Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware infection: popus, redirects and unwanted adds. [Solved]

Malware popups add ware

  • This topic is locked This topic is locked

#1
Mrs_Roboto

Mrs_Roboto

    Member

  • Member
  • PipPip
  • 36 posts

Chrome has become un-usable with pop ups, adds and other forms of malware.  I have ran malwarebytes and spybot search and destroy but the adds and pop ups are still lhere.  Any help would be greatly appreciated.  Thank you.

 

 

OTL logfile created on: 2/28/2015 8:46:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Super Dooper User\Desktop\older tools
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 47.18% Memory free
8.20 Gb Paging File | 5.96 Gb Available in Paging File | 72.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.73 Gb Total Space | 242.39 Gb Free Space | 52.05% Space Free | Partition Type: NTFS
Drive D: | 362.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: MATT-PC | User Name: Super Dooper User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/17 15:45:00 | 000,843,592 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/30 16:15:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Super Dooper User\Desktop\older tools\OTL.exe
PRC - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/17 15:44:58 | 014,965,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
MOD - [2015/02/17 15:44:57 | 009,171,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/30 03:15:10 | 000,366,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2015/01/30 03:15:10 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2015/02/06 02:32:45 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/20 20:14:45 | 000,226,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2015/01/20 20:14:36 | 000,377,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/10/31 11:15:34 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/05/07 16:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/30 12:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/20 20:14:38 | 000,107,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/11/15 14:46:08 | 000,124,560 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/10/31 11:15:34 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2014/10/31 11:15:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 19:46:53 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2008/01/20 19:46:53 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 19:46:53 | 000,392,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2008/01/14 16:56:22 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/12/20 16:33:08 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV - [2014/10/31 11:15:34 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51682;https=127.0.0.1:51682
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51682;https=127.0.0.1:51682
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 94 69 23 F1 0C D0 01  [binary data]
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\Melodee\Desktop\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013/12/06 09:10:49 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/11/23 21:21:47 | 000,517,099 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 0.0.0.0 fr.a2dfp.net
O1 - Hosts: 0.0.0.0 m.fr.a2dfp.net
O1 - Hosts: 0.0.0.0 mfr.a2dfp.net
O1 - Hosts: 0.0.0.0 ad.a8.net
O1 - Hosts: 0.0.0.0 asy.a8ww.net
O1 - Hosts: 0.0.0.0 static.a-ads.com
O1 - Hosts: 0.0.0.0 abcstats.com
O1 - Hosts: 0.0.0.0 ad4.abradio.cz
O1 - Hosts: 0.0.0.0 a.abv.bg
O1 - Hosts: 0.0.0.0 adserver.abv.bg
O1 - Hosts: 0.0.0.0 adv.abv.bg
O1 - Hosts: 0.0.0.0 bimg.abv.bg
O1 - Hosts: 0.0.0.0 ca.abv.bg
O1 - Hosts: 0.0.0.0 www2.a-counter.kiev.ua
O1 - Hosts: 0.0.0.0 track.acclaimnetwork.com
O1 - Hosts: 0.0.0.0 accuserveadsystem.com
O1 - Hosts: 0.0.0.0 www.accuserveadsystem.com
O1 - Hosts: 0.0.0.0 achmedia.com
O1 - Hosts: 0.0.0.0 csh.actiondesk.com
O1 - Hosts: 0.0.0.0 ads.activepower.net
O1 - Hosts: 0.0.0.0 app.activetrail.com
O1 - Hosts: 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0 traffic.acwebconnecting.com
O1 - Hosts: 15481 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-227322287-1983885510-2833786511-1004..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-227322287-1983885510-2833786511-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E2A801E-9280-4474-9B30-3028987B647E}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/09 17:57:07 | 000,000,374 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/28 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\Desktop\Scan results
[2015/02/28 19:33:24 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\Desktop\older tools
[2015/02/28 19:14:32 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\Skype
[2015/02/28 19:14:24 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Skype
[2015/02/28 19:10:14 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\Documents\Remote Assistance Logs
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/28 20:32:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/28 20:04:48 | 000,758,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/28 20:04:48 | 000,641,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/28 20:04:48 | 000,119,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/28 20:00:52 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/28 20:00:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/28 20:00:19 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2015/02/28 19:58:23 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/28 19:58:23 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/28 19:58:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/28 19:30:04 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/28 19:29:37 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/28 19:11:51 | 000,000,185 | ---- | M] () -- C:\Users\Super Dooper User\AppData\Local\RAExpertHistory.xml
[2015/02/28 19:10:14 | 000,000,185 | ---- | M] () -- C:\Users\Super Dooper User\AppData\Local\rahistory.xml
[2015/02/28 19:09:00 | 000,000,000 | -H-- | M] () -- C:\Users\Super Dooper User\Documents\Default.rdp
[2015/02/25 00:30:00 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2015/02/13 03:28:19 | 000,282,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/13 03:09:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015/02/01 00:29:59 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
 
========== Files Created - No Company Name ==========
 
[2015/02/28 19:10:42 | 000,000,185 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Local\RAExpertHistory.xml
[2015/02/28 19:10:14 | 000,000,185 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Local\rahistory.xml
[2015/02/28 19:09:00 | 000,000,000 | -H-- | C] () -- C:\Users\Super Dooper User\Documents\Default.rdp
[2014/11/23 19:39:31 | 000,000,004 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\appdataFr2.bin
[2014/11/23 19:15:09 | 000,000,680 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Local\d3d9caps.dat
[2014/11/23 19:13:59 | 000,000,008 | RHS- | C] () -- C:\Users\Super Dooper User\ntuser.pol
[2014/11/23 15:15:58 | 000,116,270 | ---- | C] () -- C:\Windows\hpoins33.dat.temp
[2014/11/23 15:15:58 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat.temp
[2014/10/05 13:28:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/10/05 13:28:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/10/05 13:28:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/10/05 13:28:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/10/05 13:28:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/05/19 18:18:53 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/06 09:04:01 | 000,116,300 | ---- | C] () -- C:\Windows\hpoins33.dat
[2013/12/06 09:04:01 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2013/11/27 10:15:55 | 000,751,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/26 14:33:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2013/11/26 14:33:38 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2013/11/26 14:33:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/11/26 13:24:41 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 09:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/10 16:47:11 | 000,000,000 | ---D | M] -- C:\Users\Don't Blink\AppData\Roaming\Template
[2013/12/25 14:34:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2013/11/28 23:20:42 | 000,000,000 | ---D | M] -- C:\Users\Melodee\AppData\Roaming\Template
[2013/12/02 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\Melodee\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Can you post the Extras.txt file that is in your older tools folder on your desktop please?


  • 0

#3
Mrs_Roboto

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

I am not seeing a copy of extra.txt file in that directory.  The only file I can find is from a previous help session. 

 

http://www.geekstogo...page-redirects/


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, instead of re-running OTL to get the log, I'd prefer to use a different tool. Please do the following.

 

Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.


  • 0

#5
Mrs_Roboto

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Here you go

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Super Dooper User (administrator) on MATT-PC on 01-03-2015 00:05:03
Running from C:\Users\Super Dooper User\Desktop
Loaded Profiles: Super Dooper User (Available profiles: Matt & Melodee & Don't Blink & Molly-Geneva & Super Dooper User)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-10-31] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51682;https=127.0.0.1:51682
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-227322287-1983885510-2833786511-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Melodee\Desktop\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013-12-06]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-23]
CHR Extension: (Google Drive) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-30]
CHR Extension: (YouTube) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
CHR Extension: (Google Search) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
CHR Extension: (Google Wallet) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]
CHR Extension: (Gmail) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-31] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-10-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [392704 2008-01-20] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1523712 2008-01-20] (Conexant Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 00:05 - 2015-03-01 00:05 - 00016348 _____ () C:\Users\Super Dooper User\Desktop\FRST.txt
2015-03-01 00:01 - 2015-03-01 00:02 - 02092544 _____ (Farbar) C:\Users\Super Dooper User\Desktop\FRST64.exe
2015-02-28 23:08 - 2014-11-30 16:15 - 00602112 _____ (OldTimer Tools) C:\Users\Super Dooper User\Desktop\OTL.exe
2015-02-28 21:46 - 2015-02-28 21:47 - 00000000 ____D () C:\Users\Super Dooper User\Desktop\Feb 28
2015-02-28 19:33 - 2015-02-28 21:47 - 00000000 ____D () C:\Users\Super Dooper User\Desktop\older tools
2015-02-28 19:14 - 2015-02-28 19:14 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Roaming\Skype
2015-02-28 19:14 - 2015-02-28 19:14 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Skype
2015-02-28 19:10 - 2015-02-28 19:11 - 00000185 _____ () C:\Users\Super Dooper User\AppData\Local\RAExpertHistory.xml
2015-02-28 19:10 - 2015-02-28 19:10 - 00000185 _____ () C:\Users\Super Dooper User\AppData\Local\rahistory.xml
2015-02-28 19:09 - 2015-02-28 19:09 - 00000000 ____H () C:\Users\Super Dooper User\Documents\Default.rdp
2015-02-27 17:28 - 2015-02-27 17:55 - 00000000 ____D () C:\Users\Matt\Desktop\pics
2015-02-13 23:19 - 2015-01-22 21:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 23:19 - 2015-01-22 20:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-13 23:19 - 2015-01-22 20:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 23:19 - 2015-01-22 19:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-13 03:11 - 2014-12-07 18:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 03:11 - 2014-12-07 18:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 03:10 - 2015-01-08 17:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 03:10 - 2014-11-25 19:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-13 03:10 - 2014-11-25 18:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 03:09 - 2015-01-12 18:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 03:09 - 2015-01-12 18:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-13 03:08 - 2015-01-14 23:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-13 03:08 - 2015-01-14 21:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 06:03 - 2015-01-13 20:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 06:03 - 2015-01-13 19:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 06:03 - 2015-01-13 19:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 06:03 - 2015-01-13 19:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 06:03 - 2015-01-13 19:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 06:03 - 2015-01-13 19:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 06:03 - 2015-01-13 19:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 06:03 - 2015-01-13 19:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 06:03 - 2015-01-13 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 06:03 - 2015-01-13 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 06:03 - 2015-01-13 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 06:03 - 2015-01-13 19:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 06:03 - 2015-01-13 19:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 06:03 - 2015-01-13 19:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 06:03 - 2015-01-13 19:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 06:03 - 2015-01-13 19:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 06:03 - 2015-01-13 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 06:03 - 2015-01-13 19:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 06:03 - 2015-01-13 19:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 06:03 - 2015-01-13 19:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 06:03 - 2015-01-13 18:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 06:03 - 2015-01-13 18:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 06:03 - 2015-01-13 18:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 06:03 - 2015-01-13 18:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 06:03 - 2015-01-13 18:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 06:03 - 2015-01-13 18:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 06:03 - 2015-01-13 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 06:03 - 2015-01-13 18:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 06:03 - 2015-01-13 18:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 00:05 - 2014-11-30 16:07 - 00000000 ____D () C:\FRST
2015-03-01 00:00 - 2008-01-20 18:53 - 01370446 _____ () C:\Windows\WindowsUpdate.log
2015-02-28 23:59 - 2014-11-30 19:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 23:58 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 23:58 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-28 23:31 - 2014-11-23 12:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-28 20:04 - 2006-11-02 05:46 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 20:00 - 2014-11-30 19:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 20:00 - 2014-11-23 19:27 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-28 19:58 - 2014-12-01 20:13 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-28 19:58 - 2014-12-01 20:13 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-28 19:58 - 2014-11-30 17:20 - 00006256 _____ () C:\Windows\PFRO.log
2015-02-28 19:58 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-28 19:57 - 2014-04-21 21:00 - 00000000 ____D () C:\Users\Matt\AppData\Local\com
2015-02-28 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Melodee\AppData\Local\com
2015-02-28 19:57 - 2006-11-02 08:42 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-28 19:57 - 2006-11-02 06:33 - 00000000 __RSD () C:\Windows\Media
2015-02-28 19:30 - 2014-10-04 17:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 19:29 - 2014-10-04 17:48 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 19:29 - 2014-10-04 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 19:29 - 2014-10-04 17:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-28 00:08 - 2014-12-01 20:13 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-25 00:30 - 2014-11-23 19:27 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-13 03:28 - 2006-11-02 08:21 - 00282032 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 03:09 - 2013-11-27 10:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-13 03:09 - 2013-11-27 10:41 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-13 03:09 - 2013-11-27 10:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 03:09 - 2013-11-27 10:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-13 03:08 - 2013-11-26 13:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 03:01 - 2006-11-02 05:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-08 18:55 - 2014-11-30 19:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 18:55 - 2014-11-30 19:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 02:32 - 2014-11-23 12:09 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 02:32 - 2013-11-27 10:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 02:32 - 2013-11-27 10:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 00:29 - 2014-11-23 19:27 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

==================== Files in the root of some directories =======

2014-11-23 19:39 - 2014-11-30 17:02 - 0000004 _____ () C:\Users\Super Dooper User\AppData\Roaming\appdataFr2.bin
2014-11-23 19:15 - 2014-11-23 19:15 - 0000680 _____ () C:\Users\Super Dooper User\AppData\Local\d3d9caps.dat
2015-02-28 19:10 - 2015-02-28 19:11 - 0000185 _____ () C:\Users\Super Dooper User\AppData\Local\RAExpertHistory.xml
2015-02-28 19:10 - 2015-02-28 19:10 - 0000185 _____ () C:\Users\Super Dooper User\AppData\Local\rahistory.xml
2013-12-06 09:04 - 2014-11-23 15:33 - 0001584 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Matt\AppData\Local\temp\{6234973B-6FC3-4AE2-9E34-A5F9A4C9DE8B}-40.0.2214.94_chrome_installer.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-28 20:04

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Super Dooper User at 2015-03-01 00:05:41
Running from C:\Users\Super Dooper User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
C5500 (x32 Version: 120.0.234.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
French Spelling Settings (HKLM-x32\...\FrRefEng) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4 (HKLM\...\{B8000353-9E60-4e84-BF3E-CD9996EF80EE}) (Version: 12.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Network Connections 12.4.38.0 (HKLM\...\PROSetDX) (Version: 12.4.38.0 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn (HKLM-x32\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PS_AIO_04_C5500_Software_Min (x32 Version: 120.0.234.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

17-01-2015 00:00:01 Scheduled Checkpoint
18-01-2015 00:00:01 Scheduled Checkpoint
18-01-2015 03:35:22 Windows Update
19-01-2015 00:00:01 Scheduled Checkpoint
20-01-2015 00:00:00 Scheduled Checkpoint
21-01-2015 00:00:02 Scheduled Checkpoint
22-01-2015 00:00:02 Scheduled Checkpoint
22-01-2015 03:35:35 Windows Update
23-01-2015 00:00:01 Scheduled Checkpoint
24-01-2015 00:00:01 Scheduled Checkpoint
26-01-2015 03:35:33 Windows Update
30-01-2015 04:21:05 Windows Update
02-02-2015 06:02:33 Windows Update
06-02-2015 06:37:34 Windows Update
08-02-2015 20:16:55 Scheduled Checkpoint
09-02-2015 19:02:15 Windows Update
10-02-2015 19:07:04 Scheduled Checkpoint
12-02-2015 00:00:01 Scheduled Checkpoint
13-02-2015 00:00:02 Scheduled Checkpoint
13-02-2015 03:00:10 Windows Update
14-02-2015 00:00:01 Scheduled Checkpoint
14-02-2015 03:00:11 Windows Update
15-02-2015 00:00:02 Scheduled Checkpoint
17-02-2015 03:39:31 Windows Update
20-02-2015 05:08:46 Scheduled Checkpoint
21-02-2015 00:00:01 Scheduled Checkpoint
21-02-2015 03:39:28 Windows Update
22-02-2015 00:00:02 Scheduled Checkpoint
24-02-2015 21:53:01 Scheduled Checkpoint
25-02-2015 03:39:01 Windows Update
26-02-2015 00:00:03 Scheduled Checkpoint
27-02-2015 00:00:02 Scheduled Checkpoint
28-02-2015 00:37:09 Scheduled Checkpoint
28-02-2015 20:11:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:34 - 2014-11-23 21:21 - 00517099 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BAFF6EF-1DDC-4CCA-BFFE-5C043DAAE729} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {51691287-5676-4C7D-AD4C-195107D43DD4} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {59A9ABDA-924B-4F4B-A00A-497EB915C595} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5D22EB19-286D-44E4-8123-169DBC46C1C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {6BEFB7D4-13D2-40BD-BC6B-FF86A7A42A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {7E11E062-945B-4242-B967-9273565EEAA8} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {A2F89734-B4CA-4401-A374-F68C0686FF1E} - System32\Tasks\{FE45FF23-BA16-4CD3-83A8-AE374E17DDF9} => pcalua.exe -a "C:\Users\Super Dooper User\Downloads\esetsmartinstaller_enu.exe" -d "C:\Users\Super Dooper User\Downloads"
Task: {CB33BCE2-8194-41E4-B643-9AAE6F42E20B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {CF3C90FE-519E-4CE4-906C-82CFA903F4EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6D637C7-3F8C-47FC-B46F-58D7D44AB595} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-23 19:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-23 19:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-23 19:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-23 19:26 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-23 19:26 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-227322287-1983885510-2833786511-500 - Administrator - Disabled)
Don't Blink (S-1-5-21-227322287-1983885510-2833786511-1002 - Limited - Enabled) => C:\Users\Don't Blink
Guest (S-1-5-21-227322287-1983885510-2833786511-501 - Limited - Disabled)
Matt (S-1-5-21-227322287-1983885510-2833786511-1000 - Limited - Enabled) => C:\Users\Matt
Melodee (S-1-5-21-227322287-1983885510-2833786511-1001 - Limited - Enabled) => C:\Users\Melodee
Molly-Geneva (S-1-5-21-227322287-1983885510-2833786511-1003 - Limited - Enabled) => C:\Users\Molly-Geneva
Super Dooper User (S-1-5-21-227322287-1983885510-2833786511-1004 - Administrator - Enabled) => C:\Users\Super Dooper User

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2015 11:24:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/28/2015 09:00:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.115 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: dc8
Start Time: 01d053d16f9ab4a7
Termination Time: 0

Error: (02/28/2015 07:59:07 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (02/28/2015 07:58:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 00:00:01 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (02/27/2015 11:59:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 03:29:23 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (02/13/2015 03:28:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 03:06:43 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (02/13/2015 03:06:42 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

System errors:
=============
Error: (02/28/2015 07:58:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep

Error: (02/27/2015 11:59:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep

Error: (02/23/2015 05:33:58 PM) (Source: DCOM) (EventID: 10016) (User: Matt-PC)
Description: application-specificLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}Matt-PCMattS-1-5-21-227322287-1983885510-2833786511-1000LocalHost (Using LRPC)

Error: (02/14/2015 03:38:34 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5

Error: (02/14/2015 03:38:32 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (02/13/2015 03:38:35 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5

Error: (02/13/2015 03:38:32 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (02/13/2015 03:29:02 AM) (Source: W32Time) (EventID: 34) (User: )
Description: The time service has detected that the system time needs to be  changed by -86350 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->134.170.185.211:123) is working properly.

Error: (02/13/2015 03:28:51 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%886

 Error Code: 0x80070005

 Error description: Access is denied.

 Reason: %%892

Error: (02/13/2015 03:28:51 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Microsoft Office Sessions:
=========================
Error: (02/28/2015 11:24:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Super Dooper User\Downloads\esetsmartinstaller_enu.exe

Error: (02/28/2015 09:00:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.115dc801d053d16f9ab4a70

Error: (02/28/2015 07:59:07 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (02/28/2015 07:58:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 00:00:01 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (02/27/2015 11:59:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 03:29:23 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (02/13/2015 03:28:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 03:06:43 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (02/13/2015 03:06:42 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

CodeIntegrity Errors:
===================================
  Date: 2015-02-28 23:27:47.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 23:27:47.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 23:27:47.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 23:27:47.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 23:27:47.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 23:27:47.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 23:27:46.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 23:27:46.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 23:27:46.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 23:27:46.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 58%
Total physical RAM: 4084.27 MB
Available physical RAM: 1691.11 MB
Total Pagefile: 8397.83 MB
Available Pagefile: 5122.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.73 GB) (Free:242.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (LifeCam_30) (CDROM) (Total:0.35 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 19F5C167)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. Please do the following.

 

Step#1 - Warnings

Spybot Search & Destroy
I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.
immunize.JPG

 

Step#2 - Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

 

Step#3 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

Java 7 Update 45 (64-bit)
Java 7 Update 71
Skype Click to Call

 

Step#4 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1005bytes   154 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#5 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#6 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix log

2. AdwCleaner log
3. FRST and Addition logs
 


  • 0

#7
Mrs_Roboto

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Deleted suggested programs including Spy bot.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Super Dooper User at 2015-03-01 03:30:00 Run:2
Running from C:\Users\Super Dooper User\Desktop
Loaded Profiles: Super Dooper User (Available profiles: Matt & Melodee & Don't Blink & Molly-Geneva & Super Dooper User)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51682;https=127.0.0.1:51682
cmd: bitsadmin /util /setieproxy localsystem NO_PROXY RESET
Task: {1BAFF6EF-1DDC-4CCA-BFFE-5C043DAAE729} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {7E11E062-945B-4242-B967-9273565EEAA8} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
cmd: bitsadmin /reset /allusers
EmptyTemp:
 
*****************
 
Restore point was successfully created.
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => No running process found
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => No running process found
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe => No running process found
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => No running process found
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
 
=========  bitsadmin /util /setieproxy localsystem NO_PROXY RESET =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
IE proxy settings for account localsystem set to NO_PROXY.
(connection = default)
 
 
========= End of CMD: =========
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BAFF6EF-1DDC-4CCA-BFFE-5C043DAAE729}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BAFF6EF-1DDC-4CCA-BFFE-5C043DAAE729}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E11E062-945B-4242-B967-9273565EEAA8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E11E062-945B-4242-B967-9273565EEAA8}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
{BCE52F9A-8567-48FC-AABD-7D66014562F4} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 223.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 03:30:53 ====
 
 
# AdwCleaner v4.111 - Logfile created 01/03/2015 at 03:44:58
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Super Dooper User - MATT-PC
# Running from : C:\Users\Super Dooper User\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Program Files (x86)\LeuickyShopper
[!] Folder Deleted : C:\ProgramData\flgjdmgpakkffmapnkhncfhiedmnchim
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Deleted : HKLM\SOFTWARE\Taronja
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16609
 
 
-\\ Google Chrome v40.0.2214.115
 
[C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [45970 bytes] - [05/10/2014 16:34:24]
AdwCleaner[R1].txt - [4623 bytes] - [23/11/2014 11:49:04]
AdwCleaner[R2].txt - [2531 bytes] - [30/11/2014 17:53:45]
AdwCleaner[R3].txt - [2267 bytes] - [30/11/2014 18:39:18]
AdwCleaner[R4].txt - [2728 bytes] - [01/03/2015 03:42:58]
AdwCleaner[S0].txt - [40255 bytes] - [05/10/2014 16:35:36]
AdwCleaner[S1].txt - [4315 bytes] - [23/11/2014 12:01:23]
AdwCleaner[S2].txt - [2270 bytes] - [30/11/2014 18:42:44]
AdwCleaner[S3].txt - [2691 bytes] - [01/03/2015 03:44:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2750  bytes] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Super Dooper User (administrator) on MATT-PC on 01-03-2015 03:50:07
Running from C:\Users\Super Dooper User\Desktop
Loaded Profiles: Super Dooper User (Available profiles: Matt & Melodee & Don't Blink & Molly-Geneva & Super Dooper User)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-10-31] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Melodee\Desktop\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013-12-06]
 
Chrome: 
=======
CHR Profile: C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Docs) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Gmail) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-31] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-10-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [392704 2008-01-20] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1523712 2008-01-20] (Conexant Systems, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 03:50 - 2015-03-01 03:50 - 00012783 _____ () C:\Users\Super Dooper User\Desktop\FRST.txt
2015-03-01 03:49 - 2015-03-01 03:49 - 00002834 _____ () C:\Users\Super Dooper User\Desktop\AdwCleaner[S3].txt
2015-03-01 03:40 - 2015-03-01 03:41 - 02126848 _____ () C:\Users\Super Dooper User\Desktop\AdwCleaner.exe
2015-03-01 03:28 - 2015-03-01 03:28 - 00001005 _____ () C:\Users\Super Dooper User\Downloads\fixlist (1).txt
2015-03-01 03:26 - 2015-03-01 03:26 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-01 03:26 - 2015-03-01 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-01 03:25 - 2015-03-01 03:47 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 03:25 - 2015-03-01 03:30 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 03:25 - 2015-03-01 03:25 - 00003916 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-01 03:25 - 2015-03-01 03:25 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-01 03:24 - 2015-03-01 03:25 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Deployment
2015-03-01 03:24 - 2015-03-01 03:24 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Apps\2.0
2015-03-01 03:08 - 2015-03-01 03:08 - 00000410 _____ () C:\Users\Super Dooper User\Desktop\bookmarks_3_1_15.html
2015-03-01 01:27 - 2015-03-01 01:27 - 00000085 _____ () C:\Windows\wininit.ini
2015-03-01 00:01 - 2015-03-01 00:02 - 02092544 _____ (Farbar) C:\Users\Super Dooper User\Desktop\FRST64.exe
2015-02-28 23:08 - 2014-11-30 16:15 - 00602112 _____ (OldTimer Tools) C:\Users\Super Dooper User\Desktop\OTL.exe
2015-02-28 21:46 - 2015-02-28 21:47 - 00000000 ____D () C:\Users\Super Dooper User\Desktop\Feb 28
2015-02-28 19:33 - 2015-02-28 21:47 - 00000000 ____D () C:\Users\Super Dooper User\Desktop\older tools
2015-02-28 19:14 - 2015-02-28 19:14 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Roaming\Skype
2015-02-28 19:14 - 2015-02-28 19:14 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Skype
2015-02-28 19:10 - 2015-02-28 19:11 - 00000185 _____ () C:\Users\Super Dooper User\AppData\Local\RAExpertHistory.xml
2015-02-28 19:10 - 2015-02-28 19:10 - 00000185 _____ () C:\Users\Super Dooper User\AppData\Local\rahistory.xml
2015-02-28 19:09 - 2015-02-28 19:09 - 00000000 ____H () C:\Users\Super Dooper User\Documents\Default.rdp
2015-02-27 17:28 - 2015-02-27 17:55 - 00000000 ____D () C:\Users\Matt\Desktop\pics
2015-02-13 23:19 - 2015-01-22 21:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 23:19 - 2015-01-22 20:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-13 23:19 - 2015-01-22 20:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 23:19 - 2015-01-22 19:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-13 03:11 - 2014-12-07 18:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 03:11 - 2014-12-07 18:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 03:10 - 2015-01-08 17:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 03:10 - 2014-11-25 19:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-13 03:10 - 2014-11-25 18:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 03:09 - 2015-01-12 18:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 03:09 - 2015-01-12 18:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-13 03:08 - 2015-01-14 23:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-13 03:08 - 2015-01-14 21:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 06:03 - 2015-01-13 20:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 06:03 - 2015-01-13 19:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 06:03 - 2015-01-13 19:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 06:03 - 2015-01-13 19:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 06:03 - 2015-01-13 19:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 06:03 - 2015-01-13 19:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 06:03 - 2015-01-13 19:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 06:03 - 2015-01-13 19:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 06:03 - 2015-01-13 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 06:03 - 2015-01-13 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 06:03 - 2015-01-13 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 06:03 - 2015-01-13 19:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 06:03 - 2015-01-13 19:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 06:03 - 2015-01-13 19:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 06:03 - 2015-01-13 19:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 06:03 - 2015-01-13 19:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 06:03 - 2015-01-13 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 06:03 - 2015-01-13 19:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 06:03 - 2015-01-13 19:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 06:03 - 2015-01-13 19:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 06:03 - 2015-01-13 18:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 06:03 - 2015-01-13 18:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 06:03 - 2015-01-13 18:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 06:03 - 2015-01-13 18:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 06:03 - 2015-01-13 18:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 06:03 - 2015-01-13 18:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 06:03 - 2015-01-13 18:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 06:03 - 2015-01-13 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 06:03 - 2015-01-13 18:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 06:03 - 2015-01-13 18:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 06:03 - 2015-01-13 18:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 03:50 - 2014-11-30 16:07 - 00000000 ____D () C:\FRST
2015-03-01 03:49 - 2008-01-20 18:53 - 01429434 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 03:46 - 2014-12-01 20:13 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-03-01 03:46 - 2014-12-01 20:13 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-03-01 03:46 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 03:46 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 03:46 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 03:45 - 2014-10-05 16:34 - 00000000 ____D () C:\AdwCleaner
2015-03-01 03:45 - 2006-11-02 08:42 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-01 03:37 - 2006-11-02 05:46 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-01 03:32 - 2014-11-30 17:20 - 00009882 _____ () C:\Windows\PFRO.log
2015-03-01 03:26 - 2014-11-23 19:14 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Google
2015-03-01 03:26 - 2013-11-28 20:30 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-01 03:12 - 2014-11-23 19:14 - 00000905 _____ () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 02:35 - 2013-11-28 20:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-01 02:35 - 2013-11-28 20:05 - 00000000 ____D () C:\ProgramData\Skype
2015-03-01 02:32 - 2014-11-23 12:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-01 01:28 - 2014-11-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-01 01:27 - 2014-10-05 14:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-01 00:30 - 2013-12-22 18:22 - 00000000 ____D () C:\Users\Molly-Geneva
2015-03-01 00:30 - 2013-12-10 14:41 - 00000000 ____D () C:\Users\Don't Blink
2015-03-01 00:30 - 2013-11-27 11:43 - 00000000 ____D () C:\Users\Melodee
2015-03-01 00:08 - 2014-12-01 20:13 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-28 19:57 - 2014-04-21 21:00 - 00000000 ____D () C:\Users\Matt\AppData\Local\com
2015-02-28 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Melodee\AppData\Local\com
2015-02-28 19:57 - 2006-11-02 06:33 - 00000000 __RSD () C:\Windows\Media
2015-02-28 19:30 - 2014-10-04 17:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 19:29 - 2014-10-04 17:48 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 19:29 - 2014-10-04 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 19:29 - 2014-10-04 17:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-13 03:28 - 2006-11-02 08:21 - 00282032 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 03:09 - 2013-11-27 10:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-13 03:09 - 2013-11-27 10:41 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-13 03:09 - 2013-11-27 10:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 03:09 - 2013-11-27 10:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-13 03:08 - 2013-11-26 13:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 03:01 - 2006-11-02 05:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-06 02:32 - 2014-11-23 12:09 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 02:32 - 2013-11-27 10:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 02:32 - 2013-11-27 10:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-11-23 19:39 - 2014-11-30 17:02 - 0000004 _____ () C:\Users\Super Dooper User\AppData\Roaming\appdataFr2.bin
2014-11-23 19:15 - 2014-11-23 19:15 - 0000680 _____ () C:\Users\Super Dooper User\AppData\Local\d3d9caps.dat
2015-02-28 19:10 - 2015-02-28 19:11 - 0000185 _____ () C:\Users\Super Dooper User\AppData\Local\RAExpertHistory.xml
2015-02-28 19:10 - 2015-02-28 19:10 - 0000185 _____ () C:\Users\Super Dooper User\AppData\Local\rahistory.xml
2013-12-06 09:04 - 2014-11-23 15:33 - 0001584 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Super Dooper User\AppData\Local\temp\Quarantine.exe
C:\Users\Super Dooper User\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-01 03:52
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Super Dooper User at 2015-03-01 03:51:03
Running from C:\Users\Super Dooper User\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
C5500 (x32 Version: 120.0.234.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
French Spelling Settings (HKLM-x32\...\FrRefEng) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4 (HKLM\...\{B8000353-9E60-4e84-BF3E-CD9996EF80EE}) (Version: 12.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Network Connections 12.4.38.0 (HKLM\...\PROSetDX) (Version: 12.4.38.0 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn (HKLM-x32\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PS_AIO_04_C5500_Software_Min (x32 Version: 120.0.234.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
18-01-2015 03:35:22 Windows Update
19-01-2015 00:00:01 Scheduled Checkpoint
20-01-2015 00:00:00 Scheduled Checkpoint
21-01-2015 00:00:02 Scheduled Checkpoint
22-01-2015 00:00:02 Scheduled Checkpoint
22-01-2015 03:35:35 Windows Update
23-01-2015 00:00:01 Scheduled Checkpoint
24-01-2015 00:00:01 Scheduled Checkpoint
26-01-2015 03:35:33 Windows Update
30-01-2015 04:21:05 Windows Update
02-02-2015 06:02:33 Windows Update
06-02-2015 06:37:34 Windows Update
08-02-2015 20:16:55 Scheduled Checkpoint
09-02-2015 19:02:15 Windows Update
10-02-2015 19:07:04 Scheduled Checkpoint
12-02-2015 00:00:01 Scheduled Checkpoint
13-02-2015 00:00:02 Scheduled Checkpoint
13-02-2015 03:00:10 Windows Update
14-02-2015 00:00:01 Scheduled Checkpoint
14-02-2015 03:00:11 Windows Update
15-02-2015 00:00:02 Scheduled Checkpoint
17-02-2015 03:39:31 Windows Update
20-02-2015 05:08:46 Scheduled Checkpoint
21-02-2015 00:00:01 Scheduled Checkpoint
21-02-2015 03:39:28 Windows Update
22-02-2015 00:00:02 Scheduled Checkpoint
24-02-2015 21:53:01 Scheduled Checkpoint
25-02-2015 03:39:01 Windows Update
26-02-2015 00:00:03 Scheduled Checkpoint
27-02-2015 00:00:02 Scheduled Checkpoint
28-02-2015 00:37:09 Scheduled Checkpoint
28-02-2015 20:11:20 Windows Update
01-03-2015 01:48:19 Removed Java 7 Update 45 (64-bit)
01-03-2015 02:33:41 Removed Java 7 Update 71
01-03-2015 02:35:08 Removed Skype Click to Call
01-03-2015 03:30:03 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:34 - 2014-11-23 21:21 - 00517099 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2556D00D-00CA-44A3-B7CA-FD38CE79CE4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {451A96ED-61A6-4675-9B03-75B98F13334C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {5D22EB19-286D-44E4-8123-169DBC46C1C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {A2F89734-B4CA-4401-A374-F68C0686FF1E} - System32\Tasks\{FE45FF23-BA16-4CD3-83A8-AE374E17DDF9} => pcalua.exe -a "C:\Users\Super Dooper User\Downloads\esetsmartinstaller_enu.exe" -d "C:\Users\Super Dooper User\Downloads"
Task: {CF3C90FE-519E-4CE4-906C-82CFA903F4EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-227322287-1983885510-2833786511-500 - Administrator - Disabled)
Don't Blink (S-1-5-21-227322287-1983885510-2833786511-1002 - Limited - Enabled) => C:\Users\Don't Blink
Guest (S-1-5-21-227322287-1983885510-2833786511-501 - Limited - Disabled)
Matt (S-1-5-21-227322287-1983885510-2833786511-1000 - Limited - Enabled) => C:\Users\Matt
Melodee (S-1-5-21-227322287-1983885510-2833786511-1001 - Limited - Enabled) => C:\Users\Melodee
Molly-Geneva (S-1-5-21-227322287-1983885510-2833786511-1003 - Limited - Enabled) => C:\Users\Molly-Geneva
Super Dooper User (S-1-5-21-227322287-1983885510-2833786511-1004 - Administrator - Enabled) => C:\Users\Super Dooper User
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2015 03:47:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 03:33:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 03:30:00 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d007a683-c2ae-44a6-84f4-4fa39200a52b}
 
Error: (03/01/2015 03:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 01:33:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 01:33:09 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.
 
Error: (03/01/2015 01:30:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 01:29:57 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.
 
Error: (02/28/2015 11:24:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error: (02/28/2015 09:00:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.115 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: dc8
Start Time: 01d053d16f9ab4a7
Termination Time: 0
 
 
System errors:
=============
Error: (03/01/2015 03:47:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (03/01/2015 03:45:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
 
Error: (03/01/2015 03:45:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
Error: (03/01/2015 03:45:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: iPod Service1
 
Error: (03/01/2015 03:44:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Live ID Sign-in Assistant1100001Restart the service
 
Error: (03/01/2015 03:44:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SeaPort1
 
Error: (03/01/2015 03:44:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MSCamSvc1
 
Error: (03/01/2015 03:44:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LogMeIn Maintenance Service1
 
Error: (03/01/2015 03:44:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Bonjour Service1
 
Error: (03/01/2015 03:44:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Apple Mobile Device1600001Restart the service
 
 
Microsoft Office Sessions:
=========================
Error: (03/01/2015 03:47:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 03:33:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 03:30:00 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d007a683-c2ae-44a6-84f4-4fa39200a52b}
 
Error: (03/01/2015 03:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 01:33:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 01:33:09 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)
 
Error: (03/01/2015 01:30:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 01:29:57 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)
 
Error: (02/28/2015 11:24:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Super Dooper User\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/28/2015 09:00:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.115dc801d053d16f9ab4a70
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-28 23:27:47.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-28 23:27:47.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-28 23:27:47.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-28 23:27:47.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-28 23:27:47.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-28 23:27:47.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-28 23:27:46.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-28 23:27:46.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-28 23:27:46.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-28 23:27:46.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 4084.27 MB
Available physical RAM: 2094.75 MB
Total Pagefile: 8341.83 MB
Available Pagefile: 6347.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.73 GB) (Free:243.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (LifeCam_30) (CDROM) (Total:0.35 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 19F5C167)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. How's your machine doing now? Please do the following.

 

Step#1 - Warnings
Windows Sidebar/Gadgets
I see that you use the Windows Sidebar with Gadgets. Microsoft deems these as a security vulnerability and recommends that they are disabled. Unless you have good reason not to, please download and install the Microsoft Fix-It from here. Note: Please ensure you reboot when prompted. If you don't and continue this could leave your machine in an unstable state.

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   294bytes   108 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Step#4 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

1. How's your machine?

2. FRST Fix log

3. Security Check log
4. Contents of the ESET log file

 

 


  • 0

#9
Mrs_Roboto

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Chrome is running better now.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Super Dooper User at 2015-03-01 14:16:31 Run:3
Running from C:\Users\Super Dooper User\Desktop
Loaded Profiles: Super Dooper User (Available profiles: Matt & Melodee & Don't Blink & Molly-Geneva & Super Dooper User)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
BootExecute: autocheck autochk * sdnclean64.exe
2015-03-01 01:28 - 2014-11-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-01 01:27 - 2014-10-05 14:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
hosts:
EmptyTemp:
*****************
 
Restore point was successfully created.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 29.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:16:56 ====
 
 

 Results of screen317's Security Check version 0.99.97  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
 
 
 

C:\AdwCleaner\Quarantine\C\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll.vir a variant of Win64/Adware.Vitruvian.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir a variant of Win32/AnyProtect.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll.vir a variant of Win32/DealPly.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir a variant of Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir Win32/DealPly.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir a variant of Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\BuzzSearchUn.exe.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\BuzzSearchUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx.vir Win32/BrowseFox.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe.vir a variant of MSIL/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\ba099a85e825480283e7.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\ba099a85e825480283e764.dll.vir Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.BrowserAdapter64.exe.vir Win64/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.BrowserFilter.Helper.dll.old.56c2193b-a011-4686-8f1e-8a0a3df0b06a.vir a variant of Win32/BrowseFox.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.BrowserFilter.Helper.dll.vir a variant of Win32/BrowseFox.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.PurBrowse.exe.vir a variant of Win32/Komodia.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.PurBrowse64.exe.vir a variant of Win64/BrowseFox.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearchBrowserFilter.exe.vir a variant of MSIL/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe.vir a variant of MSIL/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\{ba099a85-e825-4802-83e7-d386a5b4a734}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\{ba099a85-e825-4802-83e7-d386a5b4a734}64.dll.vir Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.Bromon.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.BroStats.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapter.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapterS.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.BrowserFilter.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.CompatibilityChecker.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.DspSvc.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.FeSvc.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.FFUpdate.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.GCUpdate.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.IEUpdate.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.OfSvc.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.PurBrowse.dll.vir a variant of MSIL/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.Repmon.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-3.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-4.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-5.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\54248.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\54248.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\Freeven pro-bg.exe.vir a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\Freeven pro-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\Freeven pro-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.BP potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-11.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-4.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-5.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-6.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-64.exe.vir a variant of Win64/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-7.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\1293297481.mxaddon.vir JS/Toolbar.Crossrider.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\2e005868-d558-48fd-96cf-6804b31ddebf.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\58aab648-6173-4e2a-897a-7a6e5399aa39.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\765f16b7-2f30-4905-96e2-a640e6c6c071.dll.vir a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-bg.exe.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-buttonutil.dll.vir a variant of Win32/Toolbar.CrossRider.BD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-buttonutil64.dll.vir a variant of Win64/Toolbar.Crossrider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\LinkeyDeals.exe.vir a variant of Win32/Toolbar.SearchSuite.AA.gen potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\IEExtension\iedll.dll.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\IEExtension\iedll64.dll.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\1293297481.mxaddon.vir JS/Toolbar.Crossrider.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-11.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-2.exe.vir a variant of Win32/Toolbar.CrossRider.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-3.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-4.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-5.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-6.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-64.exe.vir a variant of Win64/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-7.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\2c45f15c-4307-4ad4-ac1b-71a6d2618c31.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\64dce34f-5de1-44ff-868c-eccd331bfb4e.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\810884ce-3099-4e82-835b-17527a05d5cf.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\810884ce-3099-4e82-835b-17527a05d5cf.dll.vir a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-bg.exe.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-buttonutil.dll.vir a variant of Win32/Toolbar.CrossRider.BD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-buttonutil64.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir a variant of Win32/SProtector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir a variant of Win32/SProtector.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll.vir a variant of Win32/AdWare.Vitruvian.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Quiknowledge\Service\qksvc.exe.vir a variant of Win32/AdWare.Vitruvian.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadHelper.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\sbmntr.sys.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlaasHCoupon\C9g6biUy.dll.vir a variant of Win32/AdWare.MultiPlug.T application
C:\AdwCleaner\Quarantine\C\ProgramData\FlaasHCoupon\C9g6biUy.exe.vir a variant of Win32/AdWare.MultiPlug.T application
C:\AdwCleaner\Quarantine\C\ProgramData\FlaasHCoupon\C9g6biUy.x64.dll.vir a variant of Win64/Adware.MultiPlug.C application
C:\AdwCleaner\Quarantine\C\ProgramData\flgjdmgpakkffmapnkhncfhiedmnchim\EvNii2y5MY.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\ProgramData\saviinGtoyiou\1_AsDh.dll.vir a variant of Win32/AdWare.MultiPlug.T application
C:\AdwCleaner\Quarantine\C\ProgramData\saviinGtoyiou\1_AsDh.exe.vir a variant of Win32/AdWare.MultiPlug.T application
C:\AdwCleaner\Quarantine\C\ProgramData\saviinGtoyiou\1_AsDh.x64.dll.vir a variant of Win64/Adware.MultiPlug.C application
C:\AdwCleaner\Quarantine\C\ProgramData\TicTaCiouupon\YkDdD.dll.vir a variant of Win32/AdWare.MultiPlug.AY application
C:\AdwCleaner\Quarantine\C\ProgramData\TicTaCiouupon\YkDdD.exe.vir a variant of Win32/AdWare.MultiPlug.AG application
C:\AdwCleaner\Quarantine\C\ProgramData\TicTaCiouupon\YkDdD.x64.dll.vir a variant of Win64/Adware.MultiPlug.D application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\AnyProtectScannerSetup.exe.vir Win32/AnyProtect.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\fst_us_70\upfst_us_70.exe.vir a variant of Win32/Adware.EoRezo.AJ application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\fst_us_70\Download\majfstusau.exe.vir multiple threats
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\fst_us_70\Download\majfst_gentleus.exe.vir Win32/AdWare.EoRezo.AW application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\fst_us_87\upfst_us_87.exe.vir a variant of Win32/Adware.EoRezo.AJ application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.5.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\pay-by-ads\Yahoo! Search\1.3.8.2\chrmXtn.dll.vir a variant of Win32/Toolbar.Montiera.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\pay-by-ads\Yahoo! Search\1.3.8.2\dsrlte.exe.vir a variant of Win32/Toolbar.Montiera.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\pay-by-ads\Yahoo! Search\1.3.8.2\ffxtn.dll.vir a variant of Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.vir a variant of MSIL/Adware.StrongVault.A application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\AnyProtectScannerSetup.exe.vir Win32/AnyProtect.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.1_0\background.js.vir Win32/BrowseFox.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.1_0\content.js.vir Win32/BrowseFox.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dkok9aoF.dll.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrlte.exe.vir a variant of Win32/Toolbar.Montiera.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrsetup.exe.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\oeimWmjm.dll.vir a variant of Win32/Toolbar.Montiera.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\res.dll.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.vir a variant of MSIL/Adware.StrongVault.A application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Roaming\VOPackage\VOsrv.exe.vir a variant of Win32/VOPackage.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrlte.exe.vir a variant of Win32/Toolbar.Montiera.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrsetup.exe.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\hfAbmn8o.dll.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\klghRbpf.dll.vir a variant of Win32/Toolbar.Montiera.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\res.dll.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir Win64/AdvancedSystemProtector.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{ba099a85-e825-4802-83e7-d386a5b4a734}t.sys.vir a variant of Win32/Komodia.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{ba099a85-e825-4802-83e7-d386a5b4a734}t64.sys.vir a variant of Win64/Komodia.A potentially unsafe application
C:\Herb Korff\Guest\AppData\LocalLow\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files\Common Files\System\SysMenu64.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\170.dll.vir a variant of Win32/AdWare.AddLyrics.BH application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfB15.exe.vir a variant of Win32/AdWare.AddLyrics.AM application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe.vir a variant of Win32/AdWare.AddLyrics.AO application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfgd170.dll.vir a variant of Win32/AdWare.AddLyrics.BA application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfgd170.exe.vir a variant of Win32/AdWare.AddLyrics.AN application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe.vir a variant of Win32/AdWare.AddLyrics.AR application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\Uninstall.exe.vir a variant of Win32/AdWare.AddLyrics.AS application
C:\Qoobox\Quarantine\C\Program Files (x86)\Freeven pro\FrEEven pro-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.F potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyPC Backup\Configuration Updater.exe.vir a variant of MSIL/RunElevated.A potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir a variant of MSIL/MyPCBackup.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\NewPlayer\LTV.exe.vir MSIL/Tuguu.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayer.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe.vir MSIL/NewPlayer.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\NewPlayer\references\NewPlayerChecker.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\database1_0_0.json.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll.vir a variant of Win64/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\SPRemove.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe.vir Win32/ShopperPro.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.sys.vir Win64/ShopperPro.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\database1_0_0.json.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe.vir Win32/ShopperPro.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.sys.vir Win64/ShopperPro.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Wajam\uninstall.exe.vir Win32/Wajam.K potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe.vir a variant of MSIL/Wajam.A potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\BETterPriceCheicu\ECIkraoIwM.dll.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\Qoobox\Quarantine\C\ProgramData\BETterPriceCheicu\ECIkraoIwM.exe.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\Qoobox\Quarantine\C\ProgramData\BETterPriceCheicu\ECIkraoIwM.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application
C:\Qoobox\Quarantine\C\ProgramData\ShopperPro\database1_0_0.json.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll.vir a variant of Win64/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\unicoupons\CaNS.dll.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\Qoobox\Quarantine\C\ProgramData\unicoupons\CaNS.exe.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\Qoobox\Quarantine\C\ProgramData\unicoupons\CaNS.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\196\content.js.vir JS/Chromex.Agent.L trojan
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\196\gIbWkh.js.vir JS/Kryptik.ATB trojan
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl\1.26.17_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Melodee\AppData\Local\nsw7529.tmp.vir Win32/AnyProtect.D potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\196\content.js.vir JS/Chromex.Agent.L trojan
C:\Qoobox\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\196\gIbWkh.js.vir JS/Kryptik.ATB trojan
C:\Qoobox\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl\1.26.17_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfneigogocifpmjngcpbhfmjhbckjcao\15514.8955.2241_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Matt\Downloads\uplayermediaplayer-setup (1).exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfneigogocifpmjngcpbhfmjhbckjcao\15514.8955.2241_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
 
 

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Great. A couple items to remove still.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   398bytes   83 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


  • 0

#11
Mrs_Roboto

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Here you go.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Super Dooper User at 2015-03-01 16:41:47 Run:4
Running from C:\Users\Super Dooper User\Desktop
Loaded Profiles: Super Dooper User (Available profiles: Matt & Melodee & Don't Blink & Molly-Geneva & Super Dooper User)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
C:\Herb Korff\Guest\AppData\LocalLow\ConduitEngine\ConduitEngine.dll 
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfneigogocifpmjngcpbhfmjhbckjcao\15514.8955.2241_0\extensionData\plugins\91.js
C:\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfneigogocifpmjngcpbhfmjhbckjcao\15514.8955.2241_0\extensionData\plugins\91.js 
 
*****************
 
Restore point was successfully created.
C:\Herb Korff\Guest\AppData\LocalLow\ConduitEngine\ConduitEngine.dll => Moved successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfneigogocifpmjngcpbhfmjhbckjcao\15514.8955.2241_0\extensionData\plugins\91.js => Moved successfully.
C:\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfneigogocifpmjngcpbhfmjhbckjcao\15514.8955.2241_0\extensionData\plugins\91.js => Moved successfully.
 
==== End of Fixlog 16:42:18 ====

  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Now that you are malware free I wanted to provide you an opportunity to install the new version of Java since I had you uninstall your older versions. If you don't use Java or don't know if you need Java I highly recommend to just skip this. If you do indeed use it please follow the instructions below. Let me know what you decide.

 

 

1. Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 31.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
8u31.JPG

3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Yours is already uninstalled
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u31-windows-i586.exe or jre-8u31-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).


  • 0

#13
Mrs_Roboto

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

I do not  believe that I need java installed.  This is the second time in 6 months that I have had these issues with my computer.  Do you have any helpful suggestions to help me prevent this from happening again and again ...

 

Thank you for your help.


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Matter of fact I do. If you are satisfied please see below.

 

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative

Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 


  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
UpdatesV7.4.11.JPG
 
 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware, popups, add ware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP