Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cant get rid of adware [Closed]

adware generi6.QJC adware generic6.QDX

  • This topic is locked This topic is locked

#1
pakman81

pakman81

    New Member

  • Member
  • Pip
  • 5 posts

Can someone please help I cannot get rid of this adware messages that keep popping up in AVG Detection window.  They are Adware Generic6.QJC and Adware Generic6.QDX.

Any help would be greatly appreciated thanks.


  • 0

Advertisements


#2
pakman81

pakman81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

I have used the farbar recovery scan tool that someone on here advised and have the results for additional.txt and frst.  I don't know what I need to do with these files.


  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the two logs generated and I will see what I can see :)
  • 0

#4
pakman81

pakman81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks essexboy, here are the attachments Attached File  FRST.txt   52.79KB   44 downloads  Attached File  Addition.txt   64.88KB   151 downloads

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
Ran by sheryl29 (administrator) on SHERYL29-NERD on 22-02-2015 18:21:38
Running from C:\Users\sheryl29\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8G9N5KN
Loaded Profiles: sheryl29 (Available profiles: sheryl29 & Administrator & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
() C:\Users\sheryl29\AppData\Roaming\VOPackage\VOsrv.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
() C:\Program Files (x86)\grassmow\updategrassmow.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\SONY\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files\SONY\VAIO Care\ESRV\esrv_svc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Care\VCAgent.exe
(BitTorrent, Inc.) C:\Users\sheryl29\Desktop\utorrent.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\SONY\VCM Manager Settings\VcmMgrNotification64.exe
() C:\Program Files (x86)\SweepTools PC Cleaner\PC Cleaner.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Avanquest Software) C:\Program Files (x86)\SONY\Sony PC Companion\PCCService.exe
(Sony) C:\Program Files (x86)\SONY\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\SONY\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [fst_au_214] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Run: [uTorrent] => C:\Users\sheryl29\Desktop\utorrent.exe [399736 2011-05-02] (BitTorrent, Inc.)
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Run: [SpeedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Run: [AVG-Secure-Search-Update_1214avt] => C:\Users\sheryl29\AppData\Roaming\Avg_Update_1214avt\AVG-Secure-Search-Update_1214avt.exe /PROMPT /mid=2ddac6bead6347cdb3b021328d0cb64c-eda72383ce33b8c02cbe9c1b1aef95043567e879 /CMPID=1214avt
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\MountPoints2: {115774c3-b48e-11df-bd54-f07bcbe85fbf} - G:\AutoRun.exe
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\MountPoints2: {115774cf-b48e-11df-bd54-f07bcbe85fbf} - H:\AutoRun.exe
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\MountPoints2: {12e2f86d-52a0-11e3-96da-544249609db6} - H:\Startme.exe
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\MountPoints2: {73c9a46c-a203-11e2-9224-f07bcbe85fbf} - H:\Startme.exe
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\MountPoints2: {a9e79584-c221-11df-813d-f07bcbe85fbf} - G:\AutoRun.exe
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\MountPoints2: {a9e79588-c221-11df-813d-f07bcbe85fbf} - G:\AutoRun.exe
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\MountPoints2: {e5df9549-b8ab-11e0-9b40-f07bcbe85fbf} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\MountPoints2: {efcb0e1a-bf5e-11e2-ae9f-f07bcbe85fbf} - G:\Startme.exe
HKU\S-1-5-18\...\Run: [RegistryBooster] => "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
AppInit_DLLs: C:\Users\sheryl29\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\sheryl29\AppData\Local\Smartbar\Application\Resources\crdlil64.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54653;https=127.0.0.1:54653
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.SearchAss...&m=639&c=d&s=sp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.SearchAss...&m=639&c=d&s=sp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.SearchAss...&m=639&c=d&s=sp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...6EQSXX50S5S6EQS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.SearchAss...&m=639&c=d&s=sp
SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAss...&m=639&c=d&s=sp
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchass...sm=639&c=d&s=sp
SearchScopes: HKLM -> {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAss...&m=639&c=d&s=sp
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAss...&m=639&c=d&s=sp
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchass...sm=639&c=d&s=sp
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> {7E4BF3FD-0038-469C-94A7-EDF285CE18C1} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAss...&m=639&c=d&s=sp
BHO: No Name -> {11111111-1111-1111-1111-110611171187} -> No File
BHO: No Name -> {283E6CFC-946C-A505-85D0-F04CADB49E66} -> No File
BHO: SearchAssist -> {8DDAC7C3-2592-4D84-A7A7-AA7865E53875} -> C:\Program Files\SearchAssist\ie\adxloader64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: BlockAndSurf -> {F9785F77-9BA1-A18F-2700-08002077A974} -> C:\Program Files (x86)\ver8BlockAndSurf\183_x64.dll ()
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: grassmow -> {12ef4f7f-6c80-4ac9-976b-a4ee342815c5} -> C:\Program Files (x86)\grassmow\grassmowbho.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SearchAssist -> {8DDAC7C3-2592-4D84-A7A7-AA7865E53875} -> C:\Program Files\SearchAssist\ie\adxloader.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlowSurf -> {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} -> C:\Program Files (x86)\Flowsurf\FlowSurf.dll (FlowSurf Inc.)
BHO-x32: BlockAndSurf -> {F9785F77-9BA1-A18F-2700-08002077A974} -> C:\Program Files (x86)\ver8BlockAndSurf\183.dll No File
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
Toolbar: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-13]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
FF Extension: RelevantKnowledge - C:\Program Files (x86)\RelevantKnowledge\firefox [2015-01-25]
FF HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Firefox\Extensions: [{1937A7D0-0325-2FF8-6987-A8EB0E6B5E1D}] - C:\Program Files (x86)\ver8BlockAndSurf\183.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\ver8BlockAndSurf\183.xpi [2014-11-17]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jlndcojbknbodbijmihgihhgmlkplnbo] - C:\Program Files\SearchAssist\chrome\searchassist.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2010-10-18] (Apache Software Foundation) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [341296 2011-01-14] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [213784 2014-11-01] (TMRG, Inc.) <==== ATTENTION
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 servervo; C:\Users\sheryl29\AppData\Roaming\VOPackage\VOsrv.exe [71680 2014-09-22] () [File not signed] <==== ATTENTION
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-19] (ArcSoft, Inc.)
R2 Update grassmow; C:\Program Files (x86)\grassmow\updategrassmow.exe [323360 2014-08-28] ()
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 VSNService; C:\Program Files\SONY\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-31] (AVAST Software)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-02-21] (Sony Mobile Communications)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-25] (Glarysoft Ltd)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-17] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-17] (Intel® Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-02-14] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-13] ()
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 18:20 - 2015-02-22 18:21 - 00000000 ____D () C:\FRST
2015-02-21 16:27 - 2015-02-21 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2015-02-21 11:22 - 2015-02-21 11:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-02-21 11:22 - 2015-02-21 11:22 - 00000000 ____D () C:\Windows\LastGood
2015-02-21 10:51 - 2015-02-21 10:51 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-02-21 10:51 - 2015-02-21 10:51 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-02-21 09:42 - 2015-02-21 10:44 - 00000000 ____D () C:\Users\sheryl29\Desktop\sheryl phone pic feb2015
2015-02-20 10:26 - 2015-02-20 10:26 - 00000000 ____D () C:\Users\sheryl29\AppData\Local\Nero_AG
2015-02-20 10:25 - 2015-02-20 10:26 - 00000000 ____D () C:\Users\sheryl29\AppData\Local\Nero
2015-02-18 22:13 - 2015-02-18 22:16 - 00000000 ____D () C:\Users\sheryl29\Desktop\evo
2015-02-13 13:31 - 2015-01-23 13:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 13:30 - 2015-01-23 14:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 13:30 - 2015-01-23 14:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 13:30 - 2015-01-23 13:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 19:38 - 2015-02-04 13:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 19:38 - 2015-02-04 13:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 19:38 - 2015-02-04 13:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 19:38 - 2015-02-04 13:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 19:38 - 2015-02-04 13:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 19:38 - 2015-02-04 13:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 19:38 - 2015-02-04 13:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 19:38 - 2015-01-28 09:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 19:38 - 2015-01-10 16:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 19:38 - 2015-01-10 16:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 19:38 - 2015-01-10 16:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 19:38 - 2015-01-10 16:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 19:38 - 2015-01-10 16:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 19:38 - 2015-01-10 16:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 19:38 - 2015-01-10 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 19:38 - 2015-01-10 16:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 19:38 - 2015-01-10 16:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 19:38 - 2015-01-10 16:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 19:38 - 2015-01-10 16:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 19:38 - 2015-01-10 16:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 19:38 - 2015-01-10 16:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 19:38 - 2015-01-10 16:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 19:38 - 2015-01-09 12:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 19:37 - 2015-01-14 15:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 19:37 - 2015-01-14 15:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 19:37 - 2015-01-13 13:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 19:37 - 2015-01-13 12:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 19:37 - 2015-01-12 13:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 19:37 - 2015-01-12 13:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 19:37 - 2015-01-12 13:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 19:37 - 2015-01-12 12:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 19:37 - 2015-01-12 12:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 19:37 - 2015-01-12 12:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 19:37 - 2015-01-12 12:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 19:37 - 2015-01-12 12:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 19:37 - 2015-01-12 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 19:37 - 2015-01-12 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 19:37 - 2015-01-12 12:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 19:37 - 2015-01-12 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 19:37 - 2015-01-12 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 19:37 - 2015-01-12 12:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 19:37 - 2015-01-12 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 19:37 - 2015-01-12 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 19:37 - 2015-01-12 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 19:37 - 2015-01-12 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 19:37 - 2015-01-12 12:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 19:37 - 2015-01-12 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 19:37 - 2015-01-12 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 19:37 - 2015-01-12 12:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 19:37 - 2015-01-12 12:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 19:37 - 2015-01-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 19:37 - 2015-01-12 12:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 19:37 - 2015-01-12 12:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 19:37 - 2015-01-12 12:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 19:37 - 2015-01-12 11:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 19:37 - 2015-01-12 11:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 19:37 - 2015-01-12 11:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 19:37 - 2015-01-12 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 19:37 - 2015-01-12 11:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 19:37 - 2015-01-12 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 19:37 - 2015-01-12 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 19:37 - 2015-01-12 11:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 19:37 - 2015-01-12 11:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 19:37 - 2015-01-12 11:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 19:37 - 2015-01-12 11:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 19:37 - 2015-01-12 11:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 19:37 - 2015-01-12 11:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 19:37 - 2015-01-12 11:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 19:37 - 2015-01-12 11:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 19:37 - 2015-01-12 11:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 19:37 - 2015-01-12 11:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 19:37 - 2015-01-12 11:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 19:37 - 2015-01-12 11:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 19:37 - 2015-01-12 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 19:37 - 2015-01-12 11:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 19:37 - 2015-01-12 10:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 19:37 - 2015-01-12 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 19:36 - 2015-01-15 18:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 19:36 - 2015-01-15 18:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 19:36 - 2015-01-15 18:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 19:36 - 2015-01-15 18:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 19:36 - 2015-01-15 18:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 19:36 - 2015-01-15 18:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 19:36 - 2015-01-15 18:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 19:36 - 2015-01-15 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 19:36 - 2015-01-15 18:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 19:36 - 2015-01-15 18:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 19:36 - 2015-01-15 18:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 19:36 - 2015-01-15 17:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 19:36 - 2015-01-15 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 19:36 - 2015-01-15 17:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 19:36 - 2015-01-15 17:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 19:36 - 2015-01-15 17:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 19:36 - 2015-01-15 17:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 19:36 - 2015-01-15 14:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 19:36 - 2014-12-12 15:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 19:36 - 2014-12-12 15:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 19:36 - 2014-11-26 13:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 19:36 - 2014-11-26 13:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 19:36 - 2014-07-07 12:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 19:36 - 2014-07-07 12:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 19:36 - 2014-07-07 11:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 19:36 - 2014-07-07 11:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 19:35 - 2015-01-14 16:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 19:35 - 2015-01-14 16:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 19:35 - 2015-01-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 19:35 - 2015-01-14 16:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 19:35 - 2015-01-14 15:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 19:35 - 2015-01-14 15:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 19:35 - 2015-01-14 15:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 19:34 - 2014-12-08 13:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 19:34 - 2014-12-08 12:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 19:14 - 2015-02-12 19:15 - 39316824 _____ (NETGEAR Inc.) C:\Users\sheryl29\Downloads\NETGEARGenie-install.exe
2015-02-01 07:41 - 2015-01-31 19:16 - 11287302 ____N () C:\Users\sheryl29\Desktop\UPG_Wizard_v7210.zip
2015-01-25 09:59 - 2014-11-01 03:08 - 00971032 _____ (TMRG, Inc.) C:\Windows\system32\rlls64.dl_
2015-01-25 09:59 - 2014-11-01 03:08 - 00661272 _____ (TMRG, Inc.) C:\Windows\SysWOW64\rlls.dl_

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 18:23 - 2011-04-17 09:04 - 00000000 ____D () C:\Users\sheryl29\AppData\Roaming\uTorrent
2015-02-22 18:10 - 2014-11-11 10:10 - 00000304 _____ () C:\Windows\Tasks\PennyBee.job
2015-02-22 18:08 - 2010-08-27 19:29 - 01926114 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 18:07 - 2014-10-25 16:46 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-02-22 17:58 - 2014-09-14 19:10 - 00000000 ____D () C:\Users\sheryl29\Desktop\movies feb 2015
2015-02-22 17:54 - 2015-01-15 09:05 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
2015-02-22 17:52 - 2010-08-27 04:58 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{31A47D8A-CF28-4F56-875C-754DE280825B}
2015-02-22 09:27 - 2014-11-13 14:45 - 00000386 _____ () C:\Windows\Tasks\AmiUpdXp.job
2015-02-22 09:02 - 2014-12-04 12:55 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-22 09:00 - 2014-09-02 12:18 - 00001342 _____ () C:\Windows\Tasks\HK.job
2015-02-22 05:32 - 2009-07-14 14:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-22 05:32 - 2009-07-14 14:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-21 11:22 - 2014-09-29 05:22 - 00006580 _____ () C:\Windows\setupact.log
2015-02-21 10:50 - 2013-11-22 10:02 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2015-02-21 10:45 - 2014-11-17 10:55 - 00000430 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2015-02-21 10:32 - 2012-03-09 18:49 - 00000000 ____D () C:\Users\sheryl29\AppData\Roaming\vlc
2015-02-21 08:07 - 2009-07-14 15:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 18:53 - 2014-11-25 14:17 - 00000424 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2015-02-17 14:17 - 2014-11-25 14:17 - 00000478 _____ () C:\Windows\Tasks\DriverUpdate Scan.job
2015-02-14 18:54 - 2014-09-27 12:26 - 00000000 ____D () C:\Program Files (x86)\Flowsurf
2015-02-14 18:53 - 2014-11-25 19:50 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-14 18:53 - 2014-11-25 14:17 - 00002856 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2015-02-14 18:53 - 2014-10-25 11:33 - 00000338 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-14 04:14 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 04:04 - 2014-09-02 14:52 - 00000546 ____H () C:\Windows\Tasks\Norton Product InstallerIdle.job
2015-02-14 03:24 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 07:47 - 2009-07-14 14:45 - 00408496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 07:41 - 2014-12-12 03:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 07:41 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 03:11 - 2014-09-01 14:24 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-13 03:11 - 2014-09-01 14:24 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-13 03:10 - 2014-09-01 14:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 03:10 - 2014-09-01 14:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-13 03:10 - 2013-07-26 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 03:03 - 2010-11-24 09:40 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 19:07 - 2014-11-27 18:49 - 26440352 _____ () C:\Windows\SysWOW64\debug.log
2015-02-12 13:45 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-28 19:07 - 2014-11-19 14:47 - 00000000 ____D () C:\Program Files (x86)\f552dd4c52e3
2015-01-28 19:07 - 2014-09-27 12:28 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-01-28 19:07 - 2006-10-27 14:26 - 00000000 ____D () C:\I386
2015-01-28 19:06 - 2015-01-10 13:43 - 00000000 ____D () C:\Users\sheryl29\AppData\Local\Bingoliner
2015-01-28 19:06 - 2014-12-01 20:27 - 00000000 ____D () C:\Users\sheryl29\AppData\Local\ConvertAd
2015-01-28 19:06 - 2014-09-22 13:02 - 00000000 ____D () C:\Users\sheryl29\AppData\Roaming\VOPackage
2015-01-28 19:06 - 2014-01-09 19:23 - 00000000 ____D () C:\Users\sheryl29\Downloads\Nero 2014 Platinum 15.0.07100 Final [ChingLiu]
2015-01-28 19:06 - 2011-11-11 19:05 - 00000000 ____D () C:\Users\sheryl29\AppData\Local\Akamai
2015-01-28 19:06 - 2010-12-04 15:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2015-01-28 19:06 - 2010-05-14 12:46 - 00000000 ___HD () C:\SPLASH.SYS
2015-01-28 19:06 - 2009-08-31 23:53 - 00000000 ____D () C:\Users\sheryl29\Documents\DVDVideoSoft
2015-01-28 19:06 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\registration
2015-01-25 13:08 - 2014-11-25 08:41 - 00045986 _____ () C:\Windows\DPINST.LOG
2015-01-25 13:08 - 2014-06-25 18:32 - 00001905 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-25 13:08 - 2013-04-13 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-25 13:07 - 2010-05-08 10:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-25 09:53 - 2014-11-13 14:45 - 00000000 ____D () C:\Program Files (x86)\61B895DB-510E-45B8-8975-A9C6B941421C
2015-01-25 09:53 - 2014-11-11 10:10 - 00000000 ____D () C:\Program Files (x86)\OfferBoulevard
2015-01-25 09:51 - 2012-05-22 21:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 09:50 - 2014-10-10 09:58 - 00088690 _____ () C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2014-09-22 13:45 - 2014-10-11 20:17 - 0000320 _____ () C:\Users\sheryl29\AppData\Roaming\aps.uninstall.scan.results
2014-09-01 18:18 - 2014-09-01 18:18 - 0001248 _____ () C:\Users\sheryl29\AppData\Roaming\EKEK
2014-09-01 18:18 - 2014-09-01 18:18 - 0002086 _____ () C:\Users\sheryl29\AppData\Roaming\HK
2012-06-07 14:40 - 2012-06-18 12:10 - 0002048 _____ () C:\Users\sheryl29\AppData\Roaming\PhotobookShop.com.au Prefs
2014-11-11 17:10 - 2014-12-04 09:15 - 0000091 _____ () C:\Users\sheryl29\AppData\Roaming\WB.CFG
2010-12-11 08:35 - 2011-04-12 18:28 - 0006656 _____ () C:\Users\sheryl29\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-01 15:19 - 2014-09-01 15:19 - 0575544 _____ (ClickMeIn Limited) C:\Users\sheryl29\AppData\Local\nsa637.tmp
2014-09-03 12:47 - 2014-09-03 12:46 - 0631728 _____ (ClickMeIn Limited) C:\Users\sheryl29\AppData\Local\nsgEE3E.tmp
2014-09-22 14:14 - 2014-09-22 14:14 - 0627504 _____ (ClickMeIn Limited) C:\Users\sheryl29\AppData\Local\nsi308A.tmp
2014-09-01 13:24 - 2014-09-01 13:24 - 0631680 _____ (ClickMeIn Limited) C:\Users\sheryl29\AppData\Local\nslF71D.tmp
2014-12-01 20:28 - 2014-12-01 20:28 - 0613057 _____ (CMI Limited) C:\Users\sheryl29\AppData\Local\nsvDB85.tmp
2014-11-17 10:58 - 2014-11-17 10:58 - 0613012 _____ (CMI Limited) C:\Users\sheryl29\AppData\Local\nsvF109.tmp
2014-09-22 13:44 - 2014-09-22 13:44 - 0612072 _____ (ClickMeIn Limited) C:\Users\sheryl29\AppData\Local\nsw2C36.tmp
2011-01-10 21:56 - 2011-01-10 21:56 - 0000600 _____ () C:\Users\sheryl29\AppData\Local\PUTTY.RND
2011-11-23 18:16 - 2011-11-23 18:16 - 2529622 _____ () C:\Users\sheryl29\AppData\Local\[j0024]-[p01].bmp
2011-11-23 18:16 - 2011-11-23 18:16 - 2529622 _____ () C:\Users\sheryl29\AppData\Local\[j0024]-[p02].bmp
2011-11-23 18:16 - 2011-11-23 18:16 - 2529622 _____ () C:\Users\sheryl29\AppData\Local\[j0024]-[p03].bmp
2011-11-23 18:16 - 2011-11-23 18:16 - 2529622 _____ () C:\Users\sheryl29\AppData\Local\[j0024]-[p04].bmp
2011-11-23 18:16 - 2011-11-23 18:16 - 2529622 _____ () C:\Users\sheryl29\AppData\Local\[j0024]-[p05].bmp
2011-01-26 14:03 - 2011-03-10 14:14 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-08-04 16:23 - 2013-08-04 16:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-04 15:41 - 2012-02-11 13:04 - 0012016 _____ () C:\ProgramData\hpzinstall.log
2010-08-28 19:20 - 2010-08-28 19:20 - 0000221 _____ () C:\ProgramData\MusicStation.xml
2014-11-11 10:09 - 2014-11-11 10:09 - 0000000 _____ () C:\ProgramData\spds90.txt
2010-09-01 11:06 - 2010-09-01 11:06 - 0000112 _____ () C:\ProgramData\wrWin.ini

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\jna1878020501641523289.dll
C:\Users\Guest\AppData\Local\Temp\jna2887264982279649027.dll
C:\Users\Guest\AppData\Local\Temp\jna519945761266641714.dll
C:\Users\sheryl29\AppData\Local\Temp\97F35973-DBEB-0CC0-BEB2-28AD317E62A7.dll
C:\Users\sheryl29\AppData\Local\Temp\Adobe-Flash-Player1500152.exe
C:\Users\sheryl29\AppData\Local\Temp\BingoLinerInstaller.exe
C:\Users\sheryl29\AppData\Local\Temp\CBvA7.dll
C:\Users\sheryl29\AppData\Local\Temp\CBvA7.exe
C:\Users\sheryl29\AppData\Local\Temp\drv75393.exe
C:\Users\sheryl29\AppData\Local\Temp\GLFE130.tmp.exe
C:\Users\sheryl29\AppData\Local\Temp\Launcher.exe
C:\Users\sheryl29\AppData\Local\Temp\qt-mt332.dll
C:\Users\sheryl29\AppData\Local\Temp\qt-mt337.dll
C:\Users\sheryl29\AppData\Local\Temp\scpFDAC.tmp.exe
C:\Users\sheryl29\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\sheryl29\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\sheryl29\AppData\Local\Temp\srv60065.exe
C:\Users\sheryl29\AppData\Local\Temp\srv68358.exe
C:\Users\sheryl29\AppData\Local\Temp\srv89207.exe
C:\Users\sheryl29\AppData\Local\Temp\sSetup.exe
C:\Users\sheryl29\AppData\Local\Temp\stpccSetup.exe
C:\Users\sheryl29\AppData\Local\Temp\uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-14 03:00

==================== End Of Log ============================
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this is going to be a very busy fix as there appear to be more ad programmes that windows ones :)

First from control panel > Programs and Features uninstall the following programmes, if one does not uninstall then proceed to the next :

BlockAndSurf
BingoLiner
ConvertAd
couponarific
easytoshop
FLVPlayer
grassmow
MyPC Backup
OfferBLVDUpdate
OfferBoulevard
OffersWizard Network System Driver
RelevantKnowledge
Remote Desktop Access
Salus
Search Protect
SearchAssist
Software Version Updater


Having done that we will now start sweeping up

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Run: [SpeedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
AppInit_DLLs: C:\Users\sheryl29\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\sheryl29\AppData\Local\Smartbar\Application\Resources\crdlil64.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54653;https=127.0.0.1:54653
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.SearchAss...&m=639&c=d&s=sp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.SearchAss...&m=639&c=d&s=sp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.SearchAss...&m=639&c=d&s=sp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...6EQSXX50S5S6EQS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.SearchAss...&m=639&c=d&s=sp
SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAss...&m=639&c=d&s=sp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchass...sm=639&c=d&s=sp
SearchScopes: HKLM -> {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAss...&m=639&c=d&s=sp
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAss...&m=639&c=d&s=sp
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchass...sm=639&c=d&s=sp
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAss...&m=639&c=d&s=sp
BHO: No Name -> {11111111-1111-1111-1111-110611171187} -> No File
BHO: No Name -> {283E6CFC-946C-A505-85D0-F04CADB49E66} -> No File
BHO: SearchAssist -> {8DDAC7C3-2592-4D84-A7A7-AA7865E53875} -> C:\Program Files\SearchAssist\ie\adxloader64.dll ()
BHO: BlockAndSurf -> {F9785F77-9BA1-A18F-2700-08002077A974} -> C:\Program Files (x86)\ver8BlockAndSurf\183_x64.dll ()
BHO-x32: grassmow -> {12ef4f7f-6c80-4ac9-976b-a4ee342815c5} -> C:\Program Files (x86)\grassmow\grassmowbho.dll No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: SearchAssist -> {8DDAC7C3-2592-4D84-A7A7-AA7865E53875} -> C:\Program Files\SearchAssist\ie\adxloader.dll ()
BHO-x32: FlowSurf -> {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} -> C:\Program Files (x86)\Flowsurf\FlowSurf.dll (FlowSurf Inc.)
BHO-x32: BlockAndSurf -> {F9785F77-9BA1-A18F-2700-08002077A974} -> C:\Program Files (x86)\ver8BlockAndSurf\183.dll No File
Toolbar: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
Toolbar: HKU\S-1-5-21-1155007634-2346187462-1659951187-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
FF Extension: RelevantKnowledge - C:\Program Files (x86)\RelevantKnowledge\firefox [2015-01-25]
FF HKU\S-1-5-21-1155007634-2346187462-1659951187-1001\...\Firefox\Extensions: [{1937A7D0-0325-2FF8-6987-A8EB0E6B5E1D}] - C:\Program Files (x86)\ver8BlockAndSurf\183.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\ver8BlockAndSurf\183.xpi [2014-11-17]
CHR HKLM-x32\...\Chrome\Extension: [jlndcojbknbodbijmihgihhgmlkplnbo] - C:\Program Files\SearchAssist\chrome\searchassist.crx [2014-11-27]
R2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [213784 2014-11-01] (TMRG, Inc.) <==== ATTENTION
R2 servervo; C:\Users\sheryl29\AppData\Roaming\VOPackage\VOsrv.exe [71680 2014-09-22] () [File not signed] <==== ATTENTION
2015-02-21 16:27 - 2015-02-21 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2015-02-22 18:10 - 2014-11-11 10:10 - 00000304 _____ () C:\Windows\Tasks\PennyBee.job
2015-02-22 17:54 - 2015-01-15 09:05 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
2015-02-22 09:27 - 2014-11-13 14:45 - 00000386 _____ () C:\Windows\Tasks\AmiUpdXp.job
2015-02-22 09:00 - 2014-09-02 12:18 - 00001342 _____ () C:\Windows\Tasks\HK.job
2015-02-21 10:45 - 2014-11-17 10:55 - 00000430 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2015-02-17 18:53 - 2014-11-25 14:17 - 00000424 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2015-02-17 14:17 - 2014-11-25 14:17 - 00000478 _____ () C:\Windows\Tasks\DriverUpdate Scan.job
2015-02-14 18:54 - 2014-09-27 12:26 - 00000000 ____D () C:\Program Files (x86)\Flowsurf
2015-02-14 18:53 - 2014-11-25 14:17 - 00002856 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2015-01-28 19:07 - 2014-11-19 14:47 - 00000000 ____D () C:\Program Files (x86)\f552dd4c52e3
2015-01-28 19:07 - 2014-09-27 12:28 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-01-28 19:06 - 2015-01-10 13:43 - 00000000 ____D () C:\Users\sheryl29\AppData\Local\Bingoliner
2015-01-28 19:06 - 2014-12-01 20:27 - 00000000 ____D () C:\Users\sheryl29\AppData\Local\ConvertAd
2015-01-25 09:53 - 2014-11-13 14:45 - 00000000 ____D () C:\Program Files (x86)\61B895DB-510E-45B8-8975-A9C6B941421C
2015-01-25 09:53 - 2014-11-11 10:10 - 00000000 ____D () C:\Program Files (x86)\OfferBoulevard
Task: {01DF66F1-EC54-4E41-B667-F2E944D2B3EA} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {04F8975F-3740-4AC6-803E-6BD169A2993F} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION
Task: {1343F9BF-019A-4B85-B985-008C2E0C241C} - System32\Tasks\HK => C:\Users\sheryl29\AppData\Roaming\HK.exe <==== ATTENTION
Task: {13BADC7C-696A-422C-B49F-597669F00752} - System32\Tasks\fsupdate => C:\Program Files (x86)\Flowsurf\fsupd.exe [2014-04-16] () <==== ATTENTION
Task: {275D692F-B1AC-4AAF-A50B-4A38E2734448} - System32\Tasks\PennyBee => C:\Users\sheryl29\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {309B8E83-8CCB-4501-A618-171674F84C3B} - System32\Tasks\1fd3c511-74de-4617-bbc9-af152e4d4c0e-4 => C:\Program Files (x86)\Browsers Apps -\1fd3c511-74de-4617-bbc9-af152e4d4c0e-4.exe <==== ATTENTION
Task: {3462FC9C-F062-41FA-95C2-928ACDA9B05B} - System32\Tasks\1fd3c511-74de-4617-bbc9-af152e4d4c0e-5_user => C:\Program Files (x86)\Browsers Apps -\1fd3c511-74de-4617-bbc9-af152e4d4c0e-5.exe <==== ATTENTION
Task: {34F6FBB1-528A-4053-A1CD-260789A8FC4F} - System32\Tasks\EKEK => C:\Users\sheryl29\AppData\Roaming\EKEK.exe <==== ATTENTION
Task: {364197D3-6291-4376-B4FB-853590A26BB6} - System32\Tasks\FF Watcher {9452F86E-5968-4878-8BD2-A2B876717044} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {3948FFC8-CD16-424C-8535-BD7A697D99CF} - System32\Tasks\1fd3c511-74de-4617-bbc9-af152e4d4c0e-2 => C:\Program Files (x86)\Browsers Apps -\1fd3c511-74de-4617-bbc9-af152e4d4c0e-2.exe <==== ATTENTION
Task: {5D2EB655-00C6-4401-936E-6442E3B23F68} - System32\Tasks\1fd3c511-74de-4617-bbc9-af152e4d4c0e-1 => C:\Program Files (x86)\Browsers Apps -\Browsers Apps --codedownloader.exe <==== ATTENTION
Task: {75AEC057-FA4A-4CED-884C-BBB96B5177D2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {78A462B1-3F52-47FF-BB5D-6AFB3DA89D17} - System32\Tasks\1fd3c511-74de-4617-bbc9-af152e4d4c0e-6 => C:\Program Files (x86)\Browsers Apps -\1fd3c511-74de-4617-bbc9-af152e4d4c0e-6.exe <==== ATTENTION
Task: {7D83E64D-D6E4-4676-9DD6-6E41C897D6EF} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8B17356B-7EF2-4DC4-9857-1C76E0D75B27} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver8BlockAndSurf\R0BlockAndSurfQ33.exe <==== ATTENTION
Task: {8C9C2917-4665-44EE-B7D0-C31A1C8FA704} - System32\Tasks\1fd3c511-74de-4617-bbc9-af152e4d4c0e-5 => C:\Program Files (x86)\Browsers Apps -\1fd3c511-74de-4617-bbc9-af152e4d4c0e-5.exe <==== ATTENTION
Task: {BB020CB6-E821-46CA-B2E9-FBA6214929EE} - System32\Tasks\1fd3c511-74de-4617-bbc9-af152e4d4c0e-11 => C:\Program Files (x86)\Browsers Apps -\1fd3c511-74de-4617-bbc9-af152e4d4c0e-11.exe <==== ATTENTION
Task: {C7B735D0-A50D-40AC-877B-19FD30DD7A50} - System32\Tasks\AmiUpdXp => C:\Users\sheryl29\AppData\Local\18373\Updater.exe <==== ATTENTION
Task: {D1388C22-5BA5-474A-89A5-8CE75C5B4178} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D43E51E6-7A14-4118-97A6-877747BDEC88} - System32\Tasks\1fd3c511-74de-4617-bbc9-af152e4d4c0e-3 => C:\Program Files (x86)\Browsers Apps -\1fd3c511-74de-4617-bbc9-af152e4d4c0e-3.exe <==== ATTENTION
Task: {EDDD5DBD-9BAC-48BE-B3FC-26B4DCC18CF2} - System32\Tasks\Norton Product InstallerIdle => C:\Users\sheryl29\AppData\Local\Temp\SymInstallStub.exe <==== ATTENTION
Task: {EDF5B177-DD95-47D5-B214-07C0E0849D39} - System32\Tasks\FF Watcher {63373273-82B9-4EF0-9B68-33F61ED2D0B4} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {F7B4F066-44C3-4376-B3B2-4D39E3F2F99F} - System32\Tasks\SAUpdate => C:\Program Files\SearchAssist\sa.exe [2014-10-26] ()
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\sheryl29\AppData\Local\18373\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver8BlockAndSurf\R0BlockAndSurfQ33.exe <==== ATTENTION
Task: C:\Windows\Tasks\EKEK.job => C:\Users\sheryl29\AppData\Roaming\EKEK.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {63373273-82B9-4EF0-9B68-33F61ED2D0B4}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\HK.job => C:\Users\sheryl29\AppData\Roaming\HK.exe <==== ATTENTION
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Users\sheryl29\AppData\Local\Temp\SymInstallStub.exe <==== ATTENTION
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\sheryl29\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE/Check sheryl290Ñ¥< <==== ATTENTION
C:\Program Files (x86)\RelevantKnowledge
C:\Users\sheryl29\AppData\Roaming\VOPackage
C:\Program Files (x86)\SpeedItup Free
C:\PROGRA~2\SearchProtect
C:\Users\sheryl29\AppData\Local\Smartbar
C:\Program Files\SearchAssist
C:\Program Files (x86)\ver8BlockAndSurf\
C:\Program Files (x86)\grassmow
C:\Program Files (x86)\SupTab
C:\Program Files (x86)\Flowsurf
C:\Program Files\V-bates
C:\Program Files (x86)\AnyProtectEx
%LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe
C:\Users\sheryl29\AppData\Roaming\HK.exe
C:\Users\sheryl29\AppData\Roaming\PennyBee
C:\Program Files (x86)\Browsers Apps -
C:\Users\sheryl29\AppData\Roaming\EKEK.exe
C:\Users\sheryl29\AppData\Local\18373
C:\Program Files (x86)\MyPC Backup
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner.txt as well.

  • 0

#6
pakman81

pakman81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi Essexboy,

 

   Very much appreciated.  Attached File  Fixlog.txt   19.08KB   93 downloads  Posted the fixlog from FRST as instructed. I will now do AdwCleaner download then get back to you.

 

Regards


  • 0

#7
pakman81

pakman81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hey Essexboy,

 

  Here is the AdwCleaner logfile attachment. Attached File  AdwCleanerS1.txt   10.45KB   129 downloads

 

Thanks


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: adware generi6.QJC, adware generic6.QDX

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP