Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop loaded with "shopping programs", chrome won't run,

Started by frobey , Mar 15 2015 01:38 PM

  • This topic is locked This topic is locked

#1
frobey
Posted 15 March 2015 - 01:38 PM

frobey

    Member

  • Member
  • PipPip
  • 67 posts

Hi, a friend asked me to look at his laptop since it was "slow", it is loaded with all the various shopping programs as well as "optimizer programs". I have no idea where they got these...

 

I removed a bunch of them as well as well as a couple of the optimizing programs but that didn't help even after a reboot. I tried to get the laptop into Safe Mode to see if it acted any differently but it didn't seem to want to respond to F8...

 

When the laptop boots it takes at least 5 minutes for it to come up.

 

Google Chrome will not run at all. I can get IE to come up but then it goes to trovi.com and if I want to download something like malwarebytes, appbusy.com pops up...preventing me from using the browser. It also went to sh

 

It just popped up a box with a voice telling me that I should call 1-877-518-6938 immediately because I am infected. Never seen that before...

 

I had to download FRST64 on my own laptop and then transfer it over by flashdrive.

 

Here are the FRST and addition logs.

 

Thanks for any help you can give me!!!

 

Frank

 

FRST.txt 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Bill (administrator) on MYPC on 15-03-2015 15:29:15
Running from C:\Users\Bill\Desktop
Loaded Profiles: Bill (Available profiles: Bill)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CartCrunch Israel Ltd.) C:\ProgramData\PicColor Utility\ColorMedia.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
() C:\ProgramData\PicColor Utility\PicColor.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
() C:\Program Files (x86)\Solution Real\updateSolutionReal.exe
() C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Word Proser) C:\Program Files (x86)\WordProser_1.10.0.5\Service\wpsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe
(Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
() C:\Program Files (x86)\ver9SpeedCheck\r2SpeedCheckz46.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
() C:\Program Files (x86)\ver9SpeedCheck\SpeedCheck.exe
() C:\Users\Bill\AppData\Local\ospd_us_657\upospd_us_657.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe
() C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter.exe
() C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(SoftBrain Technologies Ltd.) C:\Users\Bill\AppData\Local\SmartWeb\SmartWebHelper.exe
() C:\Users\Bill\AppData\Local\wincheck\wincheck.exe
(PC Utilities Software Limited) C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce}\optimizerpro_soft_partner.exe
(SoftBrain Technologies Ltd.) C:\Users\Bill\AppData\Local\SmartWeb\SmartWebApp.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Bill\AppData\Local\SmartWeb\SmartWebHelper.exe [270696 2014-12-31] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [WinCheck] => C:\Users\Bill\AppData\Local\wincheck\wincheck.exe [267776 2015-01-18] ()
HKLM-x32\...\Run: [gmsd_us_108] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\RunOnce: [upospd_us_657.exe] => C:\Users\Bill\AppData\Local\ospd_us_657\upospd_us_657.exe [3289768 2015-01-14] ()
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3414048 2013-02-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [256272 2015-02-19] (Client Connect LTD)
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\vc32loader.dll [218384 2015-02-19] (Client Connect LTD)
AppInit_DLLs-x32:  c:/progra~3/{a9c44~1/171~1.0/laca.dll => c:\ProgramData\{A9C44107-F946-9081-48C0-E0039842338D}\1.7.1.0\laca.dll [649216 2015-01-14] ()
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 5530 series (Network).lnk
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro_soft_partner.lnk
ShortcutTarget: optimizerpro_soft_partner.lnk -> C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce}\optimizerpro_soft_partner.exe (PC Utilities Software Limited)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...&D=031515&SSPV=
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?...gusaolp00000004
URLSearchHook: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www-searching...q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching...q={searchTerms}
SearchScopes: HKLM -> {9D104B0D-4B45-48A3-8222-54140634588F} URL = http://www-searching...q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> DefaultScope {6C0BCDBF-E321-4B06-A865-F0CB012778D3} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {0EFDBE7D-8118-4469-9048-EF6348CDBC68} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {250D9A93-5D4F-4316-9B27-8D4CE4AD37F3} URL = http://vosteran.com/...r=582010452&ir=
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {4BC38336-B2F7-4D9C-A066-60349298D3CD} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {6C0BCDBF-E321-4B06-A865-F0CB012778D3} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {9D104B0D-4B45-48A3-8222-54140634588F} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.co...&iwk=245&lng=en
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {C9EB2C4F-47E5-411E-85DA-B6F748ED2C13} URL = 
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://slirsredirect...t=customie10-ie
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {F0CE452A-D6D2-4EFC-B4A6-5444870DDF3D} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {F18F2FF9-0286-4EAD-A017-951B00125A36} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {F7C78C08-3CC7-416F-B827-7C1785ABBDA8} URL = http://www-searching...q={searchTerms}
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: frEoe2you -> {bab3f72a-a8c6-46f8-99a2-29aa3f086e0b} -> C:\Program Files (x86)\frEoe2you\Llta6cxaOTjYQN.x64.dll [2015-03-06] ()
BHO-x32: frEoe2you -> {bab3f72a-a8c6-46f8-99a2-29aa3f086e0b} -> C:\Program Files (x86)\frEoe2you\Llta6cxaOTjYQN.dll [2015-03-06] ()
Toolbar: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 172.27.35.1
Tcpip\..\Interfaces\{88050F13-6393-4F81-8AB9-5A56BEBA3659}: [NameServer] 31.168.228.244,82.166.96.242
Tcpip\..\Interfaces\{9987A74A-52B8-491E-9D89-D665646FB8BD}: [NameServer] 31.168.228.244,82.166.96.242
Tcpip\..\Interfaces\{EE88AD8C-77A7-4060-8A74-C7F3D99B2A06}: [NameServer] 31.168.228.244,82.166.96.242
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-02-04] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-02-04] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Firefox\Extensions: [{AAC83427-BA95-CD20-6216-ACF1FD53519D}] - C:\Program Files (x86)\ver9SpeedCheck\187.xpi
FF Extension: SpeedCheck - C:\Program Files (x86)\ver9SpeedCheck\187.xpi [2015-02-15]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Newhub) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp [2014-03-28]
CHR Extension: (Google Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-07]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-14]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-07]
CHR Extension: (Google Search) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-07]
CHR Extension: (JavaScript Notepad) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemkmiehbcigiognajmhgfgglomdbddc [2015-03-03]
CHR Extension: (VideoDownloadConverter) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci [2014-01-19]
CHR Extension: (PlusHD Q-9.1V14.01) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb [2015-01-14]
CHR Extension: (TransferBigFilescom Gmail Extension) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajnjaghjodocddaglgghffgacnoepgf [2015-02-28]
CHR Extension: (Google Wallet) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Iminent NewTab) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nociobghckdhokecfeajdpimjeapnopn [2015-02-13]
CHR Extension: (No Name) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nongkkjjhbjloiienhkhphhjjlnlnbfe [2015-02-11]
CHR Extension: (Vosteran New Tab) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-01-14]
CHR Extension: (MapsGalaxy) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-01-12]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-07]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Bill\AppData\Local\nwhb-v9.4.15.crx [2014-03-28]
CHR HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 05a601a1; c:\Program Files (x86)\EngineRunner\EngineRunner.dll [1608704 2015-02-28] () [File not signed]
S2 372ab9f0; c:\Program Files (x86)\Optimizer Pro 3.31\OptProMon.dll [1597008 2015-01-14] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2948880 2015-02-19] (Client Connect LTD)
R2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [1844232 2015-01-27] (CartCrunch Israel Ltd.) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-04] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-04] (globalUpdate) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 PicColor Service; C:\ProgramData\PicColor Utility\PicColor.exe [567296 2015-02-03] () [File not signed]
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2719592 2015-02-02] (Search Module Ltd.)
R2 Update Solution Real; C:\Program Files (x86)\Solution Real\updateSolutionReal.exe [413936 2015-03-15] ()
R2 Util Solution Real; C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe [413936 2015-03-15] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-19] (Microsoft Corporation)
R2 wpsvc_1.10.0.5; C:\Program Files (x86)\WordProser_1.10.0.5\Service\wpsvc.exe [277584 2014-12-11] (Word Proser)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed]
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-10-31] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider) [File not signed]
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42856 2015-02-02] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-19] (Microsoft Corporation)
R2 webinstrNHKT; C:\WINDOWS\system32\Drivers\webinstrNHKT.sys [50264 2015-02-15] ()
R1 wpnfd_1_10_0_5; C:\Windows\System32\drivers\wpnfd_1_10_0_5.sys [58240 2014-12-11] (Word Proser)
R1 {1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64; C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys [48792 2015-01-25] (StdLib)
R1 {31c21995-b861-4864-ab50-4a53fbca73d4}Gw64; C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys [48784 2015-02-04] (StdLib)
R1 {5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64; C:\Windows\System32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys [48792 2015-01-23] (StdLib)
R1 {df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64; C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys [48784 2015-02-01] (StdLib)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-15 15:29 - 2015-03-15 15:29 - 00000000 ___RD () C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-15 15:16 - 2015-03-15 15:16 - 00000000 ____D () C:\Program Files (x86)\ProcessInit
2015-03-15 15:15 - 2015-03-15 15:15 - 00000000 ____D () C:\ProgramData\2a03dba000000bc6
2015-03-15 14:51 - 2015-03-15 14:53 - 00038179 _____ () C:\Users\Bill\Desktop\Addition.txt
2015-03-15 14:48 - 2015-03-15 15:29 - 00025487 _____ () C:\Users\Bill\Desktop\FRST.txt
2015-03-15 14:47 - 2015-03-15 15:29 - 00000000 ____D () C:\FRST
2015-03-15 14:47 - 2015-03-15 14:42 - 02095616 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2015-03-15 14:41 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-15 14:41 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-15 14:39 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-15 14:39 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-15 14:39 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-15 14:39 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-15 14:39 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-15 14:39 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-15 14:39 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-15 14:39 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-15 14:39 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-15 14:39 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-15 14:39 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-06 10:26 - 2015-03-06 10:26 - 00000000 ____D () C:\Program Files (x86)\frEoe2you
2015-03-06 10:06 - 2015-03-06 10:26 - 00000000 ____D () C:\Program Files (x86)\FllaashCoupon
2015-03-04 12:13 - 2015-03-15 14:01 - 00000000 ____D () C:\Users\Bill\Documents\ProPCCleaner
2015-03-03 20:02 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\deaLstEr
2015-03-03 20:02 - 2015-03-03 20:02 - 00000000 ____D () C:\Program Files (x86)\JavaScript Notepad
2015-03-03 20:01 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\DiscountLeocaaToR
2015-03-03 20:01 - 2015-03-03 20:01 - 00000000 ____D () C:\Program Files (x86)\PriceDownlOaderr
2015-02-28 19:55 - 2015-02-28 19:55 - 00000000 ____D () C:\Program Files (x86)\lOewraite
2015-02-28 19:54 - 2015-02-28 19:55 - 00000000 ____D () C:\Program Files (x86)\TransferBigFilescom Gmail Extension
2015-02-28 19:54 - 2015-02-28 19:54 - 00000000 ____D () C:\ProgramData\aggnakmglaoeailapkcgnblfommppdpe
2015-02-28 19:53 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\offferduEaell
2015-02-28 19:53 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\buyandBrowsea
2015-02-28 19:53 - 2015-02-28 19:53 - 00000000 ____D () C:\Program Files (x86)\nitRodeeal
2015-02-28 19:53 - 2015-02-28 19:53 - 00000000 ____D () C:\Program Files (x86)\nicenfRee
2015-02-28 19:52 - 2015-02-28 19:52 - 00000000 ____D () C:\ProgramData\ChampionDeals
2015-02-28 19:22 - 2015-02-28 19:23 - 00004222 _____ () C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_3534343030393132372d2d55506c2a5a55576c412334
2015-02-28 19:21 - 2015-02-28 19:21 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Logon_Trigger_WPS_Mon_Task
2015-02-28 19:21 - 2015-02-28 19:21 - 00003074 _____ () C:\WINDOWS\System32\Tasks\UNELEVATE_18080
2015-02-28 19:21 - 2015-02-28 19:21 - 00000000 ____D () C:\ProgramData\Ralink
2015-02-28 19:20 - 2015-02-28 19:21 - 00000000 ____D () C:\Program Files (x86)\Linksys AE6000
2015-02-28 19:20 - 2015-02-28 19:20 - 00000000 ____D () C:\ProgramData\Cisco Systems
2015-02-28 19:13 - 2015-03-03 19:42 - 00000000 ____D () C:\Users\Bill\AppData\Local\avayvaxvaa
2015-02-28 19:13 - 2015-02-28 19:13 - 00003444 _____ () C:\WINDOWS\System32\Tasks\avayvaxvaa
2015-02-28 19:12 - 2015-02-28 19:12 - 00000000 ____D () C:\Program Files (x86)\EngineRunner
2015-02-24 23:44 - 2015-02-24 23:44 - 00003150 _____ () C:\WINDOWS\System32\Tasks\UNELEVATE_22256
2015-02-24 23:35 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\bruowwseAndsshop
2015-02-24 23:35 - 2015-02-24 23:36 - 00000000 ____D () C:\Program Files (x86)\Pyramid Run
2015-02-24 16:24 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\appsaVe
2015-02-24 16:23 - 2015-02-24 16:24 - 00000000 ____D () C:\Program Files (x86)\buyaandbrowse
2015-02-24 16:19 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 16:19 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 16:19 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-24 16:19 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-24 16:19 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-24 16:19 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 15:50 - 2015-03-15 15:09 - 00003738 _____ () C:\WINDOWS\System32\Tasks\DriverRestore_ScheduledScan
2015-02-24 15:50 - 2015-03-15 15:09 - 00003592 _____ () C:\WINDOWS\System32\Tasks\DriverRestore_DailyScan
2015-02-24 15:50 - 2015-02-24 15:50 - 00001039 _____ () C:\Users\Public\Desktop\DriverRestore.lnk
2015-02-24 15:50 - 2015-02-24 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-02-24 15:50 - 2014-11-24 17:09 - 00020872 _____ (Phoenix Technologies) C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS
2015-02-24 15:49 - 2015-03-15 15:02 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2015-02-24 15:48 - 2015-02-28 19:13 - 00000000 ____D () C:\ProgramData\40ee09c0000064f3
2015-02-24 15:37 - 2015-03-15 13:56 - 00000020 _____ () C:\Users\Bill\AppData\Roaming\appdataFr3.bin
2015-02-24 15:34 - 2015-02-24 15:34 - 00000000 ____D () C:\ProgramData\cheapcoup
2015-02-24 11:39 - 2015-03-15 14:00 - 00003450 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup
2015-02-24 11:39 - 2015-02-24 11:39 - 00003186 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-02-24 11:39 - 2015-02-24 11:39 - 00000000 ____D () C:\Users\Bill\AppData\Local\Pro_PC_Cleaner
2015-02-24 11:35 - 2015-02-24 11:35 - 00000000 ____D () C:\Users\Bill\AppData\Local\Cyberlink
2015-02-19 10:25 - 2015-02-28 19:23 - 00001586 _____ () C:\WINDOWS\wininit.ini
2015-02-15 12:07 - 2015-02-24 15:40 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-02-15 12:03 - 2015-02-15 12:03 - 00000000 ____D () C:\9b57c021e1f305c24cdd076e
2015-02-15 11:57 - 2015-03-15 15:27 - 00000420 _____ () C:\WINDOWS\Tasks\SpeedCheck Update.job
2015-02-15 11:57 - 2015-02-15 11:57 - 00003058 _____ () C:\WINDOWS\System32\Tasks\SpeedCheck Update
2015-02-15 11:57 - 2015-02-15 11:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
2015-02-15 11:57 - 2015-02-15 11:56 - 00050264 _____ () C:\WINDOWS\system32\Drivers\webinstrNHKT.sys
2015-02-15 11:56 - 2015-02-15 11:56 - 00000000 ____D () C:\Program Files (x86)\ver9SpeedCheck
2015-02-13 09:45 - 2015-03-15 14:31 - 00000000 ____D () C:\Program Files\shopperz
2015-02-13 09:45 - 2015-02-13 09:45 - 00000045 _____ () C:\user.js
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-15 15:31 - 2012-11-14 02:23 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-03-15 15:30 - 2015-01-14 15:12 - 00000000 ____D () C:\Users\Bill\AppData\Local\ospd_us_657
2015-03-15 15:29 - 2014-11-19 20:23 - 01911558 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-15 15:29 - 2013-03-06 10:53 - 00002347 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-15 15:29 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-15 15:27 - 2015-01-14 15:14 - 00000906 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-03-15 15:27 - 2015-01-14 15:11 - 00002167 _____ () C:\WINDOWS\patsearch.bin
2015-03-15 15:27 - 2015-01-14 10:23 - 00000000 ____D () C:\Program Files (x86)\Solution Real
2015-03-15 15:27 - 2014-11-13 10:20 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 15:27 - 2012-07-26 01:26 - 00000269 _____ () C:\WINDOWS\win.ini
2015-03-15 15:26 - 2015-02-04 09:49 - 00005360 _____ () C:\WINDOWS\SysWOW64\ColorMedia.ini
2015-03-15 15:26 - 2015-02-04 09:49 - 00002960 _____ () C:\WINDOWS\SysWOW64\ColorMediaOff.ini
2015-03-15 15:26 - 2015-02-04 09:49 - 00002960 _____ () C:\WINDOWS\system32\ColorMediaOff.ini
2015-03-15 15:26 - 2013-08-22 10:46 - 00290506 _____ () C:\WINDOWS\setupact.log
2015-03-15 15:26 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-15 15:25 - 2014-09-24 03:03 - 01220380 _____ () C:\WINDOWS\PFRO.log
2015-03-15 15:23 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-15 15:22 - 2013-02-15 00:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-15 15:15 - 2013-02-14 21:55 - 00000000 ____D () C:\Users\Bill\AppData\Local\CrashDumps
2015-03-15 15:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-15 14:54 - 2015-01-14 15:14 - 00000910 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-03-15 14:51 - 2014-09-24 03:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-15 14:38 - 2013-02-14 22:02 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2961404673-414218333-4232183137-1001
2015-03-15 14:30 - 2014-11-19 20:30 - 00000000 ____D () C:\Users\Bill
2015-03-15 14:30 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-15 14:25 - 2014-11-13 10:20 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-15 14:16 - 2014-11-19 22:15 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{332AEA28-16B4-408B-A387-0183146100E6}
2015-03-15 14:09 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-15 14:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-03-15 14:00 - 2013-12-07 12:57 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\HpUpdate
2015-03-15 14:00 - 2012-11-14 02:15 - 00000000 ____D () C:\ProgramData\WinClon
2015-03-15 13:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-06 10:26 - 2015-02-09 13:48 - 00000000 ____D () C:\ProgramData\9280794494656593764
2015-03-03 20:52 - 2012-11-14 02:19 - 00000000 ____D () C:\ProgramData\Temp
2015-03-03 09:17 - 2014-12-21 14:43 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-28 19:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-28 19:21 - 2012-11-14 01:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-28 19:13 - 2015-02-12 10:02 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-02-25 00:04 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-02-24 23:50 - 2014-11-19 21:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-23 10:06 - 2012-11-14 02:19 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-02-19 10:17 - 2013-08-22 10:44 - 00481120 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-15 12:03 - 2013-08-27 08:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 12:03 - 2013-03-03 14:49 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 12:02 - 2013-03-06 10:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-15 11:57 - 2014-12-11 11:43 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-15 11:57 - 2014-09-24 05:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
 
==================== Files in the root of some directories =======
 
2015-02-24 15:37 - 2015-03-15 13:56 - 0000020 _____ () C:\Users\Bill\AppData\Roaming\appdataFr3.bin
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Bill\AppData\Roaming\DUWHVM
2015-01-16 15:31 - 2015-01-16 15:31 - 0000010 _____ () C:\Users\Bill\AppData\Roaming\mbam.context.scan
2013-12-20 10:08 - 2015-01-15 10:22 - 0000222 _____ () C:\Users\Bill\AppData\Roaming\WB.CFG
2014-02-24 21:20 - 2014-03-18 09:38 - 0004608 _____ () C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 10:23 - 2015-01-15 10:23 - 0000010 _____ () C:\Users\Bill\AppData\Local\DSI.DAT
2015-01-15 10:22 - 2015-01-15 10:22 - 0022528 _____ () C:\Users\Bill\AppData\Local\dsisetup22337032.exe
2014-03-28 09:08 - 2014-03-28 09:08 - 0686631 _____ () C:\Users\Bill\AppData\Local\nwhb-v9.4.15.crx
2014-11-18 17:56 - 2014-11-18 17:56 - 0000000 _____ () C:\Users\Bill\AppData\Local\{14715840-CEAE-46D1-BF63-B9A253D2C280}
2013-12-07 12:53 - 2013-12-07 12:53 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-14 02:23 - 2012-08-08 00:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-11-14 02:23 - 2012-08-07 06:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
 
 
Some content of TEMP:
====================
C:\Users\Bill\AppData\Local\Temp\eon7rwm6.dll
C:\Users\Bill\AppData\Local\Temp\tu17p84.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 14:24
 
==================== End Of Log ============================
 
addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Bill at 2015-03-15 15:31:41
Running from C:\Users\Bill\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{403A4E7A-D239-04D8-6A3D-31DD203C018D}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Cisco Linksys AE6000 Driver (HKLM-x32\...\{02221266-B345-4544-A5C3-A995520E774D}) (Version: 1.1.0.3 - Cisco Consumer Products LLC)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Restore (HKLM\...\Driver Restore) (Version: 2.3.0.0 - 383 Media, Inc.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
EngineRunner (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5a601a1}) (Version:  - Software Publisher) <==== ATTENTION
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Help Desk (HKLM\...\{18BB06D9-8518-48E5-88F7-5AE1DF02546B}) (Version: 1.0.6 - Samsung Electronics CO., LTD.)
HP ENVY 5530 series Basic Device Software (HKLM\...\{24284F3A-B8F3-4123-AE25-2B6D1BEC524C}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
OneSoftPerDay 025.657 (HKLM-x32\...\ospd_us_657_is1) (Version:  - ONESOFTPERDAY)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PicColor Utility (HKLM-x32\...\PicColor Utility) (Version: 1.0.0.2184 - )
PlusHD Q-9.1V14.01 (HKLM-x32\...\PlusHD Q-9.1V14.01) (Version: 1.36.01.08 - PlusHD Q-9.1V14.01)
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{F0F71D41-68E3-4721-BD66-E684F9B4A87B}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.7.2 - Samsung Electronics CO., LTD.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
S Agent (Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.21.20.22 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Software Updater (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Software Updater Ltd)
SpeedCheck (HKLM-x32\...\0FE96EBF-28D5-C985-634A-C147091FE3F9) (Version:  - SpeedCheck-software) <==== ATTENTION
Support Center (HKLM\...\{73280CF7-9471-4FB6-B018-E5FD7A09F1AF}) (Version: 2.0.13 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.5 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{20F96D9A-41A4-4EFA-997B-B972F0E1E26A}) (Version: 2.0.24 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{C7588111-1A12-4EFE-8CA0-DA4344480D92}) (Version: 1.4.00 - Samsung Electronics CO., LTD.)
WinCheck (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION!
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Word Proser 1.10.0.5 (HKLM-x32\...\WordProser_1.10.0.5) (Version: 1.10.0.5 - Word Proser) <==== ATTENTION
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
27-01-2015 16:47:29 Scheduled Checkpoint
01-02-2015 16:15:28 Removed GeekBuddy.
09-02-2015 13:27:18 Windows Update
11-02-2015 10:53:33 Configured PowerDVD
15-02-2015 11:50:07 Windows Update
23-02-2015 10:03:01 Configured Power2Go
28-02-2015 19:13:17 Windows Update
15-03-2015 14:25:05 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01FB21A5-F54E-4173-B3E3-0FB186D94F5B} - System32\Tasks\EOSSVMA => C:\ProgramData\38b2bc6477024acda7d41a3bfc14c3eb\38b2bc6477024acda7d41a3bfc14c3eb.exe [2015-02-03] ()
Task: {0DA05C06-F8FD-4A1E-A1DA-61BB6204CCAD} - System32\Tasks\SearchSnacks Auto Updater 1.10.0.5 Core => C:\Program Files (x86)\SearchSnacks_1.10.0.5\Update\SearchSnacksAutoUpdateClient.exe
Task: {10A298B7-5547-4390-BC2E-B98AE06835A2} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC)
Task: {12C0AAF0-1015-42BF-88EA-77BAF103D523} - System32\Tasks\avayvaxvaa => C:\Users\Bill\AppData\Local\avayvaxvaa\avayvaxvaa.exe [2015-02-19] () <==== ATTENTION
Task: {193B0360-F846-4F28-9AD9-CD8DFACC702B} - System32\Tasks\Logon_Trigger_WPS_Mon_Task => C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe [2012-12-20] (Cisco Consumer Products LLC)
Task: {1F6CE88C-9141-490F-86DD-3B42702A516F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-04] (globalUpdate) <==== ATTENTION
Task: {270CC987-AB25-41C3-9694-22D1E5C838EC} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
Task: {45CD155C-2EDD-4BBD-B881-4A68848A6C91} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-04] (globalUpdate) <==== ATTENTION
Task: {5253BF3F-5346-4766-835A-3B4E1FE70876} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {53C9B0F7-4EEE-452C-A2A3-88BB65E75F16} - System32\Tasks\{C5EFA263-DC63-43C5-8A8C-26FCA193F311} => pcalua.exe -a "C:\Program Files (x86)\donutleads\uninstall.exe"
Task: {55107E21-1FAB-4E11-802C-F56CAF9B48EA} - System32\Tasks\SearchSnacks Auto Updater 1.10.0.5 Pending Update => C:\Program Files (x86)\SearchSnacks_1.10.0.5\Update\SearchSnacksAutoUpdateClient.exe
Task: {5543F907-D8C0-4F68-B45E-41C6B07C636C} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {57474893-BA77-4FB3-86A1-DF0523500E8D} - System32\Tasks\CleanerPro_Start => C:\Program Files (x86)\Cleaner Pro\CleanerPro.exe
Task: {5B5FD57E-CA47-4F07-95AD-6217F8287E44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5CEDF6EA-39DC-4B75-B84B-E0385306490A} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Bill\AppData\Local\SmartWeb\SmartWebHelper.exe [2014-12-31] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {64E09980-94C1-4351-A8F5-7A0A76763671} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-11-29] ()
Task: {6BBB2931-1304-4A04-938C-2BC5167ADD72} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {6CC812EA-A94F-4577-A460-DD9FEC2FD070} - System32\Tasks\{3916FB30-1D1B-4EEB-93E7-EA26E9C85BAC} => pcalua.exe -a C:\PROGRA~2\WSE_VO~1\\uninstall.exe -c /uninstaller
Task: {7EC57F4E-A7C9-45DC-927D-92C2384588F4} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-11-29] ()
Task: {84E6CCF4-D432-4C68-A7E1-664557CAA51D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {89E99110-5367-4FB9-A093-9A714AF26076} - System32\Tasks\SPBIW_UpdateTask_Time_3534343030393132372d2d55506c2a5a55576c412334 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8B6BFEE7-D685-4327-A90A-053AB2C2838F} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {A2E4DCF2-9547-422A-8C2A-432C9F6A2354} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {A5CC1119-4A3C-4168-B9DB-29BFB8A63BEE} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe [2015-02-02] (Goobzo) <==== ATTENTION
Task: {A7F2CC81-532F-4B81-BFFE-5082DA7E7943} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A7F9BEDA-BE22-4E49-B5FA-F3F7B7150DEE} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {B331AFB7-F299-4FAA-BFF6-06B1E1F5B4BB} - System32\Tasks\SMW_UpdateTask_Time_3534343030393132372d78782345572a4a3441325057 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {B385544D-1193-438C-8291-133CB596D553} - System32\Tasks\UNELEVATE_18080 => C:\Program Files (x86)\ShopperPro\JSDriver\1492.0.0.0\jsdrv.exe <==== ATTENTION
Task: {B849690A-86E9-4BC3-A5B3-E774B584E504} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-03] (Samsung Electronics CO., LTD.)
Task: {BB1B31AE-1C5F-4290-A03B-A2B0555AC30B} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {BDE88742-ED76-4600-ABC5-EBD90B6CA4FA} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {C1485452-FB47-439D-ABB8-9757B76D426D} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {C9C798AB-3770-49F0-8C86-873C56BAAA01} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-17] (Samsung Electronics CO., LTD.)
Task: {CB187E49-115F-41A3-B7EC-FEEA1FB6A379} - System32\Tasks\CleanerPro_Popup => C:\Program Files (x86)\Cleaner Pro\Splash.exe
Task: {D4656973-7430-4DDE-94D2-177E4685785F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {E5B48B08-70DD-4EED-AC7A-C868922CB34F} - System32\Tasks\UNELEVATE_22256 => C:\Program Files (x86)\ShopperPro\JSDriver\1492.0.0.0\jsdrv.exe <==== ATTENTION
Task: {FD4B8332-62C6-48AA-801B-5C56C2E1D74F} - System32\Tasks\SpeedCheck Update => C:\Program Files (x86)\ver9SpeedCheck\r2SpeedCheckz46.exe [2015-02-15] ()
Task: {FD5723C6-22EF-4A07-803E-6B3435E20299} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SpeedCheck Update.job => C:\Program Files (x86)\ver9SpeedCheck\r2SpeedCheckz46.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-02-04 09:49 - 2015-02-03 13:20 - 00567296 _____ () C:\ProgramData\PicColor Utility\PicColor.exe
2015-01-14 07:25 - 2015-03-15 14:07 - 00413936 _____ () C:\Program Files (x86)\Solution Real\updateSolutionReal.exe
2015-01-14 10:30 - 2015-03-15 14:02 - 00413936 _____ () C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe
2012-09-05 03:50 - 2012-09-05 03:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-15 11:56 - 2015-02-15 11:56 - 00521728 _____ () C:\Program Files (x86)\ver9SpeedCheck\r2SpeedCheckz46.exe
2015-02-15 11:56 - 2015-02-15 11:56 - 00745984 _____ () C:\Program Files (x86)\ver9SpeedCheck\SpeedCheck.exe
2015-01-14 15:12 - 2015-01-14 20:01 - 03289768 _____ () C:\Users\Bill\AppData\Local\ospd_us_657\upospd_us_657.exe
2015-01-14 10:31 - 2015-03-15 10:25 - 00353520 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe
2015-01-14 10:31 - 2015-03-15 11:07 - 00105712 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter.exe
2015-01-14 10:31 - 2015-03-15 11:07 - 00123120 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe
2012-10-31 07:55 - 2012-10-31 07:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-31 07:57 - 2012-10-31 07:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-01-18 06:57 - 2015-01-18 06:57 - 00267776 _____ () C:\Users\Bill\AppData\Local\wincheck\wincheck.exe
2015-02-28 19:12 - 2015-02-28 19:13 - 01608704 _____ () c:\Program Files (x86)\EngineRunner\EngineRunner.dll
2015-01-16 09:54 - 2015-01-16 09:54 - 00337920 _____ () C:\Program Files (x86)\Solution Real\bin\sqlite3.DLL
2012-09-05 03:50 - 2012-09-05 03:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2015-02-28 19:21 - 2012-11-27 15:12 - 01210256 ____N () C:\Program Files (x86)\Linksys AE6000\RaWLAPI.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill\Pictures\2012-02-19 001\DSCF9157.JPG
DNS Servers: 31.168.228.244 - 82.166.96.242
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\StartupApproved\Run: => "Itibiti.exe"
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\StartupApproved\Run: => "PCKeeper2"
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\StartupApproved\Run: => "Super Optimizer"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2961404673-414218333-4232183137-500 - Administrator - Disabled)
Bill (S-1-5-21-2961404673-414218333-4232183137-1001 - Administrator - Enabled) => C:\Users\Bill
Guest (S-1-5-21-2961404673-414218333-4232183137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2961404673-414218333-4232183137-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2015 03:28:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process id: 0x454
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report Id: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5
 
Error: (03/15/2015 03:15:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0xb24
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (03/15/2015 02:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process id: 0x6bc
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report Id: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5
 
Error: (03/15/2015 02:29:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2954
 
Start Time: 01d05f4da5e34e6f
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 39cd7448-cb41-11e4-bedd-50b7c3b857f2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/15/2015 02:17:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x1cd4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (03/15/2015 02:16:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x1e84
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (03/15/2015 02:15:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2a74
 
Start Time: 01d05f4bd5bbe95c
 
Termination Time: 62
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 458cf060-cb3f-11e4-bedd-50b7c3b857f2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/15/2015 02:14:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 28ac
 
Start Time: 01d05f4baa38fe16
 
Termination Time: 171
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 0edf5adf-cb3f-11e4-bedd-50b7c3b857f2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/15/2015 02:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0xb08
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (03/15/2015 02:08:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NinjaMaintainer.exe, version: 1.0.0.1, time stamp: 0x549fb562
Faulting module name: BrSp.dll_unloaded, version: 0.0.0.0, time stamp: 0x549fb56f
Exception code: 0xc00001a5
Fault offset: 0x00010218
Faulting process id: 0xac0
Faulting application start time: 0xNinjaMaintainer.exe0
Faulting application path: NinjaMaintainer.exe1
Faulting module path: NinjaMaintainer.exe2
Report Id: NinjaMaintainer.exe3
Faulting package full name: NinjaMaintainer.exe4
Faulting package-relative application ID: NinjaMaintainer.exe5
 
 
System errors:
=============
Error: (03/15/2015 03:26:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BrsHelper service failed to start due to the following error: 
%%2
 
Error: (03/15/2015 03:26:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (03/15/2015 03:26:18 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (03/15/2015 03:24:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (03/15/2015 02:46:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (03/15/2015 02:46:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (03/15/2015 02:46:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (03/15/2015 02:46:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (03/15/2015 02:46:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (03/15/2015 02:46:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
 
Microsoft Office Sessions:
=========================
Error: (03/15/2015 03:28:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc45401d05f5612991951C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe80454cbc-cb49-11e4-bedf-50b7c3b857f2
 
Error: (03/15/2015 03:15:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39cb2401d05f545fc3f109C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dllaaf191ae-cb47-11e4-bede-50b7c3b857f2
 
Error: (03/15/2015 02:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc6bc01d05f4e6ca89e13C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.execdbfa115-cb41-11e4-bede-50b7c3b857f2
 
Error: (03/15/2015 02:29:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416295401d05f4da5e34e6f4294967295C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE39cd7448-cb41-11e4-bedd-50b7c3b857f2
 
Error: (03/15/2015 02:17:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c1cd401d05f4c3748254dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll78b5850b-cb3f-11e4-bedd-50b7c3b857f2
 
Error: (03/15/2015 02:16:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c1e8401d05f4c26ed816cC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll68de030f-cb3f-11e4-bedd-50b7c3b857f2
 
Error: (03/15/2015 02:15:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174162a7401d05f4bd5bbe95c62C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE458cf060-cb3f-11e4-bedd-50b7c3b857f2
 
Error: (03/15/2015 02:14:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1741628ac01d05f4baa38fe16171C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0edf5adf-cb3f-11e4-bedd-50b7c3b857f2
 
Error: (03/15/2015 02:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39cb0801d05f4b38ba5410C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll7aa95468-cb3e-11e4-bedd-50b7c3b857f2
 
Error: (03/15/2015 02:08:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NinjaMaintainer.exe1.0.0.1549fb562BrSp.dll_unloaded0.0.0.0549fb56fc00001a500010218ac001d05f48f49ba38eC:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exeBrSp.dll3e3bd1f4-cb3e-11e4-bedd-50b7c3b857f2
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-15 15:26:02.719
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-15 14:32:30.140
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-15 14:27:03.337
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-15 14:27:02.681
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-15 14:27:02.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-15 14:27:01.525
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-15 14:26:59.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-15 14:26:59.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-15 14:26:59.165
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-15 14:26:58.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 25%
Total physical RAM: 5595.1 MB
Available physical RAM: 4142.52 MB
Total Pagefile: 6491.1 MB
Available Pagefile: 4697.56 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:440.17 GB) (Free:367.73 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 

 


  • 0

Advertisements

#2
Essexboy
Posted 15 March 2015 - 02:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, currently I believe the adware outnumbers windows files.. But we will now rectify that problem

The FRST fix may take a while as there is a lot to remove and reset

Uninstall Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel, you can reinstall when we have finished.

Note: When asked about user data or settings you must remove this also so please check the box.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Or if you wish I have prepared one for you here .. If you wish to use this then download it to your desktop where FRST is


 

CreateRestorePoint:
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Bill\AppData\Local\SmartWeb\SmartWebHelper.exe [270696 2014-12-31] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [WinCheck] => C:\Users\Bill\AppData\Local\wincheck\wincheck.exe [267776 2015-01-18] ()
HKLM-x32\...\Run: [gmsd_us_108] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\RunOnce: [upospd_us_657.exe] => C:\Users\Bill\AppData\Local\ospd_us_657\upospd_us_657.exe [3289768 2015-01-14] ()
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [256272 2015-02-19] (Client Connect LTD)
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\vc32loader.dll [218384 2015-02-19] (Client Connect LTD)
AppInit_DLLs-x32: c:/progra~3/{a9c44~1/171~1.0/laca.dll => c:\ProgramData\{A9C44107-F946-9081-48C0-E0039842338D}\1.7.1.0\laca.dll [649216 2015-01-14] ()
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro_soft_partner.lnk
ShortcutTarget: optimizerpro_soft_partner.lnk -> C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce}\optimizerpro_soft_partner.exe (PC Utilities Software Limited)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...&D=031515&SSPV=
URLSearchHook: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www-searching...q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching...q={searchTerms}
SearchScopes: HKLM -> {9D104B0D-4B45-48A3-8222-54140634588F} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> DefaultScope {6C0BCDBF-E321-4B06-A865-F0CB012778D3} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {250D9A93-5D4F-4316-9B27-8D4CE4AD37F3} URL = http://vosteran.com/...r=582010452&ir=
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {6C0BCDBF-E321-4B06-A865-F0CB012778D3} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {9D104B0D-4B45-48A3-8222-54140634588F} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.co...&iwk=245&lng=en
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {F0CE452A-D6D2-4EFC-B4A6-5444870DDF3D} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {F18F2FF9-0286-4EAD-A017-951B00125A36} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {F7C78C08-3CC7-416F-B827-7C1785ABBDA8} URL = http://www-searching...q={searchTerms}
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO: frEoe2you -> {bab3f72a-a8c6-46f8-99a2-29aa3f086e0b} -> C:\Program Files (x86)\frEoe2you\Llta6cxaOTjYQN.x64.dll [2015-03-06] ()
BHO-x32: frEoe2you -> {bab3f72a-a8c6-46f8-99a2-29aa3f086e0b} -> C:\Program Files (x86)\frEoe2you\Llta6cxaOTjYQN.dll [2015-03-06] ()
Toolbar: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-02-04] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-02-04] (globalUpdate)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Firefox\Extensions: [{AAC83427-BA95-CD20-6216-ACF1FD53519D}] - C:\Program Files (x86)\ver9SpeedCheck\187.xpi
FF Extension: SpeedCheck - C:\Program Files (x86)\ver9SpeedCheck\187.xpi [2015-02-15]
CHR Extension: (Newhub) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp [2014-03-28]
CHR Extension: (Google Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-07]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-14]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-07]
CHR Extension: (Google Search) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-07]
CHR Extension: (JavaScript Notepad) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemkmiehbcigiognajmhgfgglomdbddc [2015-03-03]
CHR Extension: (VideoDownloadConverter) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci [2014-01-19]
CHR Extension: (PlusHD Q-9.1V14.01) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb [2015-01-14]
CHR Extension: (TransferBigFilescom Gmail Extension) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajnjaghjodocddaglgghffgacnoepgf [2015-02-28]
CHR Extension: (Google Wallet) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Iminent NewTab) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nociobghckdhokecfeajdpimjeapnopn [2015-02-13]
CHR Extension: (No Name) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nongkkjjhbjloiienhkhphhjjlnlnbfe [2015-02-11]
CHR Extension: (Vosteran New Tab) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-01-14]
CHR Extension: (MapsGalaxy) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-01-12]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-07]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Bill\AppData\Local\nwhb-v9.4.15.crx [2014-03-28]
CHR HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
R2 05a601a1; c:\Program Files (x86)\EngineRunner\EngineRunner.dll [1608704 2015-02-28] () [File not signed]
S2 372ab9f0; c:\Program Files (x86)\Optimizer Pro 3.31\OptProMon.dll [1597008 2015-01-14] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2948880 2015-02-19] (Client Connect LTD)
R2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [1844232 2015-01-27] (CartCrunch Israel Ltd.) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-04] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-04] (globalUpdate) [File not signed]
R2 PicColor Service; C:\ProgramData\PicColor Utility\PicColor.exe [567296 2015-02-03] () [File not signed]
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2719592 2015-02-02] (Search Module Ltd.)
R2 Update Solution Real; C:\Program Files (x86)\Solution Real\updateSolutionReal.exe [413936 2015-03-15] ()
R2 Util Solution Real; C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe [413936 2015-03-15] ()
R2 wpsvc_1.10.0.5; C:\Program Files (x86)\WordProser_1.10.0.5\Service\wpsvc.exe [277584 2014-12-11] (Word Proser)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42856 2015-02-02] ()
R2 webinstrNHKT; C:\WINDOWS\system32\Drivers\webinstrNHKT.sys [50264 2015-02-15] ()
R1 wpnfd_1_10_0_5; C:\Windows\System32\drivers\wpnfd_1_10_0_5.sys [58240 2014-12-11] (Word Proser)
R1 {1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64; C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys [48792 2015-01-25] (StdLib)
R1 {31c21995-b861-4864-ab50-4a53fbca73d4}Gw64; C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys [48784 2015-02-04] (StdLib)
R1 {5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64; C:\Windows\System32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys [48792 2015-01-23] (StdLib)
R1 {df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64; C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys [48784 2015-02-01] (StdLib)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
2015-03-15 15:16 - 2015-03-15 15:16 - 00000000 ____D () C:\Program Files (x86)\ProcessInit
2015-03-15 15:15 - 2015-03-15 15:15 - 00000000 ____D () C:\ProgramData\2a03dba000000bc6
2015-03-06 10:26 - 2015-03-06 10:26 - 00000000 ____D () C:\Program Files (x86)\frEoe2you
2015-03-06 10:06 - 2015-03-06 10:26 - 00000000 ____D () C:\Program Files (x86)\FllaashCoupon
2015-03-04 12:13 - 2015-03-15 14:01 - 00000000 ____D () C:\Users\Bill\Documents\ProPCCleaner
2015-03-03 20:02 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\deaLstEr
2015-03-03 20:01 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\DiscountLeocaaToR
2015-03-03 20:01 - 2015-03-03 20:01 - 00000000 ____D () C:\Program Files (x86)\PriceDownlOaderr
2015-02-28 19:55 - 2015-02-28 19:55 - 00000000 ____D () C:\Program Files (x86)\lOewraite
2015-02-28 19:54 - 2015-02-28 19:55 - 00000000 ____D () C:\Program Files (x86)\TransferBigFilescom Gmail Extension
2015-02-28 19:54 - 2015-02-28 19:54 - 00000000 ____D () C:\ProgramData\aggnakmglaoeailapkcgnblfommppdpe
2015-02-28 19:53 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\offferduEaell
2015-02-28 19:53 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\buyandBrowsea
2015-02-28 19:53 - 2015-02-28 19:53 - 00000000 ____D () C:\Program Files (x86)\nitRodeeal
2015-02-28 19:53 - 2015-02-28 19:53 - 00000000 ____D () C:\Program Files (x86)\nicenfRee
2015-02-28 19:52 - 2015-02-28 19:52 - 00000000 ____D () C:\ProgramData\ChampionDeals
2015-02-28 19:22 - 2015-02-28 19:23 - 00004222 _____ () C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_3534343030393132372d2d55506c2a5a55576c412334
2015-02-28 19:21 - 2015-02-28 19:21 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Logon_Trigger_WPS_Mon_Task
2015-02-28 19:21 - 2015-02-28 19:21 - 00003074 _____ () C:\WINDOWS\System32\Tasks\UNELEVATE_18080
2015-02-28 19:13 - 2015-03-03 19:42 - 00000000 ____D () C:\Users\Bill\AppData\Local\avayvaxvaa
2015-02-28 19:13 - 2015-02-28 19:13 - 00003444 _____ () C:\WINDOWS\System32\Tasks\avayvaxvaa
2015-02-28 19:12 - 2015-02-28 19:12 - 00000000 ____D () C:\Program Files (x86)\EngineRunner
2015-02-24 23:44 - 2015-02-24 23:44 - 00003150 _____ () C:\WINDOWS\System32\Tasks\UNELEVATE_22256
2015-02-24 23:35 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\bruowwseAndsshop
2015-02-24 23:35 - 2015-02-24 23:36 - 00000000 ____D () C:\Program Files (x86)\Pyramid Run
2015-02-24 16:24 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\appsaVe
2015-02-24 16:23 - 2015-02-24 16:24 - 00000000 ____D () C:\Program Files (x86)\buyaandbrowse
2015-02-24 16:19 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-24 16:19 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-24 16:19 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-24 16:19 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 15:50 - 2015-03-15 15:09 - 00003738 _____ () C:\WINDOWS\System32\Tasks\DriverRestore_ScheduledScan
2015-02-24 15:50 - 2015-03-15 15:09 - 00003592 _____ () C:\WINDOWS\System32\Tasks\DriverRestore_DailyScan
2015-02-24 15:50 - 2015-02-24 15:50 - 00001039 _____ () C:\Users\Public\Desktop\DriverRestore.lnk
2015-02-24 15:50 - 2015-02-24 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-02-24 15:49 - 2015-03-15 15:02 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2015-02-24 15:48 - 2015-02-28 19:13 - 00000000 ____D () C:\ProgramData\40ee09c0000064f3
2015-02-24 15:37 - 2015-03-15 13:56 - 00000020 _____ () C:\Users\Bill\AppData\Roaming\appdataFr3.bin
2015-02-24 15:34 - 2015-02-24 15:34 - 00000000 ____D () C:\ProgramData\cheapcoup
2015-02-24 11:39 - 2015-03-15 14:00 - 00003450 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup
2015-02-24 11:39 - 2015-02-24 11:39 - 00003186 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-02-24 11:39 - 2015-02-24 11:39 - 00000000 ____D () C:\Users\Bill\AppData\Local\Pro_PC_Cleaner
2015-02-15 12:03 - 2015-02-15 12:03 - 00000000 ____D () C:\9b57c021e1f305c24cdd076e
2015-02-15 11:57 - 2015-03-15 15:27 - 00000420 _____ () C:\WINDOWS\Tasks\SpeedCheck Update.job
2015-02-15 11:57 - 2015-02-15 11:57 - 00003058 _____ () C:\WINDOWS\System32\Tasks\SpeedCheck Update
2015-02-15 11:56 - 2015-02-15 11:56 - 00000000 ____D () C:\Program Files (x86)\ver9SpeedCheck
2015-02-13 09:45 - 2015-03-15 14:31 - 00000000 ____D () C:\Program Files\shopperz
2015-02-13 09:45 - 2015-02-13 09:45 - 00000045 _____ () C:\user.js
2015-03-15 15:27 - 2015-01-14 15:14 - 00000906 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-03-15 15:27 - 2015-01-14 15:11 - 00002167 _____ () C:\WINDOWS\patsearch.bin
2015-03-15 15:27 - 2015-01-14 10:23 - 00000000 ____D () C:\Program Files (x86)\Solution Real
2015-03-15 15:27 - 2014-11-13 10:20 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 15:26 - 2015-02-04 09:49 - 00005360 _____ () C:\WINDOWS\SysWOW64\ColorMedia.ini
2015-03-15 15:26 - 2015-02-04 09:49 - 00002960 _____ () C:\WINDOWS\SysWOW64\ColorMediaOff.ini
2015-03-15 15:26 - 2015-02-04 09:49 - 00002960 _____ () C:\WINDOWS\system32\ColorMediaOff.ini
2015-03-15 14:00 - 2012-11-14 02:15 - 00000000 ____D () C:\ProgramData\WinClon
2015-03-15 13:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-06 10:26 - 2015-02-09 13:48 - 00000000 ____D () C:\ProgramData\9280794494656593764
2015-02-28 19:13 - 2015-02-12 10:02 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
Task: {01FB21A5-F54E-4173-B3E3-0FB186D94F5B} - System32\Tasks\EOSSVMA => C:\ProgramData\38b2bc6477024acda7d41a3bfc14c3eb\38b2bc6477024acda7d41a3bfc14c3eb.exe [2015-02-03] ()
Task: {0DA05C06-F8FD-4A1E-A1DA-61BB6204CCAD} - System32\Tasks\SearchSnacks Auto Updater 1.10.0.5 Core => C:\Program Files (x86)\SearchSnacks_1.10.0.5\Update\SearchSnacksAutoUpdateClient.exe
Task: {12C0AAF0-1015-42BF-88EA-77BAF103D523} - System32\Tasks\avayvaxvaa => C:\Users\Bill\AppData\Local\avayvaxvaa\avayvaxvaa.exe [2015-02-19] () <==== ATTENTION
Task: {1F6CE88C-9141-490F-86DD-3B42702A516F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-04] (globalUpdate) <==== ATTENTION
Task: {270CC987-AB25-41C3-9694-22D1E5C838EC} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
Task: {45CD155C-2EDD-4BBD-B881-4A68848A6C91} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-04] (globalUpdate) <==== ATTENTION
Task: {53C9B0F7-4EEE-452C-A2A3-88BB65E75F16} - System32\Tasks\{C5EFA263-DC63-43C5-8A8C-26FCA193F311} => pcalua.exe -a "C:\Program Files (x86)\donutleads\uninstall.exe"
Task: {55107E21-1FAB-4E11-802C-F56CAF9B48EA} - System32\Tasks\SearchSnacks Auto Updater 1.10.0.5 Pending Update => C:\Program Files (x86)\SearchSnacks_1.10.0.5\Update\SearchSnacksAutoUpdateClient.exe
Task: {5CEDF6EA-39DC-4B75-B84B-E0385306490A} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Bill\AppData\Local\SmartWeb\SmartWebHelper.exe [2014-12-31] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {64E09980-94C1-4351-A8F5-7A0A76763671} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-11-29] ()
Task: {6CC812EA-A94F-4577-A460-DD9FEC2FD070} - System32\Tasks\{3916FB30-1D1B-4EEB-93E7-EA26E9C85BAC} => pcalua.exe -a C:\PROGRA~2\WSE_VO~1\\uninstall.exe -c /uninstaller
Task: {7EC57F4E-A7C9-45DC-927D-92C2384588F4} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-11-29] ()
Task: {84E6CCF4-D432-4C68-A7E1-664557CAA51D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {89E99110-5367-4FB9-A093-9A714AF26076} - System32\Tasks\SPBIW_UpdateTask_Time_3534343030393132372d2d55506c2a5a55576c412334 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8B6BFEE7-D685-4327-A90A-053AB2C2838F} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {A2E4DCF2-9547-422A-8C2A-432C9F6A2354} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {A5CC1119-4A3C-4168-B9DB-29BFB8A63BEE} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe [2015-02-02] (Goobzo) <==== ATTENTION
Task: {B331AFB7-F299-4FAA-BFF6-06B1E1F5B4BB} - System32\Tasks\SMW_UpdateTask_Time_3534343030393132372d78782345572a4a3441325057 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {B385544D-1193-438C-8291-133CB596D553} - System32\Tasks\UNELEVATE_18080 => C:\Program Files (x86)\ShopperPro\JSDriver\1492.0.0.0\jsdrv.exe <==== ATTENTION
Task: {BB1B31AE-1C5F-4290-A03B-A2B0555AC30B} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {CB187E49-115F-41A3-B7EC-FEEA1FB6A379} - System32\Tasks\CleanerPro_Popup => C:\Program Files (x86)\Cleaner Pro\Splash.exe
Task: {D4656973-7430-4DDE-94D2-177E4685785F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {E5B48B08-70DD-4EED-AC7A-C868922CB34F} - System32\Tasks\UNELEVATE_22256 => C:\Program Files (x86)\ShopperPro\JSDriver\1492.0.0.0\jsdrv.exe <==== ATTENTION
Task: {FD4B8332-62C6-48AA-801B-5C56C2E1D74F} - System32\Tasks\SpeedCheck Update => C:\Program Files (x86)\ver9SpeedCheck\r2SpeedCheckz46.exe [2015-02-15] ()
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SpeedCheck Update.job => C:\Program Files (x86)\ver9SpeedCheck\r2SpeedCheckz46.exe
C:\ProgramData\38b2bc6477024acda7d41a3bfc14c3eb\38b2bc6477024acda7d41a3bfc14c3eb.exe
C:\Program Files (x86)\SearchSnacks_1.10.0.5
C:\Users\Bill\AppData\Local\avayvaxvaa\avayvaxvaa.exe
C:\Program Files (x86)\donutleads
C:\Program Files (x86)\globalUpdate
C:\ProgramData\SearchModule
C:\Program Files (x86)\ShopperPro
C:\Program Files (x86)\Pro PC Cleaner
C:\Program Files\BubbleSound
C:\Users\Bill\AppData\Local\SmartWeb
C:\Users\Bill\AppData\Local\ospd_us_657
C:\Program Files (x86)\Itibiti Soft Phone
C:\Program Files\Kromtech
C:\Program Files (x86)\YTDownloader
c:\ProgramData\{A9C44107-F946-9081-48C0-E0039842338D}
C:\Program Files (x86)\frEoe2you
C:\Program Files (x86)\globalUpdate
C:\Program Files\shopperz
C:\Users\Bill\AppData\Local\Google\Chrome
C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce}
C:\Users\Bill\AppData\Local\wincheck
C:\Program Files (x86)\SearchProtect
C:\Users\Bill\AppData\Local\ospd_us_657
C:\Program Files (x86)\ver9SpeedCheck
C:\Program Files (x86)\WordProser_1.10.0.5
C:\Program Files (x86)\Solution Real
C:\Program Files\Common Files\Goobzo
C:\ProgramData\PicColor Utility
C:\Users\Bill\AppData\Local\wincheck
c:\Program Files (x86)\EngineRunner
c:\Program Files (x86)\Optimizer Pro 3.31
C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys
C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys
C:\Windows\System32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys
C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys
C:\Windows\system32\drivers\cherimoya.sys
C:\WINDOWS\system32\drivers\SPPD.sys
C:\WINDOWS\system32\drivers\ssnfd_1_10_0_5.sys
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

NEXT

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Could you run a fresh FRST scan to see what I have missed :)
  • 0

#3
frobey
Posted 15 March 2015 - 04:52 PM

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Since I couldn't run Chrome I had to just uninstall it without saving his bookmarks, he'll just have to recreate them.

 

While running the fixlist a box popped up about blocking some HP thingy (sorry didn't write it down), I permitted it to occur, but the FRST has been stuck (not responding) since then for at least 30 minutes....should I restart the tool?

 

Thanks for your help!!!


  • 0

#4
Essexboy
Posted 16 March 2015 - 10:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes stop FRST and then there should be a log on the desktop if you could post that so that I can see where it stopped at

Then continue with AdwCleaner
  • 0

#5
frobey
Posted 16 March 2015 - 12:59 PM

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

It won't let me post all the logs in one reply so I'll have to break them up into separate messages..sorry about that.

 

Here is the fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Bill at 2015-03-15 18:33:21 Run:1
Running from C:\Users\Bill\Desktop
Loaded Profiles: Bill (Available profiles: Bill)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Bill\AppData\Local\SmartWeb\SmartWebHelper.exe [270696 2014-12-31] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [WinCheck] => C:\Users\Bill\AppData\Local\wincheck\wincheck.exe [267776 2015-01-18] ()
HKLM-x32\...\Run: [gmsd_us_108] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\RunOnce: [upospd_us_657.exe] => C:\Users\Bill\AppData\Local\ospd_us_657\upospd_us_657.exe [3289768 2015-01-14] ()
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [256272 2015-02-19] (Client Connect LTD)
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\vc32loader.dll [218384 2015-02-19] (Client Connect LTD)
AppInit_DLLs-x32: c:/progra~3/{a9c44~1/171~1.0/laca.dll => c:\ProgramData\{A9C44107-F946-9081-48C0-E0039842338D}\1.7.1.0\laca.dll [649216 2015-01-14] ()
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro_soft_partner.lnk
ShortcutTarget: optimizerpro_soft_partner.lnk -> C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce}\optimizerpro_soft_partner.exe (PC Utilities Software Limited)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...&D=031515&SSPV=
URLSearchHook: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www-searching...q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching...q={searchTerms}
SearchScopes: HKLM -> {9D104B0D-4B45-48A3-8222-54140634588F} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> DefaultScope {6C0BCDBF-E321-4B06-A865-F0CB012778D3} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {250D9A93-5D4F-4316-9B27-8D4CE4AD37F3} URL = http://vosteran.com/...r=582010452&ir=
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {6C0BCDBF-E321-4B06-A865-F0CB012778D3} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {9D104B0D-4B45-48A3-8222-54140634588F} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.co...&iwk=245&lng=en
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {F0CE452A-D6D2-4EFC-B4A6-5444870DDF3D} URL = http://www-searching...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {F18F2FF9-0286-4EAD-A017-951B00125A36} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {F7C78C08-3CC7-416F-B827-7C1785ABBDA8} URL = http://www-searching...q={searchTerms}
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO: frEoe2you -> {bab3f72a-a8c6-46f8-99a2-29aa3f086e0b} -> C:\Program Files (x86)\frEoe2you\Llta6cxaOTjYQN.x64.dll [2015-03-06] ()
BHO-x32: frEoe2you -> {bab3f72a-a8c6-46f8-99a2-29aa3f086e0b} -> C:\Program Files (x86)\frEoe2you\Llta6cxaOTjYQN.dll [2015-03-06] ()
Toolbar: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-02-04] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-02-04] (globalUpdate)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Firefox\Extensions: [{AAC83427-BA95-CD20-6216-ACF1FD53519D}] - C:\Program Files (x86)\ver9SpeedCheck\187.xpi
FF Extension: SpeedCheck - C:\Program Files (x86)\ver9SpeedCheck\187.xpi [2015-02-15]
CHR Extension: (Newhub) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp [2014-03-28]
CHR Extension: (Google Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-07]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-14]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-07]
CHR Extension: (Google Search) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-07]
CHR Extension: (JavaScript Notepad) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemkmiehbcigiognajmhgfgglomdbddc [2015-03-03]
CHR Extension: (VideoDownloadConverter) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci [2014-01-19]
CHR Extension: (PlusHD Q-9.1V14.01) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb [2015-01-14]
CHR Extension: (TransferBigFilescom Gmail Extension) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajnjaghjodocddaglgghffgacnoepgf [2015-02-28]
CHR Extension: (Google Wallet) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Iminent NewTab) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nociobghckdhokecfeajdpimjeapnopn [2015-02-13]
CHR Extension: (No Name) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nongkkjjhbjloiienhkhphhjjlnlnbfe [2015-02-11]
CHR Extension: (Vosteran New Tab) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-01-14]
CHR Extension: (MapsGalaxy) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-01-12]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-07]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Bill\AppData\Local\nwhb-v9.4.15.crx [2014-03-28]
CHR HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
R2 05a601a1; c:\Program Files (x86)\EngineRunner\EngineRunner.dll [1608704 2015-02-28] () [File not signed]
S2 372ab9f0; c:\Program Files (x86)\Optimizer Pro 3.31\OptProMon.dll [1597008 2015-01-14] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2948880 2015-02-19] (Client Connect LTD)
R2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [1844232 2015-01-27] (CartCrunch Israel Ltd.) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-04] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-04] (globalUpdate) [File not signed]
R2 PicColor Service; C:\ProgramData\PicColor Utility\PicColor.exe [567296 2015-02-03] () [File not signed]
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2719592 2015-02-02] (Search Module Ltd.)
R2 Update Solution Real; C:\Program Files (x86)\Solution Real\updateSolutionReal.exe [413936 2015-03-15] ()
R2 Util Solution Real; C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe [413936 2015-03-15] ()
R2 wpsvc_1.10.0.5; C:\Program Files (x86)\WordProser_1.10.0.5\Service\wpsvc.exe [277584 2014-12-11] (Word Proser)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42856 2015-02-02] ()
R2 webinstrNHKT; C:\WINDOWS\system32\Drivers\webinstrNHKT.sys [50264 2015-02-15] ()
R1 wpnfd_1_10_0_5; C:\Windows\System32\drivers\wpnfd_1_10_0_5.sys [58240 2014-12-11] (Word Proser)
R1 {1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64; C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys [48792 2015-01-25] (StdLib)
R1 {31c21995-b861-4864-ab50-4a53fbca73d4}Gw64; C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys [48784 2015-02-04] (StdLib)
R1 {5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64; C:\Windows\System32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys [48792 2015-01-23] (StdLib)
R1 {df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64; C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys [48784 2015-02-01] (StdLib)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
2015-03-15 15:16 - 2015-03-15 15:16 - 00000000 ____D () C:\Program Files (x86)\ProcessInit
2015-03-15 15:15 - 2015-03-15 15:15 - 00000000 ____D () C:\ProgramData\2a03dba000000bc6
2015-03-06 10:26 - 2015-03-06 10:26 - 00000000 ____D () C:\Program Files (x86)\frEoe2you
2015-03-06 10:06 - 2015-03-06 10:26 - 00000000 ____D () C:\Program Files (x86)\FllaashCoupon
2015-03-04 12:13 - 2015-03-15 14:01 - 00000000 ____D () C:\Users\Bill\Documents\ProPCCleaner
2015-03-03 20:02 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\deaLstEr
2015-03-03 20:01 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\DiscountLeocaaToR
2015-03-03 20:01 - 2015-03-03 20:01 - 00000000 ____D () C:\Program Files (x86)\PriceDownlOaderr
2015-02-28 19:55 - 2015-02-28 19:55 - 00000000 ____D () C:\Program Files (x86)\lOewraite
2015-02-28 19:54 - 2015-02-28 19:55 - 00000000 ____D () C:\Program Files (x86)\TransferBigFilescom Gmail Extension
2015-02-28 19:54 - 2015-02-28 19:54 - 00000000 ____D () C:\ProgramData\aggnakmglaoeailapkcgnblfommppdpe
2015-02-28 19:53 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\offferduEaell
2015-02-28 19:53 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\buyandBrowsea
2015-02-28 19:53 - 2015-02-28 19:53 - 00000000 ____D () C:\Program Files (x86)\nitRodeeal
2015-02-28 19:53 - 2015-02-28 19:53 - 00000000 ____D () C:\Program Files (x86)\nicenfRee
2015-02-28 19:52 - 2015-02-28 19:52 - 00000000 ____D () C:\ProgramData\ChampionDeals
2015-02-28 19:22 - 2015-02-28 19:23 - 00004222 _____ () C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_3534343030393132372d2d55506c2a5a55576c412334
2015-02-28 19:21 - 2015-02-28 19:21 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Logon_Trigger_WPS_Mon_Task
2015-02-28 19:21 - 2015-02-28 19:21 - 00003074 _____ () C:\WINDOWS\System32\Tasks\UNELEVATE_18080
2015-02-28 19:13 - 2015-03-03 19:42 - 00000000 ____D () C:\Users\Bill\AppData\Local\avayvaxvaa
2015-02-28 19:13 - 2015-02-28 19:13 - 00003444 _____ () C:\WINDOWS\System32\Tasks\avayvaxvaa
2015-02-28 19:12 - 2015-02-28 19:12 - 00000000 ____D () C:\Program Files (x86)\EngineRunner
2015-02-24 23:44 - 2015-02-24 23:44 - 00003150 _____ () C:\WINDOWS\System32\Tasks\UNELEVATE_22256
2015-02-24 23:35 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\bruowwseAndsshop
2015-02-24 23:35 - 2015-02-24 23:36 - 00000000 ____D () C:\Program Files (x86)\Pyramid Run
2015-02-24 16:24 - 2015-03-06 10:06 - 00000000 ____D () C:\Program Files (x86)\appsaVe
2015-02-24 16:23 - 2015-02-24 16:24 - 00000000 ____D () C:\Program Files (x86)\buyaandbrowse
2015-02-24 16:19 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-24 16:19 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-24 16:19 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-24 16:19 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 15:50 - 2015-03-15 15:09 - 00003738 _____ () C:\WINDOWS\System32\Tasks\DriverRestore_ScheduledScan
2015-02-24 15:50 - 2015-03-15 15:09 - 00003592 _____ () C:\WINDOWS\System32\Tasks\DriverRestore_DailyScan
2015-02-24 15:50 - 2015-02-24 15:50 - 00001039 _____ () C:\Users\Public\Desktop\DriverRestore.lnk
2015-02-24 15:50 - 2015-02-24 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-02-24 15:49 - 2015-03-15 15:02 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2015-02-24 15:48 - 2015-02-28 19:13 - 00000000 ____D () C:\ProgramData\40ee09c0000064f3
2015-02-24 15:37 - 2015-03-15 13:56 - 00000020 _____ () C:\Users\Bill\AppData\Roaming\appdataFr3.bin
2015-02-24 15:34 - 2015-02-24 15:34 - 00000000 ____D () C:\ProgramData\cheapcoup
2015-02-24 11:39 - 2015-03-15 14:00 - 00003450 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup
2015-02-24 11:39 - 2015-02-24 11:39 - 00003186 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-02-24 11:39 - 2015-02-24 11:39 - 00000000 ____D () C:\Users\Bill\AppData\Local\Pro_PC_Cleaner
2015-02-15 12:03 - 2015-02-15 12:03 - 00000000 ____D () C:\9b57c021e1f305c24cdd076e
2015-02-15 11:57 - 2015-03-15 15:27 - 00000420 _____ () C:\WINDOWS\Tasks\SpeedCheck Update.job
2015-02-15 11:57 - 2015-02-15 11:57 - 00003058 _____ () C:\WINDOWS\System32\Tasks\SpeedCheck Update
2015-02-15 11:56 - 2015-02-15 11:56 - 00000000 ____D () C:\Program Files (x86)\ver9SpeedCheck
2015-02-13 09:45 - 2015-03-15 14:31 - 00000000 ____D () C:\Program Files\shopperz
2015-02-13 09:45 - 2015-02-13 09:45 - 00000045 _____ () C:\user.js
2015-03-15 15:27 - 2015-01-14 15:14 - 00000906 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-03-15 15:27 - 2015-01-14 15:11 - 00002167 _____ () C:\WINDOWS\patsearch.bin
2015-03-15 15:27 - 2015-01-14 10:23 - 00000000 ____D () C:\Program Files (x86)\Solution Real
2015-03-15 15:27 - 2014-11-13 10:20 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 15:26 - 2015-02-04 09:49 - 00005360 _____ () C:\WINDOWS\SysWOW64\ColorMedia.ini
2015-03-15 15:26 - 2015-02-04 09:49 - 00002960 _____ () C:\WINDOWS\SysWOW64\ColorMediaOff.ini
2015-03-15 15:26 - 2015-02-04 09:49 - 00002960 _____ () C:\WINDOWS\system32\ColorMediaOff.ini
2015-03-15 14:00 - 2012-11-14 02:15 - 00000000 ____D () C:\ProgramData\WinClon
2015-03-15 13:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-06 10:26 - 2015-02-09 13:48 - 00000000 ____D () C:\ProgramData\9280794494656593764
2015-02-28 19:13 - 2015-02-12 10:02 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
Task: {01FB21A5-F54E-4173-B3E3-0FB186D94F5B} - System32\Tasks\EOSSVMA => C:\ProgramData\38b2bc6477024acda7d41a3bfc14c3eb\38b2bc6477024acda7d41a3bfc14c3eb.exe [2015-02-03] ()
Task: {0DA05C06-F8FD-4A1E-A1DA-61BB6204CCAD} - System32\Tasks\SearchSnacks Auto Updater 1.10.0.5 Core => C:\Program Files (x86)\SearchSnacks_1.10.0.5\Update\SearchSnacksAutoUpdateClient.exe
Task: {12C0AAF0-1015-42BF-88EA-77BAF103D523} - System32\Tasks\avayvaxvaa => C:\Users\Bill\AppData\Local\avayvaxvaa\avayvaxvaa.exe [2015-02-19] () <==== ATTENTION
Task: {1F6CE88C-9141-490F-86DD-3B42702A516F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-04] (globalUpdate) <==== ATTENTION
Task: {270CC987-AB25-41C3-9694-22D1E5C838EC} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
Task: {45CD155C-2EDD-4BBD-B881-4A68848A6C91} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-04] (globalUpdate) <==== ATTENTION
Task: {53C9B0F7-4EEE-452C-A2A3-88BB65E75F16} - System32\Tasks\{C5EFA263-DC63-43C5-8A8C-26FCA193F311} => pcalua.exe -a "C:\Program Files (x86)\donutleads\uninstall.exe"
Task: {55107E21-1FAB-4E11-802C-F56CAF9B48EA} - System32\Tasks\SearchSnacks Auto Updater 1.10.0.5 Pending Update => C:\Program Files (x86)\SearchSnacks_1.10.0.5\Update\SearchSnacksAutoUpdateClient.exe
Task: {5CEDF6EA-39DC-4B75-B84B-E0385306490A} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Bill\AppData\Local\SmartWeb\SmartWebHelper.exe [2014-12-31] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {64E09980-94C1-4351-A8F5-7A0A76763671} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-11-29] ()
Task: {6CC812EA-A94F-4577-A460-DD9FEC2FD070} - System32\Tasks\{3916FB30-1D1B-4EEB-93E7-EA26E9C85BAC} => pcalua.exe -a C:\PROGRA~2\WSE_VO~1\\uninstall.exe -c /uninstaller
Task: {7EC57F4E-A7C9-45DC-927D-92C2384588F4} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-11-29] ()
Task: {84E6CCF4-D432-4C68-A7E1-664557CAA51D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {89E99110-5367-4FB9-A093-9A714AF26076} - System32\Tasks\SPBIW_UpdateTask_Time_3534343030393132372d2d55506c2a5a55576c412334 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8B6BFEE7-D685-4327-A90A-053AB2C2838F} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {A2E4DCF2-9547-422A-8C2A-432C9F6A2354} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {A5CC1119-4A3C-4168-B9DB-29BFB8A63BEE} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe [2015-02-02] (Goobzo) <==== ATTENTION
Task: {B331AFB7-F299-4FAA-BFF6-06B1E1F5B4BB} - System32\Tasks\SMW_UpdateTask_Time_3534343030393132372d78782345572a4a3441325057 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {B385544D-1193-438C-8291-133CB596D553} - System32\Tasks\UNELEVATE_18080 => C:\Program Files (x86)\ShopperPro\JSDriver\1492.0.0.0\jsdrv.exe <==== ATTENTION
Task: {BB1B31AE-1C5F-4290-A03B-A2B0555AC30B} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {CB187E49-115F-41A3-B7EC-FEEA1FB6A379} - System32\Tasks\CleanerPro_Popup => C:\Program Files (x86)\Cleaner Pro\Splash.exe
Task: {D4656973-7430-4DDE-94D2-177E4685785F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {E5B48B08-70DD-4EED-AC7A-C868922CB34F} - System32\Tasks\UNELEVATE_22256 => C:\Program Files (x86)\ShopperPro\JSDriver\1492.0.0.0\jsdrv.exe <==== ATTENTION
Task: {FD4B8332-62C6-48AA-801B-5C56C2E1D74F} - System32\Tasks\SpeedCheck Update => C:\Program Files (x86)\ver9SpeedCheck\r2SpeedCheckz46.exe [2015-02-15] ()
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SpeedCheck Update.job => C:\Program Files (x86)\ver9SpeedCheck\r2SpeedCheckz46.exe
C:\ProgramData\38b2bc6477024acda7d41a3bfc14c3eb\38b2bc6477024acda7d41a3bfc14c3eb.exe
C:\Program Files (x86)\SearchSnacks_1.10.0.5
C:\Users\Bill\AppData\Local\avayvaxvaa\avayvaxvaa.exe
C:\Program Files (x86)\donutleads
C:\Program Files (x86)\globalUpdate
C:\ProgramData\SearchModule
C:\Program Files (x86)\ShopperPro
C:\Program Files (x86)\Pro PC Cleaner
C:\Program Files\BubbleSound
C:\Users\Bill\AppData\Local\SmartWeb
C:\Users\Bill\AppData\Local\ospd_us_657
C:\Program Files (x86)\Itibiti Soft Phone
C:\Program Files\Kromtech
C:\Program Files (x86)\YTDownloader
c:\ProgramData\{A9C44107-F946-9081-48C0-E0039842338D}
C:\Program Files (x86)\frEoe2you
C:\Program Files (x86)\globalUpdate
C:\Program Files\shopperz
C:\Users\Bill\AppData\Local\Google\Chrome
C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce}
C:\Users\Bill\AppData\Local\wincheck
C:\Program Files (x86)\SearchProtect
C:\Users\Bill\AppData\Local\ospd_us_657
C:\Program Files (x86)\ver9SpeedCheck
C:\Program Files (x86)\WordProser_1.10.0.5
C:\Program Files (x86)\Solution Real
C:\Program Files\Common Files\Goobzo
C:\ProgramData\PicColor Utility
C:\Users\Bill\AppData\Local\wincheck
c:\Program Files (x86)\EngineRunner
c:\Program Files (x86)\Optimizer Pro 3.31
C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys
C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys
C:\Windows\System32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys
C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys
C:\Windows\system32\drivers\cherimoya.sys
C:\WINDOWS\system32\drivers\SPPD.sys
C:\WINDOWS\system32\drivers\ssnfd_1_10_0_5.sys
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
 
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinCheck => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_108 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upospd_us_657.exe => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL" => Value Data removed successfully.
"c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" => Value Data removed successfully.
"c:/progra~3/{a9c44~1/171~1.0/laca.dll" => Value Data removed successfully.
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro_soft_partner.lnk => Moved successfully.
C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce}\optimizerpro_soft_partner.exe => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}" => Key deleted successfully.
HKCR\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key deleted successfully.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D104B0D-4B45-48A3-8222-54140634588F}" => Key deleted successfully.
HKCR\CLSID\{9D104B0D-4B45-48A3-8222-54140634588F} => Key not found. 
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{250D9A93-5D4F-4316-9B27-8D4CE4AD37F3}" => Key deleted successfully.
HKCR\CLSID\{250D9A93-5D4F-4316-9B27-8D4CE4AD37F3} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}" => Key deleted successfully.
HKCR\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C0BCDBF-E321-4B06-A865-F0CB012778D3}" => Key deleted successfully.
HKCR\CLSID\{6C0BCDBF-E321-4B06-A865-F0CB012778D3} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key deleted successfully.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D104B0D-4B45-48A3-8222-54140634588F}" => Key deleted successfully.
HKCR\CLSID\{9D104B0D-4B45-48A3-8222-54140634588F} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}" => Key deleted successfully.
HKCR\CLSID\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}" => Key deleted successfully.
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0CE452A-D6D2-4EFC-B4A6-5444870DDF3D}" => Key deleted successfully.
HKCR\CLSID\{F0CE452A-D6D2-4EFC-B4A6-5444870DDF3D} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F18F2FF9-0286-4EAD-A017-951B00125A36}" => Key deleted successfully.
HKCR\CLSID\{F18F2FF9-0286-4EAD-A017-951B00125A36} => Key not found. 
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7C78C08-3CC7-416F-B827-7C1785ABBDA8}" => Key deleted successfully.
HKCR\CLSID\{F7C78C08-3CC7-416F-B827-7C1785ABBDA8} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bab3f72a-a8c6-46f8-99a2-29aa3f086e0b}" => Key deleted successfully.
"HKCR\CLSID\{bab3f72a-a8c6-46f8-99a2-29aa3f086e0b}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bab3f72a-a8c6-46f8-99a2-29aa3f086e0b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{bab3f72a-a8c6-46f8-99a2-29aa3f086e0b}" => Key deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found. 
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000016 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000016 => Deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Mozilla\Firefox\Extensions\\{AAC83427-BA95-CD20-6216-ACF1FD53519D} => value deleted successfully.
C:\Program Files (x86)\ver9SpeedCheck\187.xpi => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemkmiehbcigiognajmhgfgglomdbddc => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajnjaghjodocddaglgghffgacnoepgf => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nociobghckdhokecfeajdpimjeapnopn => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nongkkjjhbjloiienhkhphhjjlnlnbfe => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb => Moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp" => Key deleted successfully.
C:\Users\Bill\AppData\Local\nwhb-v9.4.15.crx => Moved successfully.
"HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
05a601a1 => Service deleted successfully.
372ab9f0 => Service deleted successfully.
CltMngSvc => Unable to stop service
CltMngSvc => Service deleted successfully.
ColorMedia => Unable to stop service
ColorMedia => Service deleted successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
PicColor Service => Unable to stop service
PicColor Service => Service deleted successfully.
SMUpd => Unable to stop service
SMUpd => Service deleted successfully.
Update Solution Real => Unable to stop service
Update Solution Real => Service deleted successfully.
Util Solution Real => Unable to stop service
Util Solution Real => Service deleted successfully.
wpsvc_1.10.0.5 => Unable to stop service
wpsvc_1.10.0.5 => Service deleted successfully.
BrsHelper => Service deleted successfully.
SMUpdd => Unable to stop service
SMUpdd => Service deleted successfully.
webinstrNHKT => Unable to stop service
webinstrNHKT => Service deleted successfully.
wpnfd_1_10_0_5 => Unable to stop service
wpnfd_1_10_0_5 => Service deleted successfully.
{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64 => Unable to stop service
{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64 => Service deleted successfully.
{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64 => Unable to stop service
{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64 => Service deleted successfully.
{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64 => Unable to stop service
{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64 => Service deleted successfully.
{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64 => Unable to stop service
{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64 => Service deleted successfully.
cherimoya => Service deleted successfully.
SPPD => Unable to stop service
SPPD => Service deleted successfully.
ssnfd_1_10_0_5 => Service deleted successfully.
C:\Program Files (x86)\ProcessInit => Moved successfully.
C:\ProgramData\2a03dba000000bc6 => Moved successfully.
C:\Program Files (x86)\frEoe2you => Moved successfully.
C:\Program Files (x86)\FllaashCoupon => Moved successfully.
C:\Users\Bill\Documents\ProPCCleaner => Moved successfully.
C:\Program Files (x86)\deaLstEr => Moved successfully.
C:\Program Files (x86)\DiscountLeocaaToR => Moved successfully.
C:\Program Files (x86)\PriceDownlOaderr => Moved successfully.
C:\Program Files (x86)\lOewraite => Moved successfully.
C:\Program Files (x86)\TransferBigFilescom Gmail Extension => Moved successfully.
C:\ProgramData\aggnakmglaoeailapkcgnblfommppdpe => Moved successfully.
C:\Program Files (x86)\offferduEaell => Moved successfully.
C:\Program Files (x86)\buyandBrowsea => Moved successfully.
C:\Program Files (x86)\nitRodeeal => Moved successfully.
C:\Program Files (x86)\nicenfRee => Moved successfully.
C:\ProgramData\ChampionDeals => Moved successfully.
C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_3534343030393132372d2d55506c2a5a55576c412334 => Moved successfully.
C:\WINDOWS\System32\Tasks\Logon_Trigger_WPS_Mon_Task => Moved successfully.
C:\WINDOWS\System32\Tasks\UNELEVATE_18080 => Moved successfully.
C:\Users\Bill\AppData\Local\avayvaxvaa => Moved successfully.
C:\WINDOWS\System32\Tasks\avayvaxvaa => Moved successfully.
C:\Program Files (x86)\EngineRunner => Moved successfully.
C:\WINDOWS\System32\Tasks\UNELEVATE_22256 => Moved successfully.
C:\Program Files (x86)\bruowwseAndsshop => Moved successfully.
C:\Program Files (x86)\Pyramid Run => Moved successfully.
C:\Program Files (x86)\appsaVe => Moved successfully.
C:\Program Files (x86)\buyaandbrowse => Moved successfully.
C:\WINDOWS\system32\Windows.Globalization.dll => Moved successfully.
C:\WINDOWS\system32\GlobCollationHost.dll => Moved successfully.
C:\WINDOWS\SysWOW64\Windows.Globalization.dll => Moved successfully.
C:\WINDOWS\SysWOW64\GlobCollationHost.dll => Moved successfully.
C:\WINDOWS\System32\Tasks\DriverRestore_ScheduledScan => Moved successfully.
C:\WINDOWS\System32\Tasks\DriverRestore_DailyScan => Moved successfully.
C:\Users\Public\Desktop\DriverRestore.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore => Moved successfully.
C:\Program Files (x86)\DriverRestore => Moved successfully.
C:\ProgramData\40ee09c0000064f3 => Moved successfully.
C:\Users\Bill\AppData\Roaming\appdataFr3.bin => Moved successfully.
C:\ProgramData\cheapcoup => Moved successfully.
C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
C:\WINDOWS\System32\Tasks\ProPCCleaner_Start => Moved successfully.
C:\Users\Bill\AppData\Local\Pro_PC_Cleaner => Moved successfully.
C:\9b57c021e1f305c24cdd076e => Moved successfully.
C:\WINDOWS\Tasks\SpeedCheck Update.job => Moved successfully.
C:\WINDOWS\System32\Tasks\SpeedCheck Update => Moved successfully.
 
"C:\Program Files (x86)\ver9SpeedCheck" directory move:
 
Could not move "C:\Program Files (x86)\ver9SpeedCheck" directory. => Scheduled to move on reboot.
 
C:\Program Files\shopperz => Moved successfully.
C:\user.js => Moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\patsearch.bin => Moved successfully.
 
"C:\Program Files (x86)\Solution Real" directory move:
 
Could not move "C:\Program Files (x86)\Solution Real" directory. => Scheduled to move on reboot.
 
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job" => File/Directory not found.
C:\WINDOWS\SysWOW64\ColorMedia.ini => Moved successfully.
C:\WINDOWS\SysWOW64\ColorMediaOff.ini => Moved successfully.
C:\WINDOWS\system32\ColorMediaOff.ini => Moved successfully.
C:\ProgramData\WinClon => Moved successfully.
C:\WINDOWS\AppReadiness => Moved successfully.
C:\ProgramData\9280794494656593764 => Moved successfully.
 
"C:\Program Files (x86)\SearchProtect" directory move:
 
Could not move "C:\Program Files (x86)\SearchProtect" directory. => Scheduled to move on reboot.
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01FB21A5-F54E-4173-B3E3-0FB186D94F5B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01FB21A5-F54E-4173-B3E3-0FB186D94F5B}" => Key deleted successfully.
C:\Windows\System32\Tasks\EOSSVMA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSSVMA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DA05C06-F8FD-4A1E-A1DA-61BB6204CCAD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DA05C06-F8FD-4A1E-A1DA-61BB6204CCAD}" => Key deleted successfully.
C:\Windows\System32\Tasks\SearchSnacks Auto Updater 1.10.0.5 Core => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SearchSnacks Auto Updater 1.10.0.5 Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12C0AAF0-1015-42BF-88EA-77BAF103D523}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12C0AAF0-1015-42BF-88EA-77BAF103D523}" => Key deleted successfully.
C:\Windows\System32\Tasks\avayvaxvaa not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvaxvaa" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F6CE88C-9141-490F-86DD-3B42702A516F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F6CE88C-9141-490F-86DD-3B42702A516F}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{270CC987-AB25-41C3-9694-22D1E5C838EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{270CC987-AB25-41C3-9694-22D1E5C838EC}" => Key deleted successfully.
C:\Windows\System32\Tasks\DonutQuotes => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45CD155C-2EDD-4BBD-B881-4A68848A6C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45CD155C-2EDD-4BBD-B881-4A68848A6C91}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53C9B0F7-4EEE-452C-A2A3-88BB65E75F16}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53C9B0F7-4EEE-452C-A2A3-88BB65E75F16}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C5EFA263-DC63-43C5-8A8C-26FCA193F311} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C5EFA263-DC63-43C5-8A8C-26FCA193F311}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55107E21-1FAB-4E11-802C-F56CAF9B48EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55107E21-1FAB-4E11-802C-F56CAF9B48EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\SearchSnacks Auto Updater 1.10.0.5 Pending Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SearchSnacks Auto Updater 1.10.0.5 Pending Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CEDF6EA-39DC-4B75-B84B-E0385306490A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CEDF6EA-39DC-4B75-B84B-E0385306490A}" => Key deleted successfully.
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64E09980-94C1-4351-A8F5-7A0A76763671}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64E09980-94C1-4351-A8F5-7A0A76763671}" => Key deleted successfully.
C:\Windows\System32\Tasks\DriverRestore_DailyScan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverRestore_DailyScan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CC812EA-A94F-4577-A460-DD9FEC2FD070}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CC812EA-A94F-4577-A460-DD9FEC2FD070}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3916FB30-1D1B-4EEB-93E7-EA26E9C85BAC} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3916FB30-1D1B-4EEB-93E7-EA26E9C85BAC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EC57F4E-A7C9-45DC-927D-92C2384588F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EC57F4E-A7C9-45DC-927D-92C2384588F4}" => Key deleted successfully.
C:\Windows\System32\Tasks\DriverRestore_ScheduledScan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverRestore_ScheduledScan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84E6CCF4-D432-4C68-A7E1-664557CAA51D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84E6CCF4-D432-4C68-A7E1-664557CAA51D}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89E99110-5367-4FB9-A093-9A714AF26076}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89E99110-5367-4FB9-A093-9A714AF26076}" => Key deleted successfully.
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_3534343030393132372d2d55506c2a5a55576c412334 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_3534343030393132372d2d55506c2a5a55576c412334" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B6BFEE7-D685-4327-A90A-053AB2C2838F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B6BFEE7-D685-4327-A90A-053AB2C2838F}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2E4DCF2-9547-422A-8C2A-432C9F6A2354} => Key not found. 
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5CC1119-4A3C-4168-B9DB-29BFB8A63BEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5CC1119-4A3C-4168-B9DB-29BFB8A63BEE}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMWUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B331AFB7-F299-4FAA-BFF6-06B1E1F5B4BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B331AFB7-F299-4FAA-BFF6-06B1E1F5B4BB}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_3534343030393132372d78782345572a4a3441325057 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3534343030393132372d78782345572a4a3441325057" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B385544D-1193-438C-8291-133CB596D553}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B385544D-1193-438C-8291-133CB596D553}" => Key deleted successfully.
C:\Windows\System32\Tasks\UNELEVATE_18080 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_18080" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB1B31AE-1C5F-4290-A03B-A2B0555AC30B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB1B31AE-1C5F-4290-A03B-A2B0555AC30B}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB187E49-115F-41A3-B7EC-FEEA1FB6A379}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB187E49-115F-41A3-B7EC-FEEA1FB6A379}" => Key deleted successfully.
C:\Windows\System32\Tasks\CleanerPro_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CleanerPro_Popup" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4656973-7430-4DDE-94D2-177E4685785F} => Key not found. 
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5B48B08-70DD-4EED-AC7A-C868922CB34F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5B48B08-70DD-4EED-AC7A-C868922CB34F}" => Key deleted successfully.
C:\Windows\System32\Tasks\UNELEVATE_22256 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_22256" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD4B8332-62C6-48AA-801B-5C56C2E1D74F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD4B8332-62C6-48AA-801B-5C56C2E1D74F}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedCheck Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedCheck Update" => Key deleted successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job not found.
C:\WINDOWS\Tasks\SpeedCheck Update.job not found.
C:\ProgramData\38b2bc6477024acda7d41a3bfc14c3eb\38b2bc6477024acda7d41a3bfc14c3eb.exe => Moved successfully.
C:\Program Files (x86)\SearchSnacks_1.10.0.5 => Moved successfully.
"C:\Users\Bill\AppData\Local\avayvaxvaa\avayvaxvaa.exe" => File/Directory not found.
"C:\Program Files (x86)\donutleads" => File/Directory not found.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\ProgramData\SearchModule => Moved successfully.
"C:\Program Files (x86)\ShopperPro" => File/Directory not found.
"C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found.
"C:\Program Files\BubbleSound" => File/Directory not found.
C:\Users\Bill\AppData\Local\SmartWeb => Moved successfully.
C:\Users\Bill\AppData\Local\ospd_us_657 => Moved successfully.
"C:\Program Files (x86)\Itibiti Soft Phone" => File/Directory not found.
"C:\Program Files\Kromtech" => File/Directory not found.
"C:\Program Files (x86)\YTDownloader" => File/Directory not found.
c:\ProgramData\{A9C44107-F946-9081-48C0-E0039842338D} => Moved successfully.
"C:\Program Files (x86)\frEoe2you" => File/Directory not found.
"C:\Program Files (x86)\globalUpdate" => File/Directory not found.
"C:\Program Files\shopperz" => File/Directory not found.
 
"C:\Users\Bill\AppData\Local\Google\Chrome" directory move:
 
Could not move "C:\Users\Bill\AppData\Local\Google\Chrome" directory. => Scheduled to move on reboot.
 
 
"C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce}" directory move:
 
Could not move "C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce}" directory. => Scheduled to move on reboot.
 
C:\Users\Bill\AppData\Local\wincheck => Moved successfully.
 
"C:\Program Files (x86)\SearchProtect" directory move:
 
Could not move "C:\Program Files (x86)\SearchProtect" directory. => Scheduled to move on reboot.
 
"C:\Users\Bill\AppData\Local\ospd_us_657" => File/Directory not found.
 
"C:\Program Files (x86)\ver9SpeedCheck" directory move:
 
Could not move "C:\Program Files (x86)\ver9SpeedCheck" directory. => Scheduled to move on reboot.
 
C:\Program Files (x86)\WordProser_1.10.0.5 => Moved successfully.
 
"C:\Program Files (x86)\Solution Real" directory move:
 
Could not move "C:\Program Files (x86)\Solution Real" directory. => Scheduled to move on reboot.
 
C:\Program Files\Common Files\Goobzo => Moved successfully.
C:\ProgramData\PicColor Utility => Moved successfully.
"C:\Users\Bill\AppData\Local\wincheck" => File/Directory not found.
"c:\Program Files (x86)\EngineRunner" => File/Directory not found.
c:\Program Files (x86)\Optimizer Pro 3.31 => Moved successfully.
C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys => Moved successfully.
C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys => Moved successfully.
C:\Windows\System32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys => Moved successfully.
C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys => Moved successfully.
"C:\Windows\system32\drivers\cherimoya.sys" => File/Directory not found.
"C:\WINDOWS\system32\drivers\SPPD.sys" => File/Directory not found.
"C:\WINDOWS\system32\drivers\ssnfd_1_10_0_5.sys" => File/Directory not found.
C:\ProgramData\MakeMarkerFile.exe => Moved successfully.
C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 14 while it has its media disconnected.
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 14:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::1d4d:1e19:d60:c48d%3
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 14 while it has its media disconnected.
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 14:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::1d4d:1e19:d60:c48d%3
   IPv4 Address. . . . . . . . . . . : 172.27.35.130
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.27.35.1
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {BD87E2CE-A1A4-40DC-A038-6A6B33C167A6}.
Unable to cancel {C1F6B13A-D2AC-40DE-85A6-7D3B57DCFFFB}.
Unable to cancel {6993EC30-9ABC-4DEC-96C8-993DC250738E}.
Unable to cancel {3109C06C-CE95-469D-82C1-18AA092D7D1B}.
Unable to cancel {DF7C89A2-073E-4E26-A913-5A0B52406193}.
Unable to cancel {EC2070C9-6964-4772-A91D-34C731F89EC6}.
Unable to cancel {FEFF7D77-C8F9-49C6-A365-93523DA45B01}.
Unable to cancel {5884D52F-191B-47BA-8C5D-9C6AD6950B9B}.
Unable to cancel {B9972A7E-65B5-4BF7-87FE-1F520CBCE7B1}.
Unable to cancel {2C9E5C80-C989-4006-B502-FF58632530F4}.
Unable to cancel {52D55729-2DC1-458F-AFF4-5EDD36AA62D3}.
Unable to cancel {EECB17A0-06D1-4A8C-949B-FA7E784FC41F}.
Unable to cancel {4DF20174-3F19-44A3-B565-0EE8E2FFED83}.
Unable to cancel {EEC68874-E3CF-4EA7-99EE-3CFE288155EF}.
Unable to cancel {2716589E-3597-4AF2-955E-A20E465373E3}.
Unable to cancel {02E70399-98EA-4DCB-AAD2-C3902FC5F2EA}.
Unable to cancel {D7E7CFE0-EDA5-440B-980D-D1AB7D49491D}.
Unable to cancel {09B0CFCD-0597-473A-BD3E-41B3F7005AE2}.
0 out of 18 jobs canceled.
 
========= End of CMD: =========
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-16 14:28:25)<=
 
==> ATTENTION: System is not rebooted.
C:\Program Files (x86)\ver9SpeedCheck => Moved successfully.
C:\Program Files (x86)\Solution Real => Is moved successfully.
C:\Program Files (x86)\SearchProtect => Is moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome => Moved successfully.
C:\ProgramData\{b200f4f3-87a5-88de-b200-0f4f387ad3ce} => Moved successfully.
C:\Program Files (x86)\SearchProtect => Is moved successfully.
C:\Program Files (x86)\ver9SpeedCheck => Is moved successfully.
C:\Program Files (x86)\Solution Real => Is moved successfully.
 
==== End of Fixlog 14:28:25 ====

  • 0

#6
frobey
Posted 16 March 2015 - 01:00 PM

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Here is ADWCleaner log

 

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 12:42:11
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Bill - MYPC
# Running from : C:\Users\Bill\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : CltMngSvc
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : SMUpd
Service Deleted : SMUpdd
Service Deleted : SPPD
Service Deleted : ColorMedia
Service Deleted : PicColor Service
Service Deleted : wpnfd_1_10_0_5
Service Deleted : wpsvc_1.10.0.5
[#] Service Deleted : Update Solution Real
Service Deleted : webinstrNHKT
[#] Service Deleted : cherimoya
[#] Service Deleted : BrsHelper
[#] Service Deleted : ssnfd_1_10_0_5
[#] Service Deleted : Util Solution Real
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\PicColorData
Folder Deleted : C:\ProgramData\Kromtech
Folder Deleted : C:\ProgramData\donutleads
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Downloader
Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39EI
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\speed browser
Folder Deleted : C:\Program Files (x86)\Solution Real
Folder Deleted : C:\Program Files (x86)\Media Downloader
Folder Deleted : C:\Program Files (x86)\Clip-High_D_06
Folder Deleted : C:\Users\Bill\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Bill\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Bill\AppData\Local\speed browser
Folder Deleted : C:\Users\Bill\AppData\Local\Vosteran
Folder Deleted : C:\Users\Bill\AppData\Local\Kromtech
Folder Deleted : C:\Users\Bill\AppData\Local\CleanerPro
Folder Deleted : C:\Users\Bill\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Bill\AppData\LocalLow\Clip-High_D_06
Folder Deleted : C:\Users\Bill\AppData\Roaming\SoftwareUpdater
Folder Deleted : C:\Users\Bill\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Bill\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Bill\AppData\Roaming\WSE_Vosteran
Folder Deleted : C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
File Deleted : C:\END
File Deleted : C:\WINDOWS\SysWOW64\ColorMedia.dll
File Deleted : C:\WINDOWS\System32\drivers\wpnfd_1_10_0_5.sys
File Deleted : C:\WINDOWS\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
File Deleted : C:\WINDOWS\System32\drivers\webinstrNHKT.sys
File Deleted : C:\Users\Bill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
 
***** [ Scheduled tasks ] *****
 
Task Deleted : CleanerPro_Start
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Bill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Bill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep
Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep.1
Key Deleted : HKLM\SOFTWARE\Classes\Pe6b4b812_6750_4ce1_939b_3f7263461be2_.Pe6b4b812_6750_4ce1_939b_3f7263461be2_
Key Deleted : HKLM\SOFTWARE\Classes\Pe6b4b812_6750_4ce1_939b_3f7263461be2_.Pe6b4b812_6750_4ce1_939b_3f7263461be2_.9
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Solution Real
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Solution Real
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5a601a1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e6b4b812-6750-4ce1-939b-3f7263461be2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611181172}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622182272}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902265}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1bb456da-878f-44a5-b013-4bfe0ae02fce}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655185572}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905565}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666186672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906665}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D0F8586-7AD5-44A7-BD3D-31E63B3F18D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644184472}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904465}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{88e14f4a-b9ff-4d14-8fba-af56edd73a5c}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611181172}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1bb456da-878f-44a5-b013-4bfe0ae02fce}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611181172}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1bb456da-878f-44a5-b013-4bfe0ae02fce}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e6b4b812-6750-4ce1-939b-3f7263461be2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26de1dd6-304f-4677-b863-bf4c96fffb52}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a0f4a726-3c71-4cdd-8bff-d23319b5c75b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1e3a61b-3390-4647-a368-b4d2c349cb28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fafbe963-3646-423f-aa2f-adae68d35ad6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{e6b4b812-6750-4ce1-939b-3f7263461be2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622182272}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902265}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655185572}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905565}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666186672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906665}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26de1dd6-304f-4677-b863-bf4c96fffb52}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a0f4a726-3c71-4cdd-8bff-d23319b5c75b}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1e3a61b-3390-4647-a368-b4d2c349cb28}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fafbe963-3646-423f-aa2f-adae68d35ad6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKCU\Software\Vosteran Browser
Key Deleted : HKCU\Software\WSE_Vosteran
Key Deleted : HKCU\Software\Solution Real
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\GameHug_Arcade
Key Deleted : HKCU\Software\GameHugArcadeApp
Key Deleted : HKCU\Software\DesktopDockApp
Key Deleted : HKCU\Software\CommunityCrawlingService
Key Deleted : HKCU\Software\Clip-High_D_06
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKCU\Software\AppDataLow\Software\Clip-High_D_06
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\EZ Software Updater
Key Deleted : HKLM\SOFTWARE\firstsearch
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\MapsGalaxy_39EI
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\PicColor Utility
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\WordProser_1.10.0.5
Key Deleted : HKLM\SOFTWARE\Solution Real
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\CommunityCrawlingService
Key Deleted : HKLM\SOFTWARE\Clip-High_D_06
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PicColor Utility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordProser_1.10.0.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Downloader_is1
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\DriverRestore
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\PicColor Utility
Key Deleted : [x64] HKLM\SOFTWARE\BubbleSound
Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Restore
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v
 
[C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=96AE2477-7DFA-4D64-94B1-4FD3263C9BE0&n=780b5f49&ind=2014011209&p2=^UX^xdm002^YYA^us&si=COXaoMnv-LsCFSUOOgodO1AAKg
[C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=96AE2477-7DFA-4D64-94B1-4FD3263C9BE0&n=780b5f49&ind=2014011209&p2=^UX^xdm002^YYA^us&si=COXaoMnv-LsCFSUOOgodO1AAKg
[C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_15_03_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0F0EtByE0FyDyC0DzytAtN0D0Tzu0StCtCtDzytN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0E0B0D0ByE0E0BtGtByE0B0CtGtAtA0DyBtG0E0Fzy0CtGtAyBtDtD0AtDyBzyyBtAtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0BtAyC0FtB0AtGyE0EyDzztGyE0DyEtBtGzyyDyC0DtGzyyBzytCzy0BtDzy0F0EtCtB2Q&cr=582010452&ir=
[C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_15_03_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0F0EtByE0FyDyC0DzytAtN0D0Tzu0StCtCtDzytN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0E0B0D0ByE0E0BtGtByE0B0CtGtAtA0DyBtG0E0Fzy0CtGtAyBtDtD0AtDyBzyyBtAtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0BtAyC0FtB0AtGyE0EyDzztGyE0DyEtBtGzyyDyC0DtGzyyBzytCzy0BtDzy0F0EtCtB2Q&cr=582010452&ir=
[C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-searching.com/search.aspx?s=F24ztutdk0000,b57bcafa-b1d1-43dc-884a-1df2f0bb76f8,&q={searchTerms}
[C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-searching.com/search.aspx?s=F24ztutdk0000,b57bcafa-b1d1-43dc-884a-1df2f0bb76f8,&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [27509 bytes] - [16/03/2015 12:34:01]
AdwCleaner[S0].txt - [26315 bytes] - [16/03/2015 12:42:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26375  bytes] ##########

  • 0

#7
frobey
Posted 16 March 2015 - 01:20 PM

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

It really doesn't want me to post the rerun FRST log..keeps hanging at "saving post"...and killing my Chrome pages...here is the addition log and I'll keep trying to post the FRST log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Bill at 2015-03-16 14:32:06
Running from C:\Users\Bill\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{403A4E7A-D239-04D8-6A3D-31DD203C018D}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Cisco Linksys AE6000 Driver (HKLM-x32\...\{02221266-B345-4544-A5C3-A995520E774D}) (Version: 1.1.0.3 - Cisco Consumer Products LLC)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Help Desk (HKLM\...\{18BB06D9-8518-48E5-88F7-5AE1DF02546B}) (Version: 1.0.6 - Samsung Electronics CO., LTD.)
HP ENVY 5530 series Basic Device Software (HKLM\...\{24284F3A-B8F3-4123-AE25-2B6D1BEC524C}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
OneSoftPerDay 025.657 (HKLM-x32\...\ospd_us_657_is1) (Version:  - ONESOFTPERDAY)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlusHD Q-9.1V14.01 (HKLM-x32\...\PlusHD Q-9.1V14.01) (Version: 1.36.01.08 - PlusHD Q-9.1V14.01)
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{F0F71D41-68E3-4721-BD66-E684F9B4A87B}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.7.2 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SpeedCheck (HKLM-x32\...\0FE96EBF-28D5-C985-634A-C147091FE3F9) (Version:  - SpeedCheck-software) <==== ATTENTION
Support Center (HKLM\...\{73280CF7-9471-4FB6-B018-E5FD7A09F1AF}) (Version: 2.0.13 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.5 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{20F96D9A-41A4-4EFA-997B-B972F0E1E26A}) (Version: 2.0.24 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{C7588111-1A12-4EFE-8CA0-DA4344480D92}) (Version: 1.4.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
28-02-2015 19:13:17 Windows Update
15-03-2015 14:25:05 Windows Update
15-03-2015 18:33:21 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {10A298B7-5547-4390-BC2E-B98AE06835A2} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC)
Task: {193B0360-F846-4F28-9AD9-CD8DFACC702B} - \Logon_Trigger_WPS_Mon_Task No Task File <==== ATTENTION
Task: {5543F907-D8C0-4F68-B45E-41C6B07C636C} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {5B5FD57E-CA47-4F07-95AD-6217F8287E44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6BBB2931-1304-4A04-938C-2BC5167ADD72} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {A7F2CC81-532F-4B81-BFFE-5082DA7E7943} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A7F9BEDA-BE22-4E49-B5FA-F3F7B7150DEE} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {B849690A-86E9-4BC3-A5B3-E774B584E504} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-03] (Samsung Electronics CO., LTD.)
Task: {BDE88742-ED76-4600-ABC5-EBD90B6CA4FA} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {C1485452-FB47-439D-ABB8-9757B76D426D} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {C1EC5572-F8EE-46A5-9570-D4E4EC9B9B2C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {C9C798AB-3770-49F0-8C86-873C56BAAA01} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-17] (Samsung Electronics CO., LTD.)
Task: {FD5723C6-22EF-4A07-803E-6B3435E20299} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-09-05 03:50 - 2012-09-05 03:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-10-31 07:55 - 2012-10-31 07:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-31 07:57 - 2012-10-31 07:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-10-14 11:08 - 2012-10-14 11:08 - 04237944 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-09-05 03:50 - 2012-09-05 03:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 03:50 - 2012-09-05 03:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill\Pictures\2012-02-19 001\DSCF9157.JPG
DNS Servers: 31.168.228.244 - 82.166.96.242
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\StartupApproved\Run: => "Itibiti.exe"
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\StartupApproved\Run: => "PCKeeper2"
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\StartupApproved\Run: => "Super Optimizer"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2961404673-414218333-4232183137-500 - Administrator - Disabled)
Bill (S-1-5-21-2961404673-414218333-4232183137-1001 - Administrator - Enabled) => C:\Users\Bill
Guest (S-1-5-21-2961404673-414218333-4232183137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2961404673-414218333-4232183137-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/16/2015 01:15:07 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (1908) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (03/16/2015 00:50:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53087867
Exception code: 0xc0000005
Fault offset: 0x000000000000f5dd
Faulting process id: 0x128
Faulting application start time: 0xsvchost.exe_ProfSvc0
Faulting application path: svchost.exe_ProfSvc1
Faulting module path: svchost.exe_ProfSvc2
Report Id: svchost.exe_ProfSvc3
Faulting package full name: svchost.exe_ProfSvc4
Faulting package-relative application ID: svchost.exe_ProfSvc5
 
Error: (03/16/2015 00:33:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 11.3.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 450
 
Start Time: 01d05f70051d8089
 
Termination Time: 15
 
Application Path: C:\Users\Bill\Desktop\FRST64.exe
 
Report Id: 2c23d75c-cbfa-11e4-bedf-50b7c3b857f2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/15/2015 06:33:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0b3ec5a9-5bf0-405a-9082-6270eecb6cea}
 
Error: (03/15/2015 06:24:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x188
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (03/15/2015 06:23:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x11b0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (03/15/2015 06:23:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x1870
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (03/15/2015 03:28:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process id: 0x454
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report Id: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5
 
Error: (03/15/2015 03:15:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0xb24
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (03/15/2015 02:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process id: 0x6bc
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report Id: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5
 
 
System errors:
=============
Error: (03/16/2015 01:13:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (03/16/2015 01:13:09 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (03/16/2015 00:53:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (03/16/2015 00:51:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/16/2015 00:51:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/16/2015 00:51:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/16/2015 00:51:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/16/2015 00:51:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/16/2015 00:51:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/16/2015 00:51:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/16/2015 01:15:07 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail1908WindowsMail0:
 
Error: (03/16/2015 00:50:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_ProfSvc6.3.9600.163845215dfe3combase.dll6.3.9600.1703153087867c0000005000000000000f5dd12801d05f55e851121fC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\combase.dll957a64c3-cbfc-11e4-bedf-50b7c3b857f2
 
Error: (03/16/2015 00:33:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe11.3.2015.045001d05f70051d808915C:\Users\Bill\Desktop\FRST64.exe2c23d75c-cbfa-11e4-bedf-50b7c3b857f2
 
Error: (03/15/2015 06:33:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0b3ec5a9-5bf0-405a-9082-6270eecb6cea}
 
Error: (03/15/2015 06:24:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c18801d05f6ec6f943d3C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll0b17ac82-cb62-11e4-bedf-50b7c3b857f2
 
Error: (03/15/2015 06:23:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c11b001d05f6eab633544C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dllec6a0ec2-cb61-11e4-bedf-50b7c3b857f2
 
Error: (03/15/2015 06:23:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c187001d05f6e9dee0db8C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dlle17fcad9-cb61-11e4-bedf-50b7c3b857f2
 
Error: (03/15/2015 03:28:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc45401d05f5612991951C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe80454cbc-cb49-11e4-bedf-50b7c3b857f2
 
Error: (03/15/2015 03:15:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39cb2401d05f545fc3f109C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dllaaf191ae-cb47-11e4-bede-50b7c3b857f2
 
Error: (03/15/2015 02:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc6bc01d05f4e6ca89e13C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.execdbfa115-cb41-11e4-bede-50b7c3b857f2
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-16 13:12:22.203
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\RadioHIDMini.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-16 06:11:15.873
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 06:11:15.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 06:11:15.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 06:11:15.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 06:11:14.936
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 06:11:14.654
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 06:11:14.295
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 06:11:13.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 06:11:13.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 17%
Total physical RAM: 5595.1 MB
Available physical RAM: 4622.07 MB
Total Pagefile: 6491.1 MB
Available Pagefile: 5326.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:440.17 GB) (Free:370.08 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Edited by frobey, 16 March 2015 - 01:20 PM.

  • 0

#8
Essexboy
Posted 16 March 2015 - 01:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problems with multiple posts. FRST was hanging on emptying temp files so there is probably a lot of junk there

We will clear that with this small programme

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
I believe windows files are now in the majority :)

Two further scans I feel to ensure that nothing is hiding
How is the computer behaving at the moment ?

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Could you run one further scan please with FRST, no need for an additions this time just the standard scan
  • 0

#9
frobey
Posted 16 March 2015 - 02:33 PM

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

I ran TFC, asmbr and another FRST scan. I tried to send the update from IE on the laptop but it went to http://systemsecurit...om/warning.html and said "Firewall alert, call 1-877-525-5644 immediately"

 

So I think it still has some issues :-)

 

Here are the files you requested

 

aswmbr log

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-03-16 15:45:42
-----------------------------
15:45:42.176    OS Version: Windows x64 6.2.9200 
15:45:42.176    Number of processors: 2 586 0x1001
15:45:42.176    ComputerName: MYPC  UserName: Bill
15:45:45.942    Initialize success
15:45:46.052    VM: initialized successfully
15:45:46.052    VM: Amd CPU supported 
15:57:16.743    AVAST engine defs: 15031600
15:57:26.528    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000001e
15:57:26.544    Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA50A Size: 0MB BusType: 11
15:57:26.778    Disk 0 MBR read successfully
15:57:26.778    Disk 0 MBR scan
15:57:26.794    Disk 0 unknown MBR code
15:57:26.810    Disk 0 MBR hidden
15:57:26.810    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
15:57:29.888    Disk 0 statistics 1633/0/0 @ 1.96 MB/s
15:57:29.888    Scan stopped
15:57:36.739    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000001e
15:57:36.739    Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA50A Size: 0MB BusType: 11
15:57:37.458    Disk 0 MBR read successfully
15:57:37.458    Disk 0 MBR scan
15:57:37.473    Disk 0 unknown MBR code
15:57:37.489    Disk 0 MBR hidden
15:57:37.505    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
15:57:37.692    Disk 0 scanning C:\WINDOWS\system32\drivers
15:58:02.508    Service scanning
15:59:02.624    Modules scanning
15:59:02.624    Disk 0 trace - called modules:
15:59:02.655    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 
15:59:02.670    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001625b3710]
15:59:02.686    3 CLASSPNP.SYS[fffff800d2623170] -> nt!IofCallDriver -> [0xffffe00162565040]
15:59:02.686    5 amdxata.sys[fffff800d1d296b4] -> nt!IofCallDriver -> \Device\0000001e[0xffffe00162569060]
15:59:03.979    AVAST engine scan C:\WINDOWS
15:59:17.950    AVAST engine scan C:\WINDOWS\system32
16:05:59.157    AVAST engine scan C:\WINDOWS\system32\drivers
16:06:29.265    AVAST engine scan C:\Users\Bill
16:06:36.327    File: C:\Users\Bill\AppData\Local\Installer\Install_11113\DCytdkietut_tutdk_setup.exe  **INFECTED** Win32:GenMaliciousA-FRD [Adw]
16:06:36.843    File: C:\Users\Bill\AppData\Local\Installer\Install_31736\DCytdkietut_tutdk_setup.exe  **INFECTED** Win32:GenMaliciousA-FRD [Adw]
16:08:15.556    File: C:\Users\Bill\Downloads\FLVPlayer-Chrome.exe  **INFECTED** Win32:Adware-gen [Adw]
16:11:00.875    AVAST engine scan C:\ProgramData
16:21:28.780    Disk 0 statistics 3555774/0/0 @ 2.46 MB/s
16:21:28.796    Scan finished successfully
16:22:06.798    Disk 0 MBR has been saved successfully to "C:\Users\Bill\Desktop\MBR.dat"
16:22:06.814    The log file has been saved successfully to "C:\Users\Bill\Desktop\aswMBR.txt"

  • 0

#10
Essexboy
Posted 16 March 2015 - 02:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep AswMBR has found some more so lets kill them and then run a fresh FRST scan

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Users\Bill\AppData\Local\Installer\Install_11113
C:\Users\Bill\AppData\Local\Installer\Install_31736
C:\Users\Bill\Downloads\FLVPlayer-Chrome.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

Advertisements

#11
frobey
Posted 16 March 2015 - 03:21 PM

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Here is my fixlist log and maybe the FRST log (it would never finish posting the last one)...I tried once again to update this from the laptop but couldn't. This time IE went to safedownloadsrus127.com and told me I needed to update my JAVA immediately...I did reboot the laptop after running FRST fix...

 

fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Bill at 2015-03-16 16:49:11 Run:2
Running from C:\Users\Bill\Desktop
Loaded Profiles: Bill (Available profiles: Bill)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
C:\Users\Bill\AppData\Local\Installer\Install_11113
C:\Users\Bill\AppData\Local\Installer\Install_31736
C:\Users\Bill\Downloads\FLVPlayer-Chrome.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
 
*****************
 
Restore point was successfully created.
C:\Users\Bill\AppData\Local\Installer\Install_11113 => Moved successfully.
C:\Users\Bill\AppData\Local\Installer\Install_31736 => Moved successfully.
C:\Users\Bill\Downloads\FLVPlayer-Chrome.exe => Moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {BD87E2CE-A1A4-40DC-A038-6A6B33C167A6}.
Unable to cancel {C1F6B13A-D2AC-40DE-85A6-7D3B57DCFFFB}.
Unable to cancel {6993EC30-9ABC-4DEC-96C8-993DC250738E}.
Unable to cancel {D7E7CFE0-EDA5-440B-980D-D1AB7D49491D}.
0 out of 4 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 356.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:50:00 ====

  • 0

#12
Essexboy
Posted 16 March 2015 - 03:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the FRST please
  • 0

#13
frobey
Posted 16 March 2015 - 03:26 PM

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Here is the FRST file...sorry I had to attach it rather than paste it...

Attached Files

  • Attached File  FRST.txt   460.77KB   224 downloads

  • 0

#14
Essexboy
Posted 16 March 2015 - 03:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We are making some good progress here, what I will do now is reset your network to default

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:


CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-03-16 13:17 - 2015-03-16 16:41 - 00000000 ____D () C:\ProgramData\WinClon
2015-03-03 20:02 - 2015-03-03 20:02 - 00000000 ____D () C:\Program Files (x86)\JavaScript Notepad
2015-03-15 18:38 - 2012-11-14 02:12 - 00000000 ____D () C:\Users\EasySurvey
2015-03-15 18:36 - 2015-02-04 09:49 - 00000000 ____D () C:\ProgramData\38b2bc6477024acda7d41a3bfc14c3eb
2015-01-15 10:22 - 2015-01-15 10:22 - 0022528 _____ () C:\Users\Bill\AppData\Local\dsisetup22337032.exe
2014-11-18 17:56 - 2014-11-18 17:56 - 0000000 _____ () C:\Users\Bill\AppData\Local\{14715840-CEAE-46D1-BF63-B9A253D2C280}
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#15
frobey
Posted 16 March 2015 - 08:51 PM

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

First time I've been able to do an update from the laptop so we're definitely getting there...malwarebytes found 5 malware and 65 non malware. All have been quarantined...laptop restarts really quickly (was taking 5 minutes or more to come up, no messages anymore about being infected no matter how many browser windows I open up.)

 

Here is the fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Bill at 2015-03-16 17:49:58 Run:3
Running from C:\Users\Bill\Desktop
Loaded Profiles: Bill (Available profiles: Bill)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-03-16 13:17 - 2015-03-16 16:41 - 00000000 ____D () C:\ProgramData\WinClon
2015-03-03 20:02 - 2015-03-03 20:02 - 00000000 ____D () C:\Program Files (x86)\JavaScript Notepad
2015-03-15 18:38 - 2012-11-14 02:12 - 00000000 ____D () C:\Users\EasySurvey
2015-03-15 18:36 - 2015-02-04 09:49 - 00000000 ____D () C:\ProgramData\38b2bc6477024acda7d41a3bfc14c3eb
2015-01-15 10:22 - 2015-01-15 10:22 - 0022528 _____ () C:\Users\Bill\AppData\Local\dsisetup22337032.exe
2014-11-18 17:56 - 2014-11-18 17:56 - 0000000 _____ () C:\Users\Bill\AppData\Local\{14715840-CEAE-46D1-BF63-B9A253D2C280}
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:

*****************

Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\WinClon => Moved successfully.
C:\Program Files (x86)\JavaScript Notepad => Moved successfully.
C:\Users\EasySurvey => Moved successfully.
C:\ProgramData\38b2bc6477024acda7d41a3bfc14c3eb => Moved successfully.
C:\Users\Bill\AppData\Local\dsisetup22337032.exe => Moved successfully.
C:\Users\Bill\AppData\Local\{14715840-CEAE-46D1-BF63-B9A253D2C280} => Moved successfully.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ip reset c:\resetlog.txt =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  ipconfig /release =========

Windows IP Configuration

No operation can be performed on Local Area Connection* 14 while it has its media disconnected.
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::1d4d:1e19:d60:c48d%3
   Default Gateway . . . . . . . . . :

========= End of CMD: =========

=========  ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Local Area Connection* 14 while it has its media disconnected.
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::1d4d:1e19:d60:c48d%3
   IPv4 Address. . . . . . . . . . . : 172.27.35.130
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.27.35.1

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

EmptyTemp: => Removed 73.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 17:50:53 ====


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP