Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is infected with adwords, adblade, and other adware. [Clos

Started by koopmanj , Mar 13 2015 09:25 AM

  • This topic is locked This topic is locked

#1
koopmanj
Posted 13 March 2015 - 09:25 AM

koopmanj

    New Member

  • Member
  • Pip
  • 1 posts

Hello! My computer has been infected and is running outrageously slow, millions of ads are popping up on every site. The most common pop ups say AdWords or AdBlade. I haven't tried any other removal process. I have no idea how or why it started.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by ETF-PT (administrator) on ETFPT on 13-03-2015 08:07:10
Running from C:\Users\ETF-PT\Downloads
Loaded Profiles: ETF-PT (Available profiles: ETF-PT)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(PointGrab LTD) C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(PointGrab LTD) C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGPanel.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\Old\1\E_YATIIVE.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIVE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\b72a02f5-076c-4da6-85fe-aacb74b80946.exe [183232 2015-02-18] (AVAST Software)
HKU\S-1-5-21-3450097831-2661624082-3636410687-1001\...\Run: [OneDrive] => C:\Users\ETF-PT\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281256 2015-03-06] (Microsoft Corporation)
HKU\S-1-5-21-3450097831-2661624082-3636410687-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2015-01-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3450097831-2661624082-3636410687-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2015-01-06] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hand Gesture Control.lnk
ShortcutTarget: Hand Gesture Control.lnk -> C:\Windows\Installer\{4B145183-E986-4585-ADDF-0C73DB575112}\NewShortcut2_B6E756492E054C52892B86CE7391EFC9.exe (Flexera Software LLC)
Startup: C:\Users\ETF-PT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3450097831-2661624082-3636410687-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-3450097831-2661624082-3636410687-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=agc511
HKU\S-1-5-21-3450097831-2661624082-3636410687-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=agc511
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3450097831-2661624082-3636410687-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-06-14] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-06-14] (AVAST Software)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3450097831-2661624082-3636410687-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ETF-PT\AppData\Roaming\Mozilla\Firefox\Profiles\prergl5m.default-1376754524695
FF Homepage: www.bing.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Extension: WebSlingPlayer - C:\Users\ETF-PT\AppData\Roaming\Mozilla\Firefox\Profiles\prergl5m.default-1376754524695\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2013-12-02]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\ETF-PT\AppData\Roaming\Mozilla\Firefox\Profiles\prergl5m.default-1376754524695\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-14]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-21]
CHR Extension: (Google Drive) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-14]
CHR Extension: (YouTube) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-21]
CHR Extension: (Google Search) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-21]
CHR Extension: (DDOwNlload keeepper) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgbmgbhlpekjmogmdgnfhbffcelpjfck [2013-10-07]
CHR Extension: (ClickOnce for Google Chrome™) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeifaoomkminpbeebjdmdojbhmagnncl [2013-04-16]
CHR Extension: (SearchNewTab) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnafldhjigpmdmlgkcdecceppcbdbjcn [2013-10-07]
CHR Extension: (Google Wallet) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-06-14] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 PGService; C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe [53616 2012-08-22] (PointGrab LTD)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-14] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-06-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-14] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 08:07 - 2015-03-13 08:08 - 00017623 _____ () C:\Users\ETF-PT\Downloads\FRST.txt
2015-03-13 08:06 - 2015-03-13 08:07 - 00000000 ____D () C:\FRST
2015-03-13 08:03 - 2015-03-13 08:03 - 02095616 _____ (Farbar) C:\Users\ETF-PT\Downloads\FRST64.exe
2015-03-10 21:37 - 2015-01-27 18:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 21:37 - 2015-01-27 18:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-07 11:12 - 2015-03-07 11:12 - 00000000 ____D () C:\Users\ETF-PT\AppData\Roaming\Leadertech
2015-03-07 10:54 - 2015-03-07 10:54 - 00001985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
2015-03-07 10:54 - 2015-03-07 10:54 - 00000000 ____D () C:\Program Files (x86)\LTCM Client
2015-03-07 10:53 - 2015-03-07 10:53 - 00000000 ____D () C:\Users\ETF-PT\AppData\Local\ABBYY
2015-03-07 10:53 - 2015-03-07 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-03-07 10:51 - 2015-03-07 10:54 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2015-03-07 10:51 - 2015-03-07 10:51 - 00000000 ____D () C:\ProgramData\ABBYY
2015-03-07 10:50 - 2015-03-07 10:50 - 00002178 _____ () C:\Users\Public\Desktop\EPSON WF-2520_2530 User's Guide.lnk
2015-03-07 10:49 - 2015-03-07 10:49 - 00000000 ____D () C:\Users\ETF-PT\AppData\Roaming\Epson
2015-03-07 10:47 - 2015-03-07 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-03-07 10:45 - 2015-03-07 10:50 - 00000000 ____D () C:\Program Files (x86)\epson
2015-03-07 10:45 - 2015-03-07 10:45 - 00000957 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-03-07 10:45 - 2012-07-24 01:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2015-03-07 10:45 - 2011-12-12 01:00 - 00135824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2015-03-07 10:42 - 2015-03-07 10:43 - 00000000 ____D () C:\Program Files\EpsonNet
2015-03-07 10:42 - 2011-08-30 14:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll
2015-03-07 10:42 - 2011-08-30 14:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll
2015-03-07 10:42 - 2011-08-30 14:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll
2015-03-07 10:42 - 2011-08-30 14:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll
2015-03-07 10:42 - 2011-08-01 19:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll
2015-03-07 10:42 - 2011-08-01 19:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll
2015-03-07 10:41 - 2015-03-07 10:41 - 00000000 ____D () C:\Users\ETF-PT\AppData\Roaming\InstallShield
2015-03-07 10:40 - 2015-03-07 10:48 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-03-07 10:40 - 2015-03-07 10:40 - 00000000 ____D () C:\Users\ETF-PT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-03-07 10:40 - 2015-03-07 10:40 - 00000000 ____D () C:\Program Files\EPSON
2015-03-07 10:39 - 2015-03-07 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-07 10:34 - 2015-03-07 11:11 - 00000081 _____ () C:\WINDOWS\WF-2530.ini
2015-03-07 10:33 - 2015-03-07 10:33 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-03-07 10:32 - 2015-03-07 10:41 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-07 10:31 - 2015-01-06 09:25 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMIVE.DLL
2015-03-07 10:31 - 2015-01-06 09:25 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BIVE.DLL
2015-03-07 10:31 - 2015-01-06 09:25 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2015-03-03 17:37 - 2015-03-03 17:37 - 00330781 _____ () C:\Users\ETF-PT\Downloads\Attachments_201533(1).zip
2015-03-03 17:36 - 2015-03-03 17:37 - 00330781 _____ () C:\Users\ETF-PT\Downloads\Attachments_201533.zip
2015-03-03 17:28 - 2015-03-03 17:28 - 00455864 ____T () C:\Users\ETF-PT\Downloads\savings.oxps
2015-03-03 17:21 - 2015-03-03 17:22 - 00455260 ____T () C:\Users\ETF-PT\Downloads\savings.xps
2015-03-03 17:19 - 2015-03-03 17:19 - 00015948 _____ () C:\Users\ETF-PT\Downloads\export.qfx
2015-02-19 17:46 - 2015-02-19 17:46 - 00984356 _____ () C:\Users\ETF-PT\Downloads\Presentation_Diagrams.zip
2015-02-16 16:22 - 2015-02-16 16:22 - 00456407 ____T () C:\Users\ETF-PT\Downloads\savings becu.oxps
2015-02-16 16:21 - 2015-02-16 16:21 - 00463720 ____T () C:\Users\ETF-PT\Downloads\testing becu 4.oxps
2015-02-16 16:20 - 2015-02-16 16:20 - 00462561 ____T () C:\Users\ETF-PT\Downloads\testing becu 3.oxps
2015-02-16 16:19 - 2015-02-16 16:19 - 00463243 ____T () C:\Users\ETF-PT\Downloads\testing becu 2.oxps
2015-02-16 16:17 - 2015-02-16 16:17 - 00484918 ____T () C:\Users\ETF-PT\Downloads\testing becu.oxps
2015-02-14 04:27 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-14 04:27 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 08:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-13 07:59 - 2015-02-03 09:56 - 00000000 ____D () C:\Users\ETF-PT\Documents\Koop's workouts
2015-03-13 07:55 - 2013-03-21 11:41 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-13 07:44 - 2013-03-25 14:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-13 07:15 - 2014-05-18 11:06 - 01430097 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-13 04:55 - 2013-03-21 11:40 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-13 03:41 - 2014-07-28 17:38 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F71B08E7-E0B7-4FBD-8D54-78D9BC120A4D}
2015-03-13 01:14 - 2013-08-12 11:57 - 00004966 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ETFPT-ETF-PT ETFPT
2015-03-12 21:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-11 18:35 - 2013-03-20 17:41 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3450097831-2661624082-3636410687-1001
2015-03-11 18:03 - 2013-03-21 11:41 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-11 17:47 - 2013-03-20 17:35 - 00000000 ____D () C:\Users\ETF-PT\AppData\Local\Packages
2015-03-11 13:18 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-10 06:46 - 2013-03-25 16:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-09 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-03-07 10:48 - 2012-09-02 20:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-07 10:04 - 2014-06-14 10:59 - 00000526 _____ () C:\WINDOWS\Tasks\WinASORegistryOptimizerForETF-PT.job
2015-03-06 20:58 - 2014-05-19 08:25 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3450097831-2661624082-3636410687-1001
2015-03-06 20:58 - 2013-03-25 16:37 - 00000000 ___RD () C:\Users\ETF-PT\SkyDrive
2015-02-27 10:27 - 2013-09-20 20:51 - 00280576 _____ () C:\Users\ETF-PT\Documents\football combine flyer.pub
2015-02-24 09:45 - 2015-01-26 09:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-19 17:55 - 2013-05-07 15:32 - 00000000 ____D () C:\Users\ETF-PT\Documents\Allora
2015-02-16 07:35 - 2013-03-23 18:48 - 00840704 ___SH () C:\Users\ETF-PT\Downloads\Thumbs.db
2015-02-14 10:21 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-13 17:21 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-13 17:19 - 2014-05-19 08:27 - 00000000 ___DO () C:\Users\ETF-PT\OneDrive
2015-02-13 17:17 - 2013-03-20 19:10 - 00000785 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-02-13 17:16 - 2013-08-22 07:46 - 00287316 _____ () C:\WINDOWS\setupact.log
2015-02-13 17:16 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-13 17:16 - 2013-08-22 07:44 - 00481880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 17:15 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-13 17:15 - 2013-03-23 05:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-11 17:52 - 2013-03-28 17:49 - 00055808 ___SH () C:\Users\ETF-PT\Desktop\Thumbs.db
2015-02-11 14:56 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 05:56

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by ETF-PT at 2015-03-13 08:09:44
Running from C:\Users\ETF-PT\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A9066471-9F26-76A4-D892-80BB1CC282E5}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3003 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3450097831-2661624082-3636410687-1001\...\OneDriveSetup.exe) (Version: 17.3.4724.0224 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
PointGrab Hand Gesture Control (HKLM-x32\...\InstallShield_{4B145183-E986-4585-ADDF-0C73DB575112}) (Version: 3.2.0.10495 - PointGrab)
PointGrab Hand Gesture Control (x32 Version: 3.2.0.10495 - PointGrab) Hidden
PointGrab Hand Gesture Control Tutorial (HKLM-x32\...\InstallShield_{92586A21-3E08-4055-B413-8ACCAAB50A42}) (Version: 3.2.0.9896 - PointGrab)
PointGrab Hand Gesture Control Tutorial (x32 Version: 3.2.0.9896 - PointGrab) Hidden
POS58 Series Printer Driver version 1.5 (HKLM-x32\...\{5B643BF5-11A2-4A75-86D4-8F522DE92AA2}_is1) (Version: 1.5 - )
POS76 Series Printer Driver version 1.5 (HKLM-x32\...\{381023EA-0D9A-498D-B839-9C1B2EA2371E}_is1) (Version: 1.5 - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.02 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
THX TruStudio Pro (HKLM-x32\...\{97BE901A-9940-4ACF-9921-A6FAA284AC03}) (Version: 1.04.02 - Creative Technology Limited)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinASO Registry Optimizer 4.8.6 (HKLM-x32\...\WinASO Registry Optimizer_is1) (Version:  - X.M.Y International LLC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3450097831-2661624082-3636410687-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ETF-PT\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

22-02-2015 06:54:20 Scheduled Checkpoint
03-03-2015 07:01:57 Scheduled Checkpoint
07-03-2015 10:41:27 Installed EpsonNet Print
11-03-2015 03:38:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A3A1D8F-AFE8-4D01-9E0F-42B4811C6C6B} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3450097831-2661624082-3636410687-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {1150EBA7-526E-4A5E-87A2-24187815F4CC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {1983139E-F928-4917-9B85-DA7428FD4C9A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
Task: {3B59D013-67A0-4F0C-9CBC-AF81C5CE1D22} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {44F7239E-C2CD-4E0B-951B-632C71C4C6A5} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {63E8C4F6-2534-4B96-8258-9848360E6829} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {8B3D6E7D-17A6-4DF4-9D1A-81D9077BEE20} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
Task: {91EB9B49-1122-4C04-838E-7DDF0FA6C111} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {A6DA9A95-F413-486F-8C80-D4E9AD8D710C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-14] (AVAST Software)
Task: {AA00C233-7E40-4F93-98B8-9BEFD48788A9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {ABB4CCB9-37CF-4F01-AF19-8887036BD21C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-13] (Microsoft Corporation)
Task: {B30779D3-859E-497C-997F-20137D0DA08F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {B32ABCE3-507D-4242-9667-156F4EEA2E66} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {B5148618-E503-4339-A80F-CBCB44F62026} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B85CE2EA-43BE-4CEA-B48E-CFED910F6823} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {C28C15B5-E65E-48EB-8E54-E44580E45948} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {CC18C57E-4AB9-4E10-A86A-A84BF5E036B8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ETFPT-ETF-PT ETFPT => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {E112EB74-8FBD-441E-AE43-FA5C8DB0554B} - System32\Tasks\WinASORegistryOptimizerForETF-PT => C:\Program Files (x86)\WinASO\Registry Optimizer\RegOpt.exe [2014-05-30] (X.M.Y International, LLC)
Task: {E4317553-A4F1-49B6-8AF8-B38FBCF12E58} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {F2E61FAD-AB8A-41C1-B1ED-55D42E094354} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {F4D21547-A48D-4848-93A0-E6A2A23B4B65} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-08-06] (Acer Incorporated)
Task: {FD6B6578-9490-4A66-AC19-E6A752507A8A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WinASORegistryOptimizerForETF-PT.job => C:\Program Files (x86)\WinASO\Registry Optimizer\RegOpt.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-24 05:59 - 2014-12-23 12:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-21 03:23 - 2010-08-11 14:53 - 00238592 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-07-13 05:28 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-13 11:30 - 2015-02-13 11:30 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021301\algo.dll
2015-03-13 07:33 - 2015-03-13 07:33 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031301\algo.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-14 10:35 - 2014-06-14 10:35 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-26 09:42 - 2015-01-26 09:42 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-15 06:52 - 2014-11-20 14:53 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ETF-PT\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3450097831-2661624082-3636410687-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ETF-PT\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "AVG_UI"

==================== Accounts: =============================

Administrator (S-1-5-21-3450097831-2661624082-3636410687-500 - Administrator - Disabled)
ETF-PT (S-1-5-21-3450097831-2661624082-3636410687-1001 - Administrator - Enabled) => C:\Users\ETF-PT
Guest (S-1-5-21-3450097831-2661624082-3636410687-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3450097831-2661624082-3636410687-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 04:20:45 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {5413D988-63BC-4418-82F0-759134F4C6B2}

Error: (03/10/2015 06:45:44 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ETFPT)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (02/26/2015 05:17:54 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {732E0449-3E04-4A73-ADE2-6B3C3478D265}

Error: (02/23/2015 07:55:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b40

Start Time: 01d047edbe5b5e59

Termination Time: 396

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 071d308b-bb6c-11e4-bed6-089e013b2398

Faulting package full name:

Faulting package-relative application ID:

Error: (02/23/2015 07:55:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x15a0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (02/17/2015 07:07:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d28

Start Time: 01d04aba48a2f683

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 3d2ee760-b6ae-11e4-bed6-089e013b2398

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/06/2015 04:52:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ETFPT)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2015 04:52:15 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/05/2015 09:07:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xfe0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (01/31/2015 00:48:48 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {686CC325-0522-4C62-8544-58EE4CA850CF}


System errors:
=============
Error: (03/13/2015 07:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (03/13/2015 07:33:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (03/13/2015 05:36:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - March 2015 (KB890830).

Error: (03/13/2015 05:35:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (03/13/2015 05:31:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (03/12/2015 04:19:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (03/12/2015 04:08:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (03/12/2015 08:03:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (03/12/2015 07:50:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (03/12/2015 06:17:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (03/12/2015 04:20:45 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {5413D988-63BC-4418-82F0-759134F4C6B2}

Error: (03/10/2015 06:45:44 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ETFPT)
Description: 1C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exeMicrosoft Office Document Cache Sync Client Interface02117548243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000

Error: (02/26/2015 05:17:54 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {732E0449-3E04-4A73-ADE2-6B3C3478D265}

Error: (02/23/2015 07:55:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.5500b4001d047edbe5b5e59396C:\Program Files (x86)\Mozilla Firefox\firefox.exe071d308b-bb6c-11e4-bed6-089e013b2398

Error: (02/23/2015 07:55:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142515a001d04df4eb1c64a4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0bb70fc3-bb6c-11e4-bed6-089e013b2398

Error: (02/17/2015 07:07:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689d2801d04aba48a2f6834294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe3d2ee760-b6ae-11e4-bed6-089e013b2398microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/06/2015 04:52:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ETFPT)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927142

Error: (02/06/2015 04:52:15 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (02/05/2015 09:07:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425fe001d0415db31e5d2cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0433eec0-ad51-11e4-bed5-089e013b2398

Error: (01/31/2015 00:48:48 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {686CC325-0522-4C62-8544-58EE4CA850CF}


==================== Memory info ===========================

Processor: AMD E-350 APU with Radeon™ HD Graphics
Percentage of memory in use: 69%
Total physical RAM: 3684.14 MB
Available physical RAM: 1111.46 MB
Total Pagefile: 4812.14 MB
Available Pagefile: 1197.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:448.51 GB) (Free:402.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F70EEEEF)

Partition: GPT Partition Type.

==================== End Of Log ============================

 


  • 0

Advertisements

#2
Essexboy
Posted 13 March 2015 - 12:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, first we will set Avast to detect and remove PUP's

Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "

pups.JPG

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3450097831-2661624082-3636410687-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR Extension: (DDOwNlload keeepper) - C:\Users\ETF-PT\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgbmgbhlpekjmogmdgnfhbffcelpjfck [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - No Path Or update_url value
2015-03-07 10:04 - 2014-06-14 10:59 - 00000526 _____ () C:\WINDOWS\Tasks\WinASORegistryOptimizerForETF-PT.job
Task: {1150EBA7-526E-4A5E-87A2-24187815F4CC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {63E8C4F6-2534-4B96-8258-9848360E6829} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {B85CE2EA-43BE-4CEA-B48E-CFED910F6823} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {C28C15B5-E65E-48EB-8E54-E44580E45948} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: C:\WINDOWS\Tasks\WinASORegistryOptimizerForETF-PT.job => C:\Program Files (x86)\WinASO\Registry Optimizer\RegOpt.exe
C:\Program Files (x86)\GoforFiles
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy
Posted 17 March 2015 - 08:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP