12-06]
CHR Extension: (SiteAdvisor) - C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-04-06]
CHR Extension: (Google Wallet) - C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22]
CHR Extension: (Gmail) - C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-13]
CHR HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files (x86)\FirstRowSportApp.com\stv12.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-13]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 d924d8dc; c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll [1597008 2015-01-23] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-02-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 19:16 - 2015-02-20 19:17 - 00025232 _____ () C:\Users\PolingJr\Desktop\FRST.txt
2015-02-20 19:15 - 2015-02-20 19:16 - 00000000 ____D () C:\FRST
2015-02-20 19:12 - 2015-02-20 19:12 - 02086912 _____ (Farbar) C:\Users\PolingJr\Desktop\FRST64.exe
2015-02-20 16:43 - 2015-02-20 16:43 - 00062792 _____ () C:\Users\PolingJr\Downloads\Extras.Txt
2015-02-20 16:30 - 2015-02-20 16:30 - 00306506 _____ () C:\Users\PolingJr\Downloads\OTL.Txt
2015-02-20 15:26 - 2015-02-20 15:26 - 00602112 _____ (OldTimer Tools) C:\Users\PolingJr\Downloads\OTL.exe
2015-02-20 13:44 - 2015-02-20 19:03 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 13:43 - 2015-02-20 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-20 13:43 - 2015-02-20 13:43 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-20 13:42 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 13:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-20 13:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-16 12:44 - 2015-02-20 19:46 - 00000000 ____D () C:\ProgramData\5551195122105854317
2015-02-16 12:44 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\FlexibleShoopper
2015-02-16 12:44 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\CCoOllSSaaleCouePon
2015-02-16 12:13 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-16 12:13 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-16 12:13 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-16 12:13 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-16 11:45 - 2015-02-20 19:01 - 00000280 _____ () C:\windows\setupact.log
2015-02-16 11:45 - 2015-02-16 11:45 - 00000000 _____ () C:\windows\setuperr.log
2015-02-16 11:42 - 2015-02-20 14:01 - 00004772 _____ () C:\windows\PFRO.log
2015-02-13 13:04 - 2015-02-20 19:46 - 00000000 ____D () C:\ProgramData\WildWestCoupon
2015-02-13 12:58 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-13 12:58 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-13 12:58 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-13 12:58 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-13 12:58 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-13 12:58 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-13 12:58 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-13 12:58 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-13 12:58 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-13 12:58 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-13 12:58 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-13 12:58 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-13 12:58 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-13 12:58 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-13 12:58 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-13 12:58 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-13 12:58 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-13 12:58 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-13 12:58 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-13 12:58 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-13 12:58 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-13 12:58 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-13 12:58 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-13 12:58 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-13 12:58 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-13 12:58 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-13 12:58 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-13 12:58 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-13 12:58 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-13 12:58 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-13 12:57 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-13 12:57 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-13 12:57 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-13 12:57 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-13 12:57 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-13 12:57 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-13 12:57 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-13 12:57 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-13 12:57 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-13 12:57 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-13 12:57 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-13 12:57 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-13 12:57 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-13 12:57 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-13 12:57 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-13 12:57 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-13 12:57 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-13 12:57 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-13 12:57 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-13 12:57 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-13 12:57 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-13 12:57 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-13 12:57 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-13 12:57 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-13 12:57 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-13 12:57 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-13 12:57 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-13 12:57 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-13 12:57 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-13 12:57 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-13 12:57 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-13 12:57 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-13 12:57 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-13 12:57 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-13 12:57 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-13 12:57 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-13 12:57 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-13 12:57 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-13 12:57 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-13 12:57 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-13 12:57 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-13 12:57 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-13 12:57 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-13 12:57 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-13 12:57 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-13 12:57 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-13 12:57 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-13 12:57 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-13 12:57 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-13 12:57 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-13 12:57 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-13 12:57 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-13 12:57 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-13 12:57 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-13 12:57 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-13 12:57 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-13 12:57 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-13 12:57 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-13 12:57 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-13 12:57 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-13 12:56 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-13 12:56 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-13 12:56 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-13 12:56 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-13 12:56 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-13 12:56 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-13 12:56 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-13 12:56 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-13 12:56 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-13 12:56 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-13 12:56 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-13 12:56 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-13 12:56 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-13 12:56 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-13 12:56 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-13 12:56 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-13 12:56 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-13 12:56 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-13 12:53 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-13 12:53 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-13 12:53 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-13 12:53 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-13 12:53 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-13 12:53 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-13 12:53 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-06 14:53 - 2015-02-13 12:25 - 00003190 _____ () C:\windows\System32\Tasks\SmileFiles Installer Starter
2015-01-31 10:53 - 2015-01-31 10:53 - 00000000 ____D () C:\Users\PolingJr\Downloads\Sexy Patty Cake - Tongue Tickled
2015-01-31 10:20 - 2015-01-31 10:27 - 00000000 ____D () C:\Users\PolingJr\Downloads\Sexy Pattycake Adult Swim
2015-01-31 08:39 - 2015-01-31 08:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 14:21 - 2015-02-20 19:46 - 00000000 ____D () C:\Users\PolingJr\AppData\Local\ospd_us_751
2015-01-23 14:21 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\ospd_us_751
2015-01-23 14:21 - 2015-02-06 13:59 - 00000000 ____D () C:\ProgramData\{c11a4123-b9a1-c215-c11a-a4123b9a048e}
2015-01-23 14:21 - 2015-01-23 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-01-23 14:21 - 2015-01-23 14:21 - 00000000 ____D () C:\Program Files (x86)\ver0SpeeditUp
2015-01-23 14:21 - 2015-01-23 14:21 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.33
2015-01-23 14:20 - 2015-01-23 14:20 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\SmileFiles
2015-01-23 14:20 - 2015-01-23 14:20 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-01-23 14:19 - 2015-01-23 14:20 - 03882712 _____ (http://smile-files.com) C:\Users\PolingJr\Downloads\kickasstorrent_downloader.exe
2015-01-23 14:18 - 2015-02-06 18:41 - 00000000 ____D () C:\ProgramData\{32806c7f-2aa3-e7d1-3280-06c7f2aab1fc}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 19:47 - 2014-05-11 19:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-20 19:46 - 2014-12-21 12:39 - 00000000 ____D () C:\Users\PolingJr\Downloads\Cosmid.14.07.04.Samantha.Jay.Samanthas.4th.Of.July.Dance.XXX.720p.MP4-YAPG[rarbg]
2015-02-20 19:46 - 2014-12-21 12:30 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\uTorrent
2015-02-20 19:46 - 2014-12-19 11:45 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-20 19:46 - 2011-06-27 05:22 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-20 19:46 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-20 19:46 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-02-20 19:45 - 2011-11-05 17:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-20 19:17 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 19:17 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 19:09 - 2011-06-27 02:30 - 01487200 _____ () C:\windows\WindowsUpdate.log
2015-02-20 19:08 - 2013-01-10 22:00 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2015-02-20 19:08 - 2013-01-10 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-20 19:06 - 2012-12-28 18:47 - 00000000 __RSD () C:\Users\PolingJr\Documents\McAfee Vaults
2015-02-20 19:03 - 2012-04-04 07:48 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-20 19:02 - 2011-09-07 11:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-02-20 19:02 - 2011-09-07 11:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-02-20 19:02 - 2011-09-07 11:33 - 00000000 ____D () C:\Users\PolingJr
2015-02-20 19:02 - 2011-06-27 03:13 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-02-20 19:02 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-20 18:24 - 2013-12-06 12:47 - 00000284 _____ () C:\windows\Tasks\GreatArcadeHits.job
2015-02-20 16:18 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-20 14:00 - 2013-12-06 12:47 - 00000000 ____D () C:\Users\PolingJr\AppData\Local\GreatArcadeHits
2015-02-20 13:43 - 2011-11-05 17:53 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\Malwarebytes
2015-02-16 11:45 - 2009-07-13 23:45 - 00320488 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-13 13:07 - 2013-07-20 11:56 - 00000000 ____D () C:\windows\system32\MRT
2015-02-13 12:59 - 2011-09-10 10:49 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-13 12:30 - 2011-09-07 13:06 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-06 15:03 - 2012-04-04 07:48 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 15:03 - 2012-04-04 07:48 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 15:03 - 2011-09-16 12:53 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 13:50 - 2012-05-04 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 17:05

==================== End Of Log ============================


  • 0

#4
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by PolingJr at 2015-02-20 19:17:33
Running from C:\Users\PolingJr\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AVG 2012 (Version: 12.0.1796 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1808 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1809 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1831 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1834 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1869 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1872 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1873 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1890 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1901 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1913 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2178 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2180 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2193 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2195 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.2890 - AVG Technologies)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CCoOllSSaaleCouePon (HKLM-x32\...\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}) (Version:  - CoolSaleCoupon) <==== ATTENTION
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.41 - Creative Technology Ltd)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlexibleShoopper (HKLM-x32\...\{A30F3754-C0DC-8242-F3A9-52B360AE9798}) (Version:  - FlexibleShopper) <==== ATTENTION
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
GreatArcadeHits (HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6330.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.191 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Registry Repair 5.0.1.27 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.27 - Glarysoft Ltd)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
WildWestCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - WildWestCoupon) <==== ATTENTION
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-01-2015 13:04:48 Windows Update
16-01-2015 14:17:56 Windows Update
16-01-2015 14:22:11 McAfee Vulnerability Scanner
16-01-2015 14:24:55 Windows Update
23-01-2015 12:43:51 Windows Update
31-01-2015 08:20:31 Windows Update
06-02-2015 14:01:22 Windows Update
13-02-2015 12:42:19 McAfee Vulnerability Scanner
13-02-2015 12:48:24 Windows Update
13-02-2015 12:58:53 Windows Update
16-02-2015 11:50:35 Windows Update
20-02-2015 13:38:50 Windows Update
20-02-2015 18:46:56 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {089B2DDD-695D-42B1-B77E-B870977735BE} - System32\Tasks\SmileFiles Installer Starter => C:\Users\PolingJr\AppData\Local\Temp\SmileFilest0r28rcifZ.exe <==== ATTENTION
Task: {3002EDF7-5F5D-4CD6-96F4-95644353DAD2} - System32\Tasks\GreatArcadeHits => C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: {5777893F-A072-497D-ACF9-BDF077C8A452} - \LuckyTab No Task File <==== ATTENTION
Task: {CCEE5680-4A48-44E1-BBC2-DD70546559F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {FF7C043B-02D1-4E4B-8D4E-02155FCEE01C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GreatArcadeHits.job => C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2013-07-06 13:34 - 2013-03-25 09:57 - 00727952 _____ () C:\windows\SysWOW64\WSCM64.dll
2011-06-27 03:13 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-06-27 05:08 - 2011-03-25 20:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2015-01-23 14:21 - 2015-01-23 14:21 - 01597008 _____ () c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2015-01-31 08:39 - 2015-01-31 08:39 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-18 10:42 - 2014-10-18 10:42 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-06-27 02:41 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-02-06 15:03 - 2015-02-06 15:03 - 16852144 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
2015-01-31 10:03 - 2015-01-31 10:03 - 16844976 ____N () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2014-11-18 13:03 - 2014-11-18 13:03 - 16840880 ____N () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
2014-08-30 11:22 - 2014-08-30 11:22 - 17048240 ____N () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
2014-05-04 13:03 - 2014-05-04 13:03 - 16351920 ____N () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
2013-09-11 17:03 - 2013-09-11 17:03 - 16177544 ____N () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
2013-04-11 15:53 - 2013-04-11 15:53 - 16032648 ____N () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PolingJr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1647807983-224733842-2809336357-500 - Administrator - Disabled)
Guest (S-1-5-21-1647807983-224733842-2809336357-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1647807983-224733842-2809336357-1002 - Limited - Enabled)
PolingJr (S-1-5-21-1647807983-224733842-2809336357-1000 - Administrator - Enabled) => C:\Users\PolingJr

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2015 07:05:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {12f97c60-2773-44c9-a057-7637f7611510}

Error: (02/20/2015 07:03:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 06:32:51 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (02/20/2015 06:32:48 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (02/20/2015 06:32:46 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (02/20/2015 06:32:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (02/20/2015 06:32:28 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (02/20/2015 06:32:08 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (02/20/2015 06:26:15 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (02/20/2015 06:25:45 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.


System errors:
=============
Error: (02/20/2015 07:13:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 20 time(s).

Error: (02/20/2015 07:13:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183

Error: (02/20/2015 07:13:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 19 time(s).

Error: (02/20/2015 07:13:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183

Error: (02/20/2015 07:13:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 18 time(s).

Error: (02/20/2015 07:13:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183

Error: (02/20/2015 07:13:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 17 time(s).

Error: (02/20/2015 07:13:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183

Error: (02/20/2015 07:13:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 16 time(s).

Error: (02/20/2015 07:13:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183


Microsoft Office Sessions:
=========================
Error: (02/20/2015 07:05:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {12f97c60-2773-44c9-a057-7637f7611510}

Error: (02/20/2015 07:03:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 06:32:51 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Failed to add Gather Application: Windows

Error: (02/20/2015 06:32:48 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Failed to add Gather Application: Windows

Error: (02/20/2015 06:32:46 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Failed to add Gather Application: Windows

Error: (02/20/2015 06:32:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Failed to add Gather Application: Windows

Error: (02/20/2015 06:32:28 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Failed to add Gather Application: Windows

Error: (02/20/2015 06:32:08 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Failed to add Gather Application: Windows

Error: (02/20/2015 06:26:15 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Failed to add Gather Application: Windows

Error: (02/20/2015 06:25:45 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Failed to add Gather Application: Windows


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 55%
Total physical RAM: 3894.68 MB
Available physical RAM: 1731.41 MB
Total Pagefile: 7787.55 MB
Available Pagefile: 5056.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:399.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A40590C)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you pystriker. Ater a system restore it seems to be gone but my Mcafee is picking up Artemis and I'm only on this site and the FarBar site. I have posted the first log below.


You're quite welcome, and acknowledged. :)

Let's get started clearing away the rubbish. :thumbsup:

Please disable your antivirus for the duration of my instructions.  Don't forget to re-enable them after you have completed the steps.


Step 1:  Warnings and Program Uninstalls


There were signs of multiple programs that are either currently or have been previously installed on your computer that contain registry cleaners.

A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, and the most hideous and uncleanable of them all, Cryptowall file encrypting ransomware.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related:
  • CCoOllSSaaleCouePon or CoolSaleCoupon
  • FlexibleShoopper or FlexibleShopper
  • GreatArcadeHits
  • Optimizer Pro v3.2
  • WildWestCoupon
Step 2:  Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.33\OptProLauncher.exe
ProxyEnable: [S-1-5-21-1647807983-224733842-2809336357-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1647807983-224733842-2809336357-1000] => http=127.0.0.1:8080
URLSearchHook: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 - (No Name) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No File
SearchScopes: HKLM-x32 -> DefaultScope {449A4DAD-7A59-40D8-B83F-833637B6300C} URL =
SearchScopes: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 -> {449A4DAD-7A59-40D8-B83F-833637B6300C} URL = http://search.condui...3741108614&UM=2
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {7F6AFBF1-E065-4627-A2FD-810366367D01} ->  No File
BHO-x32: GreatArcadeHits Add-on -> {D0C21091-FF8E-432C-9006-0540E81BA9D7} -> C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN34140492531939127&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Secure Search
FF HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi
FF Extension: GreatArcadeHits Add-on - C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi [2014-07-04]
CHR HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files (x86)\FirstRowSportApp.com\stv12.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [Not Found]
R2 d924d8dc; c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll [1597008 2015-01-23] ()
2015-02-16 12:44 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\FlexibleShoopper
2015-02-16 12:44 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\CCoOllSSaaleCouePon
2015-02-13 13:04 - 2015-02-20 19:46 - 00000000 ____D () C:\ProgramData\WildWestCoupon
2015-01-23 14:21 - 2015-01-23 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-01-23 14:19 - 2015-01-23 14:20 - 03882712 _____ (http://smile-files.com) C:\Users\PolingJr\Downloads\kickasstorrent_downloader.exe
2015-01-23 14:21 - 2015-01-23 14:21 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.33
2015-01-23 14:20 - 2015-01-23 14:20 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\SmileFiles
2015-01-23 14:20 - 2015-01-23 14:20 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-02-20 14:00 - 2013-12-06 12:47 - 00000000 ____D () C:\Users\PolingJr\AppData\Local\GreatArcadeHits
2015-02-20 18:24 - 2013-12-06 12:47 - 00000284 _____ () C:\windows\Tasks\GreatArcadeHits.job
Task: {089B2DDD-695D-42B1-B77E-B870977735BE} - System32\Tasks\SmileFiles Installer Starter => C:\Users\PolingJr\AppData\Local\Temp\SmileFilest0r28rcifZ.exe <==== ATTENTION
Task: {3002EDF7-5F5D-4CD6-96F4-95644353DAD2} - System32\Tasks\GreatArcadeHits => C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: {5777893F-A072-497D-ACF9-BDF077C8A452} - \LuckyTab No Task File <==== ATTENTION
C:\Users\PolingJr\AppData\Local\GreatArcadeHits
Task: C:\windows\Tasks\GreatArcadeHits.job => C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3:  Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4:  AdwCleaner

Download ADWcleaner by clicking herePlease save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.  
  • Let the scan complete itself.  This may take a few minutes.
  • Once the scan has finished,  it will say  "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button.  When finished, it will ask to reboot.  Please reboot.
  • When the machine has rebooted, a log will be produced.  Please copy/paste that in your next reply.  Here's how:
  • Click the Report button and the log will open.  Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#6
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by PolingJr at 2015-02-21 00:46:51 Run:1
Running from C:\Users\PolingJr\Desktop
Loaded Profiles: PolingJr (Available profiles: PolingJr)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.33\OptProLauncher.exe
ProxyEnable: [S-1-5-21-1647807983-224733842-2809336357-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1647807983-224733842-2809336357-1000] => http=127.0.0.1:8080
URLSearchHook: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 - (No Name) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No File
SearchScopes: HKLM-x32 -> DefaultScope {449A4DAD-7A59-40D8-B83F-833637B6300C} URL =
SearchScopes: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 -> {449A4DAD-7A59-40D8-B83F-833637B6300C} URL = http://search.condui...3741108614&UM=2
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {7F6AFBF1-E065-4627-A2FD-810366367D01} ->  No File
BHO-x32: GreatArcadeHits Add-on -> {D0C21091-FF8E-432C-9006-0540E81BA9D7} -> C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN34140492531939127&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Secure Search
FF HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi
FF Extension: GreatArcadeHits Add-on - C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi [2014-07-04]
CHR HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files (x86)\FirstRowSportApp.com\stv12.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [Not Found]
R2 d924d8dc; c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll [1597008 2015-01-23] ()
2015-02-16 12:44 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\FlexibleShoopper
2015-02-16 12:44 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\CCoOllSSaaleCouePon
2015-02-13 13:04 - 2015-02-20 19:46 - 00000000 ____D () C:\ProgramData\WildWestCoupon
2015-01-23 14:21 - 2015-01-23 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-01-23 14:19 - 2015-01-23 14:20 - 03882712 _____ (http://smile-files.com) C:\Users\PolingJr\Downloads\kickasstorrent_downloader.exe
2015-01-23 14:21 - 2015-01-23 14:21 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.33
2015-01-23 14:20 - 2015-01-23 14:20 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\SmileFiles
2015-01-23 14:20 - 2015-01-23 14:20 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-02-20 14:00 - 2013-12-06 12:47 - 00000000 ____D () C:\Users\PolingJr\AppData\Local\GreatArcadeHits
2015-02-20 18:24 - 2013-12-06 12:47 - 00000284 _____ () C:\windows\Tasks\GreatArcadeHits.job
Task: {089B2DDD-695D-42B1-B77E-B870977735BE} - System32\Tasks\SmileFiles Installer Starter => C:\Users\PolingJr\AppData\Local\Temp\SmileFilest0r28rcifZ.exe <==== ATTENTION
Task: {3002EDF7-5F5D-4CD6-96F4-95644353DAD2} - System32\Tasks\GreatArcadeHits => C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: {5777893F-A072-497D-ACF9-BDF077C8A452} - \LuckyTab No Task File <==== ATTENTION
C:\Users\PolingJr\AppData\Local\GreatArcadeHits
Task: C:\windows\Tasks\GreatArcadeHits.job => C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value not found.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-1647807983-224733842-2809336357-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{449A4DAD-7A59-40D8-B83F-833637B6300C}" => Key deleted successfully.
HKCR\CLSID\{449A4DAD-7A59-40D8-B83F-833637B6300C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} => value deleted successfully.
C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi => Moved successfully.
"HKU\S-1-5-21-1647807983-224733842-2809336357-1000\SOFTWARE\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj" => Key deleted successfully.
C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj" => Key deleted successfully.
"C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla" => Key deleted successfully.
d924d8dc => Service not found.
"C:\Program Files (x86)\FlexibleShoopper" => File/Directory not found.
"C:\Program Files (x86)\CCoOllSSaaleCouePon" => File/Directory not found.
C:\ProgramData\WildWestCoupon => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2" => File/Directory not found.
C:\Users\PolingJr\Downloads\kickasstorrent_downloader.exe => Moved successfully.
C:\Program Files (x86)\Optimizer Pro 3.33 => Moved successfully.
C:\Users\PolingJr\AppData\Roaming\SmileFiles => Moved successfully.
C:\Users\PolingJr\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab => Moved successfully.
C:\Users\PolingJr\AppData\Local\GreatArcadeHits => Moved successfully.
"C:\windows\Tasks\GreatArcadeHits.job" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{089B2DDD-695D-42B1-B77E-B870977735BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{089B2DDD-695D-42B1-B77E-B870977735BE}" => Key deleted successfully.
C:\Windows\System32\Tasks\SmileFiles Installer Starter => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmileFiles Installer Starter" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3002EDF7-5F5D-4CD6-96F4-95644353DAD2} => Key not found.
C:\Windows\System32\Tasks\GreatArcadeHits not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5777893F-A072-497D-ACF9-BDF077C8A452}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5777893F-A072-497D-ACF9-BDF077C8A452}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => Key deleted successfully.
"C:\Users\PolingJr\AppData\Local\GreatArcadeHits" => File/Directory not found.
C:\windows\Tasks\GreatArcadeHits.job not found.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 272.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 00:49:37 ====

 
 

  • 0

#7
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7arrow-10x10.png Home Premium x64
Ran by PolingJr on Sat 02/21/2015 at  1:42:28.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keysarrow-10x10.png

Successfully deleted: [Registry Keyarrow-10x10.png] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Keyarrow-10x10.png] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Keyarrow-10x10.png] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\monetomi_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\monetomi_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatemonetomi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatemonetomi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\monetomi_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\monetomi_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatemonetomi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatemonetomi_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\kojpnpjhkadjcbchdmakajhdajohichm
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\tarma installerarrow-10x10.png"
Successfully deleted: [Folder] "C:\Users\PolingJr\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\PolingJr\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\PolingJr\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{041AB804-FAAE-44DE-9D73-2B8C05059270}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{325B1832-5373-431A-AF29-7BAC56531BFF}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{37B88674-6531-47BB-97A4-EB794E6EF533}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{3B18F281-1D47-4ADB-BC93-CF27DF7CCBA1}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{3EA88AF7-D8BC-48A4-94C7-207F478AF3FC}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{420761B1-18C6-422C-A9F4-07FE5942F0F9}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{46EF9D8A-07A0-49B9-983E-6A73CB7DC925}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{4E8EC957-8F28-4638-A024-3A1A70135D61}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{66B5B738-3EB5-4C1E-8396-046BCF9DA995}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{7F870E47-8923-4A74-BB49-5D7664ADBA50}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{84CEA934-41FB-44E0-BB2E-4F4CA7644040}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{85F61A8E-2C22-4B32-A23E-C91DB8520CA6}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{8F1EE17D-18E8-48C0-8CAF-7502A01218C3}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{90D2464F-3F06-4D41-B6FD-1002F8243CFF}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{AF0F16B9-64AE-4331-9D0D-32287DE84EB4}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{B04A169B-0C98-4D2B-901A-258B8C4A8717}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{B745C8B0-FD11-49DF-97C3-AF7FD80759A0}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{D2821EFF-9D2B-4D0E-9BA1-50FCE3530836}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{D4A0B615-FC91-4CFC-BD00-31396BC8A32A}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{E71D7B09-8226-4B08-BC0E-CCF347D731F1}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{F0434C69-347A-43B9-A69B-75E8FA7591AC}



~~~ FireFox

Successfully deleted: [File] C:\Users\PolingJr\AppData\Roaming\mozilla\firefox\profiles\q6p49eqs.default\user.js
Successfully deleted the following from C:\Users\PolingJr\AppData\Roaming\mozilla\firefox\profiles\q6p49eqs.default\prefs.js

user_pref("CT3247201_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1353544917211,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CT3306058_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386353174608,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3306058");
user_pref("browser.search.defaultthis.engineName", "Connect DLC 2 Customized Web Search");
user_pref("extensions.9hGXWqW3qSE8kHQX.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjUHqdw6qHw8qHC5qHk4pdg5pn\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("extensions.ZgkkyE4lhQfF0hFM.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjUHqdw6qHw8qHC5qHk4pdg5pn\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("plugin.state.npconduitfirefoxplugin", 0);
user_pref("smartbar.machineId", "25UDEPAQB0DVEY74+2QJWWBCBLW+JCW75MUM/VLE59UUCZAXD9X44B6VQTI7F8P+O+JERZKC7G3JAJQAC2HQQG");
user_pref("valueApps.storage.mam_gk_userId", "65623466346139322D393337342D346431642D396535302D633964636632343238353863");
Emptied folder: C:\Users\PolingJr\AppData\Roaming\mozilla\firefox\profiles\q6p49eqs.default\minidumps [178 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/21/2015 at  1:49:09.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 
 

  • 0

#8
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by PolingJr at 2015-02-21 00:46:51 Run:1
Running from C:\Users\PolingJr\Desktop
Loaded Profiles: PolingJr (Available profiles: PolingJr)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.33\OptProLauncher.exe
ProxyEnable: [S-1-5-21-1647807983-224733842-2809336357-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1647807983-224733842-2809336357-1000] => http=127.0.0.1:8080
URLSearchHook: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 - (No Name) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No File
SearchScopes: HKLM-x32 -> DefaultScope {449A4DAD-7A59-40D8-B83F-833637B6300C} URL =
SearchScopes: HKU\S-1-5-21-1647807983-224733842-2809336357-1000 -> {449A4DAD-7A59-40D8-B83F-833637B6300C} URL = http://search.condui...3741108614&UM=2
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {7F6AFBF1-E065-4627-A2FD-810366367D01} ->  No File
BHO-x32: GreatArcadeHits Add-on -> {D0C21091-FF8E-432C-9006-0540E81BA9D7} -> C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN34140492531939127&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Secure Search
FF HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi
FF Extension: GreatArcadeHits Add-on - C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi [2014-07-04]
CHR HKU\S-1-5-21-1647807983-224733842-2809336357-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files (x86)\FirstRowSportApp.com\stv12.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [Not Found]
R2 d924d8dc; c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll [1597008 2015-01-23] ()
2015-02-16 12:44 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\FlexibleShoopper
2015-02-16 12:44 - 2015-02-20 19:46 - 00000000 ____D () C:\Program Files (x86)\CCoOllSSaaleCouePon
2015-02-13 13:04 - 2015-02-20 19:46 - 00000000 ____D () C:\ProgramData\WildWestCoupon
2015-01-23 14:21 - 2015-01-23 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-01-23 14:19 - 2015-01-23 14:20 - 03882712 _____ (http://smile-files.com) C:\Users\PolingJr\Downloads\kickasstorrent_downloader.exe
2015-01-23 14:21 - 2015-01-23 14:21 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.33
2015-01-23 14:20 - 2015-01-23 14:20 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\SmileFiles
2015-01-23 14:20 - 2015-01-23 14:20 - 00000000 ____D () C:\Users\PolingJr\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-02-20 14:00 - 2013-12-06 12:47 - 00000000 ____D () C:\Users\PolingJr\AppData\Local\GreatArcadeHits
2015-02-20 18:24 - 2013-12-06 12:47 - 00000284 _____ () C:\windows\Tasks\GreatArcadeHits.job
Task: {089B2DDD-695D-42B1-B77E-B870977735BE} - System32\Tasks\SmileFiles Installer Starter => C:\Users\PolingJr\AppData\Local\Temp\SmileFilest0r28rcifZ.exe <==== ATTENTION
Task: {3002EDF7-5F5D-4CD6-96F4-95644353DAD2} - System32\Tasks\GreatArcadeHits => C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: {5777893F-A072-497D-ACF9-BDF077C8A452} - \LuckyTab No Task File <==== ATTENTION
C:\Users\PolingJr\AppData\Local\GreatArcadeHits
Task: C:\windows\Tasks\GreatArcadeHits.job => C:\Users\PolingJr\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value not found.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-1647807983-224733842-2809336357-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{449A4DAD-7A59-40D8-B83F-833637B6300C}" => Key deleted successfully.
HKCR\CLSID\{449A4DAD-7A59-40D8-B83F-833637B6300C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
HKU\S-1-5-21-1647807983-224733842-2809336357-1000\Software\Mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} => value deleted successfully.
C:\Users\PolingJr\AppData\Local\GreatArcadeHits\gahff.xpi => Moved successfully.
"HKU\S-1-5-21-1647807983-224733842-2809336357-1000\SOFTWARE\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj" => Key deleted successfully.
C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj" => Key deleted successfully.
"C:\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla" => Key deleted successfully.
d924d8dc => Service not found.
"C:\Program Files (x86)\FlexibleShoopper" => File/Directory not found.
"C:\Program Files (x86)\CCoOllSSaaleCouePon" => File/Directory not found.
C:\ProgramData\WildWestCoupon => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2" => File/Directory not found.
C:\Users\PolingJr\Downloads\kickasstorrent_downloader.exe => Moved successfully.
C:\Program Files (x86)\Optimizer Pro 3.33 => Moved successfully.
C:\Users\PolingJr\AppData\Roaming\SmileFiles => Moved successfully.
C:\Users\PolingJr\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab => Moved successfully.
C:\Users\PolingJr\AppData\Local\GreatArcadeHits => Moved successfully.
"C:\windows\Tasks\GreatArcadeHits.job" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{089B2DDD-695D-42B1-B77E-B870977735BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{089B2DDD-695D-42B1-B77E-B870977735BE}" => Key deleted successfully.
C:\Windows\System32\Tasks\SmileFiles Installer Starter => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmileFiles Installer Starter" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3002EDF7-5F5D-4CD6-96F4-95644353DAD2} => Key not found.
C:\Windows\System32\Tasks\GreatArcadeHits not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5777893F-A072-497D-ACF9-BDF077C8A452}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5777893F-A072-497D-ACF9-BDF077C8A452}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => Key deleted successfully.
"C:\Users\PolingJr\AppData\Local\GreatArcadeHits" => File/Directory not found.
C:\windows\Tasks\GreatArcadeHits.job not found.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 272.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 00:49:37 ====


  • 0

#9
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by PolingJr on Sat 02/21/2015 at  1:42:28.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\monetomi_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\monetomi_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatemonetomi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatemonetomi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\monetomi_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\monetomi_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatemonetomi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatemonetomi_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\kojpnpjhkadjcbchdmakajhdajohichm
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\PolingJr\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\PolingJr\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\PolingJr\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{041AB804-FAAE-44DE-9D73-2B8C05059270}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{325B1832-5373-431A-AF29-7BAC56531BFF}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{37B88674-6531-47BB-97A4-EB794E6EF533}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{3B18F281-1D47-4ADB-BC93-CF27DF7CCBA1}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{3EA88AF7-D8BC-48A4-94C7-207F478AF3FC}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{420761B1-18C6-422C-A9F4-07FE5942F0F9}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{46EF9D8A-07A0-49B9-983E-6A73CB7DC925}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{4E8EC957-8F28-4638-A024-3A1A70135D61}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{66B5B738-3EB5-4C1E-8396-046BCF9DA995}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{7F870E47-8923-4A74-BB49-5D7664ADBA50}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{84CEA934-41FB-44E0-BB2E-4F4CA7644040}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{85F61A8E-2C22-4B32-A23E-C91DB8520CA6}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{8F1EE17D-18E8-48C0-8CAF-7502A01218C3}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{90D2464F-3F06-4D41-B6FD-1002F8243CFF}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{AF0F16B9-64AE-4331-9D0D-32287DE84EB4}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{B04A169B-0C98-4D2B-901A-258B8C4A8717}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{B745C8B0-FD11-49DF-97C3-AF7FD80759A0}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{D2821EFF-9D2B-4D0E-9BA1-50FCE3530836}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{D4A0B615-FC91-4CFC-BD00-31396BC8A32A}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{E71D7B09-8226-4B08-BC0E-CCF347D731F1}
Successfully deleted: [Empty Folder] C:\Users\PolingJr\appdata\local\{F0434C69-347A-43B9-A69B-75E8FA7591AC}



~~~ FireFox

Successfully deleted: [File] C:\Users\PolingJr\AppData\Roaming\mozilla\firefox\profiles\q6p49eqs.default\user.js
Successfully deleted the following from C:\Users\PolingJr\AppData\Roaming\mozilla\firefox\profiles\q6p49eqs.default\prefs.js

user_pref("CT3247201_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1353544917211,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CT3306058_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386353174608,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3306058");
user_pref("browser.search.defaultthis.engineName", "Connect DLC 2 Customized Web Search");
user_pref("extensions.9hGXWqW3qSE8kHQX.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjUHqdw6qHw8qHC5qHk4pdg5pn\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("extensions.ZgkkyE4lhQfF0hFM.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjUHqdw6qHw8qHC5qHk4pdg5pn\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("plugin.state.npconduitfirefoxplugin", 0);
user_pref("smartbar.machineId", "25UDEPAQB0DVEY74+2QJWWBCBLW+JCW75MUM/VLE59UUCZAXD9X44B6VQTI7F8P+O+JERZKC7G3JAJQAC2HQQG");
user_pref("valueApps.storage.mam_gk_userId", "65623466346139322D393337342D346431642D396535302D633964636632343238353863");
Emptied folder: C:\Users\PolingJr\AppData\Roaming\mozilla\firefox\profiles\q6p49eqs.default\minidumps [178 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/21/2015 at  1:49:09.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#10
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

# AdwCleaner v4.111 - Logfile created 21/02/2015 at 02:05:20
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : PolingJr - POLINGJR-PC
# Running from : C:\Users\PolingJr\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Device
Folder Deleted : C:\ProgramData\5551195122105854317
Folder Deleted : C:\ProgramData\775d934000002a07
Folder Deleted : C:\Users\PolingJr\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\PolingJr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
Folder Deleted : C:\Users\PolingJr\AppData\Roaming\Mozilla\Firefox\Profiles\q6p49eqs.default\Extensions\[email protected]
File Deleted : C:\END

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\P7244ffc2_4c1a_4c21_ade0_fd1fda9a9d02_.P7244ffc2_4c1a_4c21_ade0_fd1fda9a9d02_
Key Deleted : HKLM\SOFTWARE\Classes\P7244ffc2_4c1a_4c21_ade0_fd1fda9a9d02_.P7244ffc2_4c1a_4c21_ade0_fd1fda9a9d02_.9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7244ffc2-4c1a-4c21-ade0-fd1fda9a9d02}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7244ffc2-4c1a-4c21-ade0-fd1fda9a9d02}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7244ffc2-4c1a-4c21-ade0-fd1fda9a9d02}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7244ffc2-4c1a-4c21-ade0-fd1fda9a9d02}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7244ffc2-4c1a-4c21-ade0-fd1fda9a9d02}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\LuckyTab
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\TornTv Downloader

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[q6p49eqs.default\prefs.js] - Line Deleted : user_pref("extensions.9hGXWqW3qSE8kHQX.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjUHqdw6qHw8qHC5qHk4pdg5pn\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"warnalert11.com\",[...]
[q6p49eqs.default\prefs.js] - Line Deleted : user_pref("extensions.ZgkkyE4lhQfF0hFM.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjUHqdw6qHw8qHC5qHk4pdg5pn\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...]

-\\ Google Chrome v

[C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN80991193487281171&ctid=CT3306058&UM=2
[C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
[C:\Users\PolingJr\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [8300 bytes] - [21/02/2015 01:58:47]
AdwCleaner[S0].txt - [8124 bytes] - [21/02/2015 02:05:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8183  bytes] ##########
 


  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looking good, let's run some scans for remnants and orphans. How is the machine performing?

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#12
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/21/2015
Scan Time: 5:47:35 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.21.10
Rootkit Database: v2015.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PolingJr

Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 52227
Time Elapsed: 7 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1647807983-224733842-2809336357-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [7f9f27fa8901033384734bc861a27f81],
PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-1647807983-224733842-2809336357-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [e33b18091c6e1b1b9aece92a90738e72],
PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-1647807983-224733842-2809336357-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [e33b18091c6e1b1b9aece92a90738e72],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.4Shared, C:\$Recycle.Bin\S-1-5-21-1647807983-224733842-2809336357-1000\$RJL7KM4.exe, Quarantined, [a17df92890fa072fdd3baa5c43bf2fd1],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#13
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=897595c0656d404588fdad452fea9239
# engine=22587
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-21 11:32:11
# local_time=2015-02-21 06:32:11 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 7870196 186385309 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 176061781 0 0
# scanned=3855
# found=3
# cleaned=0
# scan_time=164
sh=1118659C4B8F8F83CF97DF3C94B2EE97AEE6AE5B ft=1 fh=4fba20639ed4f8cc vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1647807983-224733842-2809336357-1000\$ROTYVHK.exe"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PolingJr\AppData\Local\NativeMessaging\CT3306058\1_0_0_4\TBMessagingHost.exe.vir"
sh=5950563E0C28AD44E80BE48EB8E0C5058FE1B7A3 ft=1 fh=ea427f4f37187a6e vn="a variant of Win32/ExpressDownloader.K potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PolingJr\Downloads\kickasstorrent_downloader.exe.xBAD"
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=897595c0656d404588fdad452fea9239
# engine=22587
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-21 02:13:36
# local_time=2015-02-21 09:13:36 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 7876281 186394994 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 176071466 0 0
# scanned=164216
# found=12
# cleaned=0
# scan_time=9555
sh=1118659C4B8F8F83CF97DF3C94B2EE97AEE6AE5B ft=1 fh=4fba20639ed4f8cc vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1647807983-224733842-2809336357-1000\$ROTYVHK.exe"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PolingJr\AppData\Local\NativeMessaging\CT3306058\1_0_0_4\TBMessagingHost.exe.vir"
sh=6DB4DC621FBB98B4979101DA1C86C649E2222F96 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx.xBAD"
sh=5950563E0C28AD44E80BE48EB8E0C5058FE1B7A3 ft=1 fh=ea427f4f37187a6e vn="a variant of Win32/ExpressDownloader.K potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PolingJr\Downloads\kickasstorrent_downloader.exe.xBAD"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=767276DE66068331EC56321CF0FF0551CF1E08DB ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEA trojan" ac=I fn="C:\Users\PolingJr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4b4979d1-20e2893a"
sh=06BFB35ED4B1086C02D24710C5EE8C2C5B61F2E4 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.AI.Gen trojan" ac=I fn="C:\Users\PolingJr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\2edfc06f-7d82a3aa"
sh=5D3835A49888506948282F572B818B45901059F3 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEA trojan" ac=I fn="C:\Users\PolingJr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\55373035-6682a512"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\PolingJr\Downloads\ccsetup417.exe"
sh=FAFD98E732BEF3CB7806C776CC25171C0ED8F261 ft=1 fh=851423878734aeac vn="a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll"
sh=FAFD98E732BEF3CB7806C776CC25171C0ED8F261 ft=1 fh=851423878734aeac vn="a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll"
 


  • 0

#14
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=897595c0656d404588fdad452fea9239
# engine=22587
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-21 11:32:11
# local_time=2015-02-21 06:32:11 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 7870196 186385309 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 176061781 0 0
# scanned=3855
# found=3
# cleaned=0
# scan_time=164
sh=1118659C4B8F8F83CF97DF3C94B2EE97AEE6AE5B ft=1 fh=4fba20639ed4f8cc vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1647807983-224733842-2809336357-1000\$ROTYVHK.exe"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PolingJr\AppData\Local\NativeMessaging\CT3306058\1_0_0_4\TBMessagingHost.exe.vir"
sh=5950563E0C28AD44E80BE48EB8E0C5058FE1B7A3 ft=1 fh=ea427f4f37187a6e vn="a variant of Win32/ExpressDownloader.K potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PolingJr\Downloads\kickasstorrent_downloader.exe.xBAD"
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=897595c0656d404588fdad452fea9239
# engine=22587
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-21 02:13:36
# local_time=2015-02-21 09:13:36 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 7876281 186394994 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 176071466 0 0
# scanned=164216
# found=12
# cleaned=0
# scan_time=9555
sh=1118659C4B8F8F83CF97DF3C94B2EE97AEE6AE5B ft=1 fh=4fba20639ed4f8cc vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1647807983-224733842-2809336357-1000\$ROTYVHK.exe"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PolingJr\AppData\Local\NativeMessaging\CT3306058\1_0_0_4\TBMessagingHost.exe.vir"
sh=6DB4DC621FBB98B4979101DA1C86C649E2222F96 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PolingJr\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx.xBAD"
sh=5950563E0C28AD44E80BE48EB8E0C5058FE1B7A3 ft=1 fh=ea427f4f37187a6e vn="a variant of Win32/ExpressDownloader.K potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PolingJr\Downloads\kickasstorrent_downloader.exe.xBAD"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=767276DE66068331EC56321CF0FF0551CF1E08DB ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEA trojan" ac=I fn="C:\Users\PolingJr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4b4979d1-20e2893a"
sh=06BFB35ED4B1086C02D24710C5EE8C2C5B61F2E4 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.AI.Gen trojan" ac=I fn="C:\Users\PolingJr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\2edfc06f-7d82a3aa"
sh=5D3835A49888506948282F572B818B45901059F3 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEA trojan" ac=I fn="C:\Users\PolingJr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\55373035-6682a512"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\PolingJr\Downloads\ccsetup417.exe"
sh=FAFD98E732BEF3CB7806C776CC25171C0ED8F261 ft=1 fh=851423878734aeac vn="a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll"
sh=FAFD98E732BEF3CB7806C776CC25171C0ED8F261 ft=1 fh=851423878734aeac vn="a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll"
 


  • 0

#15
rmp0012002

rmp0012002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/21/2015
Scan Time: 5:47:35 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.21.10
Rootkit Database: v2015.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PolingJr

Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 52227
Time Elapsed: 7 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [ca54869b761467cfec9b050e49ba15eb],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1647807983-224733842-2809336357-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [7f9f27fa8901033384734bc861a27f81],
PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-1647807983-224733842-2809336357-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [e33b18091c6e1b1b9aece92a90738e72],
PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-1647807983-224733842-2809336357-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [e33b18091c6e1b1b9aece92a90738e72],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.4Shared, C:\$Recycle.Bin\S-1-5-21-1647807983-224733842-2809336357-1000\$RJL7KM4.exe, Quarantined, [a17df92890fa072fdd3baa5c43bf2fd1],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 McAfee SiteAdvisor    
 Java 8 Update 31  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 McAfee Online Backup MOBKbackup.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP