I have been letting my son use my pc and now I keep getting all these pop ups and it is very slow. Superantispyware and windows defender
don't remove it. Please advise.
Brenda
Help I think I have that saleplus malware on my pc. pop ups are out of
Started by
Brenda50
, Apr 15 2015 10:45 AM
malware pop ups
-
This topic is locked
#1
Posted 15 April 2015 - 10:45 AM
Brenda50
-
- Member
-
- 30 posts
Member
#2
Posted 15 April 2015 - 01:11 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi there lets have a look see 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Select additions at the bottom
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please post both logs generated.
Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
#3
Posted 15 April 2015 - 05:08 PM
Brenda50
- Topic Starter
-
- Member
-
- 30 posts
Member
Thank you for your response. Here are the Frst.txt and additional you asked for
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by Presbyterian (administrator) on HOME-PC on 15-04-2015 18:53:22
Running from C:\Users\Presbyterian\Desktop
Loaded Profiles: Presbyterian (Available profiles: Presbyterian & Guest)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
() C:\Program Files\pcmax\pcmax.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2012-05-14] (Analog Devices, Inc.)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [131072 2007-07-12] (Saitek)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79864 2014-05-25] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\...\MountPoints2: {d5a929cc-5917-11e3-a243-806e6f6e6963} - D:\autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dregol.co...r=691625700&ir=
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
URLSearchHook: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://www.dregol.co...r=691625700&ir=
SearchScopes: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://search.yahoo....erms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://www.dregol.co...r=691625700&ir=
BHO: bestadblocker -> {06f7303a-9d3a-4f06-9367-f9eb637e416d} -> C:\Program Files\bestadblocker\vDRzk5TWTTCsea.dll [2015-04-08] ()
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File []
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Profile 1 ->
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]
CHR Profile: C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-14]
CHR Extension: (Google Drive) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (Google Search) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Ripple Emulator ) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc [2015-04-08]
CHR Extension: (dregol New Tab) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2015-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Presbyterian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-14]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.goo...ice/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-01-29] (SUPERAntiSpyware.com)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [249024 2014-05-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 2310_00; C:\Windows\system32\drivers\2310_00.sys [135200 2009-06-12] (HighPoint Technologies, Inc.)
S3 272x_1x; C:\Windows\system32\drivers\272x_1x.sys [557888 2012-04-24] (HighPoint Technologies, Inc.)
S3 274x_3x; C:\Windows\system32\drivers\274x_3x.sys [196928 2012-04-24] (HighPoint Technologies, Inc.)
S3 ahcix86; C:\Windows\system32\drivers\ahcix86.sys [214096 2010-09-23] (Advanced Micro Devices, Inc)
S3 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [184120 2009-07-07] (Advanced Micro Devices, Inc)
S3 amd_sata; C:\Windows\system32\drivers\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices)
S3 arcm_x86; C:\Windows\system32\drivers\arcm_x86.sys [43552 2009-11-08] (ARECA Technology Corporation)
S3 asahci32; C:\Windows\system32\drivers\asahci32.sys [43104 2012-01-06] (Asmedia Technology)
S3 b06diag; C:\Windows\system32\drivers\bxdiagx.sys [75816 2012-03-08] (Broadcom Corporation)
S3 BFN7x86; C:\Windows\system32\drivers\Xeno7x86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 BFNVis32; C:\Windows\system32\drivers\XenoVx86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [150568 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [435240 2012-02-22] (Broadcom Corporation)
S3 DC133; C:\Windows\system32\drivers\DC133.sys [36328 2011-05-02] (Dawicontrol GmbH)
S3 DC150; C:\Windows\system32\drivers\DC150.sys [36824 2011-05-02] (Dawicontrol GmbH)
S3 DC154; C:\Windows\system32\drivers\DC154.sys [44376 2011-05-02] (Dawicontrol GmbH)
S3 DC300e; C:\Windows\system32\drivers\DC300e.sys [37272 2011-05-02] (Dawicontrol GmbH)
R0 DC324e; C:\Windows\System32\drivers\DC324e.sys [45816 2011-05-02] (Dawicontrol GmbH)
S3 DC3410; C:\Windows\system32\drivers\DC3410.sys [44360 2011-05-02] (Dawicontrol GmbH)
R0 DC4300; C:\Windows\System32\drivers\DC4300.sys [44392 2011-05-02] (Dawicontrol GmbH)
S3 DC600e; C:\Windows\system32\drivers\DC600e.sys [37752 2011-05-02] (Dawicontrol GmbH)
S3 hptiop; C:\Windows\system32\drivers\hptiop.sys [15008 2009-04-28] (HighPoint Technologies, Inc.)
S3 hptmv; C:\Windows\system32\drivers\hptmv.sys [71968 2006-09-27] (HighPoint Technologies, Inc.)
S3 hptmv6; C:\Windows\system32\drivers\hptmv6.sys [120352 2007-11-01] (HighPoint Technologies, Inc.)
S3 iaStorA; C:\Windows\system32\drivers\iaStorA.sys [477616 2012-03-15] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [21936 2012-03-31] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [563632 2012-03-31] (Intel Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x32.sys [300304 2011-11-30] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X32.sys [69392 2011-11-30] (Intel® Corporation)
S3 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36552 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\Windows\System32\Drivers\qd26032.sys [37576 2009-11-16] (Intel Corporation)
S3 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35608 2008-05-14] (ITE Tech. Inc.)
S3 iteraid; C:\Windows\system32\drivers\iteraid.sys [29184 2007-05-01] (ITE Tech. Inc.)
S3 JRAID; C:\Windows\system32\drivers\jraid.sys [103512 2011-05-19] (JMicron Technology Corp.)
S3 m5287; C:\Windows\system32\drivers\m5287.sys [104320 2006-07-20] (ULi Electronics Inc.) [File not signed]
S3 m5288; C:\Windows\system32\drivers\m5288.sys [211072 2006-07-19] (ULi Electronics Inc.) [File not signed]
S3 m5289; C:\Windows\system32\drivers\m5289.sys [52480 2005-07-04] (ULi Electronics Inc.)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [45864 2012-01-17] (LSI Corporation)
S3 MegaSR1; C:\Windows\system32\drivers\MegaSR1.sys [407120 2010-06-14] (LSI Corporation, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsl03559789; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F691F505-783F-493E-9400-8A75FC811162}\MpKsl03559789.sys [39464 2015-04-15] (Microsoft Corporation)
S3 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [161072 2011-05-06] (Marvell Semiconductor, Inc.)
S3 mv91cons; C:\Windows\system32\drivers\mv91cons.sys [23344 2011-11-11] (Marvell Semiconductor Inc.)
S3 mv91xx; C:\Windows\system32\drivers\mv91xx.sys [275760 2011-11-11] (Marvell Semiconductor, Inc.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 rr172x; C:\Windows\system32\drivers\rr172x.sys [101920 2007-11-01] (HighPoint Technologies, Inc.)
S3 rr174x; C:\Windows\system32\drivers\rr174x.sys [126496 2007-11-01] (HighPoint Technologies, Inc.)
S3 rr2210; C:\Windows\system32\drivers\rr2210.sys [122400 2007-11-01] (HighPoint Technologies, Inc.)
S3 rr232x; C:\Windows\system32\drivers\rr232x.sys [120352 2008-05-05] (HighPoint Technologies, Inc.)
S3 rr2340; C:\Windows\system32\drivers\rr2340.sys [128608 2009-12-31] (HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\drivers\rr2522.sys [132704 2009-12-31] (HighPoint Technologies, Inc.)
S3 rr276x; C:\Windows\system32\drivers\rr276x.sys [196928 2012-04-24] (HighPoint Technologies, Inc.)
S3 rr278x; C:\Windows\system32\drivers\rr278x.sys [196928 2012-04-24] (HighPoint Technologies, Inc.)
S3 rr62x; C:\Windows\system32\drivers\rr62x.sys [123488 2010-06-16] (HighPoint Technologies, Inc.)
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [135168 2007-07-12] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [14080 2007-07-12] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [35072 2007-07-12] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SI3112; C:\Windows\system32\drivers\SI3112.sys [69168 2007-01-26] (Silicon Image, Inc.)
S3 SI3112r; C:\Windows\system32\drivers\SI3112r.sys [110128 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\drivers\SI3114.sys [68912 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\drivers\SI3114R.sys [110384 2007-04-11] (Silicon Image, Inc)
S3 Si3114r5; C:\Windows\system32\drivers\Si3114r5.sys [209200 2007-02-07] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\drivers\SI3124.sys [76208 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [207152 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\drivers\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
S3 Si3132r5; C:\Windows\system32\drivers\Si3132r5.sys [217128 2008-10-30] (Silicon Image, Inc)
S3 Si3531; C:\Windows\system32\drivers\Si3531.sys [212520 2009-02-05] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
S3 viamraid; C:\Windows\system32\drivers\viamraid.sys [141424 2010-12-02] (VIA Technologies Inc.,Ltd)
S3 videX32; C:\Windows\system32\drivers\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.)
S0 xfilt; C:\Windows\System32\drivers\xfilt.sys [23192 2010-02-11] (VIA Technologies, Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 18:53 - 2015-04-15 18:53 - 00019391 _____ () C:\Users\Presbyterian\Desktop\FRST.txt
2015-04-15 18:53 - 2015-04-15 18:53 - 00000000 ____D () C:\FRST
2015-04-15 18:46 - 2015-04-15 18:46 - 02097664 _____ (Farbar) C:\Users\Presbyterian\Desktop\FRST64.exe
2015-04-15 18:46 - 2015-04-15 18:46 - 01137152 _____ (Farbar) C:\Users\Presbyterian\Desktop\FRST.exe
2015-04-15 12:31 - 2015-04-15 12:31 - 00468480 _____ () C:\Users\Presbyterian\Downloads\CKScanner.exe
2015-04-15 06:19 - 2015-04-15 06:25 - 85137315 _____ () C:\Users\Presbyterian\Downloads\480P_600k_28669891.mp4
2015-04-15 04:55 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 04:55 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 04:55 - 2015-03-17 01:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 04:55 - 2015-03-17 01:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 04:55 - 2015-03-17 00:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 04:55 - 2015-03-17 00:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 04:55 - 2015-03-17 00:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 04:55 - 2015-03-17 00:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 04:55 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 04:55 - 2015-03-17 00:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 04:55 - 2015-03-17 00:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 04:55 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 04:55 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 04:55 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 04:55 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 04:55 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 04:55 - 2015-03-05 00:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 04:55 - 2015-03-04 00:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 04:55 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 04:54 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 04:54 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 04:54 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 04:54 - 2015-03-12 23:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 04:54 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 04:54 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 04:54 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 04:54 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 04:54 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 04:54 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 04:54 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 04:54 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 04:54 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 04:54 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 04:54 - 2015-03-12 23:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 04:54 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 04:54 - 2015-03-12 23:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 04:54 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 04:54 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 04:54 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 04:54 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 04:54 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 04:54 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 04:54 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 04:54 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 04:54 - 2015-03-12 22:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 04:54 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 04:54 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 04:54 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 04:54 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 04:54 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 04:53 - 2015-03-24 23:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 04:53 - 2015-03-24 23:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 04:53 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 04:53 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 04:53 - 2015-03-24 23:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 04:53 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 04:53 - 2015-03-24 23:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 04:53 - 2015-03-24 23:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 04:53 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 04:53 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 04:53 - 2015-03-24 23:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 04:53 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 04:53 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 04:53 - 2015-02-24 23:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 17:36 - 2015-04-13 17:18 - 00631665 _____ () C:\Users\Presbyterian\Documents\Tyleana diploma.jpeg
2015-04-11 11:30 - 2015-04-11 11:33 - 29301853 _____ () C:\Users\Presbyterian\Downloads\240P_206K_2034850.mp4
2015-04-09 21:27 - 2015-04-09 21:27 - 00000000 ____D () C:\ProgramData\6d7669d100003e8a
2015-04-09 20:53 - 2015-04-09 20:53 - 00000000 ____D () C:\Users\Presbyterian\AppData\Local\Opera Software
2015-04-09 20:52 - 2015-04-09 20:52 - 00000000 ____D () C:\Users\Presbyterian\AppData\Roaming\Opera Software
2015-04-09 20:50 - 2015-04-09 21:23 - 00000000 ____D () C:\Program Files\Opera
2015-04-09 20:49 - 2015-04-09 20:48 - 01055936 _____ (Adobe) C:\Users\Presbyterian\Downloads\install_flash_player_13_plugin.exe
2015-04-09 20:39 - 2015-04-09 20:39 - 00830768 _____ (Software Web App ) C:\Users\Presbyterian\Downloads\adobe_flash_setup.exe
2015-04-08 20:38 - 2015-04-08 20:38 - 00000000 __RSH () C:\MSDOS.SYS
2015-04-08 20:38 - 2015-04-08 20:38 - 00000000 __RSH () C:\IO.SYS
2015-04-08 20:36 - 2015-04-08 20:36 - 00000000 ____D () C:\ProgramData\{ebf6967a-fdc6-125f-ebf6-6967afdc59eb}
2015-04-08 20:35 - 2015-04-08 20:35 - 00464384 _____ () C:\Users\Presbyterian\Downloads\ShowBox (1).exe
2015-04-08 20:28 - 2015-04-08 20:28 - 13611736 _____ (BlueStack Systems Inc.) C:\Users\Presbyterian\Downloads\BlueStacks-ThinInstaller (1).exe
2015-04-08 20:25 - 2015-04-08 20:25 - 00000000 ____D () C:\Program Files\Ripple Emulator
2015-04-08 20:25 - 2015-04-08 20:25 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-08 20:24 - 2015-04-08 20:24 - 00000000 ____D () C:\ProgramData\fjfabpckpmjjdajgmpfdgmecmcgppclp
2015-04-08 20:24 - 2015-04-08 20:24 - 00000000 ____D () C:\ProgramData\12377648289326806371
2015-04-08 20:24 - 2015-04-08 20:24 - 00000000 ____D () C:\Program Files\SealePLUs
2015-04-08 20:22 - 2015-04-08 20:22 - 00464896 _____ () C:\Users\Presbyterian\Downloads\ShowBox.exe
2015-04-08 20:22 - 2015-04-08 20:22 - 00000000 ____D () C:\ProgramData\{091f7b29-1666-6544-091f-f7b29166eca4}
2015-04-08 19:52 - 2015-04-08 19:52 - 02309572 _____ () C:\Users\Presbyterian\Downloads\showbox.apk
2015-04-08 19:36 - 2015-04-08 19:36 - 13611736 _____ (BlueStack Systems Inc.) C:\Users\Presbyterian\Downloads\BlueStacks-ThinInstaller.exe
2015-04-01 05:08 - 2015-04-01 05:08 - 00000000 ____D () C:\Users\Presbyterian\AppData\Roaming\IDM
2015-04-01 05:07 - 2015-04-01 05:07 - 04221480 _____ () C:\Users\Presbyterian\Downloads\WidevineMediaOptimizerChrome.exe
2015-03-27 19:31 - 2015-03-27 19:35 - 34880636 _____ () C:\Users\Presbyterian\Downloads\0506988.mp4
2015-03-20 09:22 - 2015-03-20 09:22 - 00000272 _____ () C:\Users\Presbyterian\Downloads\get_asx_feed.m3u
2015-03-20 09:22 - 2015-03-20 09:22 - 00000236 _____ () C:\Users\Presbyterian\Downloads\get_asx_feed (1).m3u
2015-03-19 16:05 - 2015-03-19 16:07 - 23110745 _____ () C:\Users\Presbyterian\Downloads\240P_352K_2036151.mp4
2015-03-17 22:08 - 2015-03-17 22:09 - 00013552 _____ () C:\Users\Presbyterian\Documents\grieve letter.odt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 18:52 - 2013-12-04 00:15 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 18:49 - 2014-05-27 18:50 - 00000000 ____D () C:\Program Files\Speccy
2015-04-15 18:45 - 2009-07-14 00:34 - 00031568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 18:45 - 2009-07-14 00:34 - 00031568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 18:41 - 2010-11-20 17:01 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 18:40 - 2013-05-02 14:57 - 01837676 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 18:37 - 2014-06-15 04:56 - 00067285 _____ () C:\Windows\setupact.log
2015-04-15 18:37 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 08:52 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 07:06 - 2013-12-03 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 06:58 - 2013-06-20 14:06 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 06:21 - 2014-03-01 22:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-15 06:20 - 2014-03-01 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-09 21:53 - 2014-09-26 09:41 - 00000000 ____D () C:\ProgramData\SparkTrust
2015-04-09 21:22 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-06 15:28 - 2009-07-14 00:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-04 11:56 - 2013-12-04 00:15 - 00002055 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 09:22 - 2009-07-14 00:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-16 01:48 - 2015-03-15 12:39 - 00024628 _____ () C:\Users\Presbyterian\Documents\section letter.odt
==================== Files in the root of some directories =======
2014-02-17 19:33 - 2014-02-17 19:33 - 49940480 _____ () C:\Program Files\GUTA3A0.tmp
2013-12-04 10:38 - 2013-12-04 10:38 - 0000000 _____ () C:\Users\Presbyterian\AppData\Local\AtStart.txt
2013-12-04 10:38 - 2013-12-04 10:38 - 0000000 _____ () C:\Users\Presbyterian\AppData\Local\DSwitch.txt
2014-06-21 00:24 - 2014-06-25 16:10 - 0000003 _____ () C:\Users\Presbyterian\AppData\Local\proxy.log
2013-12-04 10:38 - 2013-12-04 10:38 - 0000000 _____ () C:\Users\Presbyterian\AppData\Local\QSwitch.txt
2015-04-09 21:26 - 2015-04-09 21:26 - 0011422 _____ () C:\Users\Presbyterian\AppData\Local\Temp-log.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-11 16:09
==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by Presbyterian at 2015-04-15 18:55:05
Running from C:\Users\Presbyterian\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Canon MG6300 series On-screen Manual (HKLM\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft OneDrive (HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Saitek SD6 Programming Software 6.0.7.0 (HKLM\...\{960B5908-CB3C-439A-9BEA-1C920DD81F3C}) (Version: 6.0.7.0 - Saitek)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
System Recovery (HKLM\...\System_Recovery) (Version: - )
System Requirements Lab Detection (HKLM\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Presbyterian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Presbyterian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Presbyterian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Presbyterian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Presbyterian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Presbyterian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Presbyterian\Downloads\ShowBox (1).exe ()
CustomCLSID: HKU\S-1-5-21-1798075911-1676469755-1713155969-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Presbyterian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\FileSyncApi.dll (Microsoft Corporation)
==================== Restore Points =========================
03-04-2015 07:49:51 Windows Update
07-04-2015 07:44:01 Windows Update
08-04-2015 20:19:08 Removed BlueStacks Notification Center
09-04-2015 21:21:05 Removed BlueStacks Notification Center
11-04-2015 10:00:03 Windows Update
14-04-2015 23:44:57 Windows Update
15-04-2015 06:54:34 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {6E7D9C93-4F13-4462-8CC0-7ADBCED666AE} - System32\Tasks\{6E4C15B8-93A6-4CE5-BF84-8E95DBB391F4} => Chrome.exe http://ui.skype.com/...;page=tsInstall
Task: {71CBD9DC-7EFF-4C93-970E-9EB3D1D7D7BC} - System32\Tasks\{798D9E9B-4581-48B4-8EED-F40A9C6EB10B} => C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-05-11] (Microsoft Corp.)
Task: {818F7C25-3FEC-4EA1-AAA5-49B6DF24498C} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-25] () <==== ATTENTION
Task: {85AFD589-3F5E-453E-BF2D-550226D70E06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {8686C956-E29A-4870-BDDE-CD13DCB90A0F} - System32\Tasks\{A78CDE5D-65C8-41C5-AB31-C46A1E0C92B9} => C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-05-11] (Microsoft Corp.)
Task: {B728A82B-F99F-4FA7-9DC7-3CEEF6F00407} - System32\Tasks\{B37D8057-F0A1-4C72-8133-52D2DAC89FD1} => C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-05-11] (Microsoft Corp.)
Task: {D3779927-EA8A-40C6-BE28-332F87C76E1A} - System32\Tasks\{1E02A1C5-384A-4048-A003-A5F7E2AFD10C} => pcalua.exe -a C:\Users\Presbyterian\Downloads\wlsetup-web.exe -d C:\Users\Presbyterian\Downloads
Task: {DE1DDCAA-86A0-448A-A08B-241B156348AF} - System32\Tasks\{3C43BEC3-2262-4F08-9264-6A0627A4D87A} => C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-05-11] (Microsoft Corp.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8d0cd3660325.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfedd61718752e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0003439191b8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03f2a5a6bea8c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_C89E687D-4582-11E4-881D-002713AC33EC.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2014-05-25 06:34 - 2014-05-25 06:34 - 00249024 _____ () C:\Program Files\pcmax\pcmax.exe
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-04-04 11:56 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-04 11:56 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-04 11:56 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-04 11:56 - 2015-03-30 17:07 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Presbyterian\Documents\Tyleana diploma.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Presbyterian\Documents\Tyleana diploma.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Presbyterian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: ProfilerU => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
==================== Accounts: =============================
Administrator (S-1-5-21-1798075911-1676469755-1713155969-500 - Administrator - Disabled)
Guest (S-1-5-21-1798075911-1676469755-1713155969-501 - Administrator - Enabled) => C:\Users\Guest
Presbyterian (S-1-5-21-1798075911-1676469755-1713155969-1004 - Administrator - Enabled) => C:\Users\Presbyterian
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/15/2015 06:52:01 PM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 06:39:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/15/2015 00:52:01 PM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 00:03:49 PM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 08:52:07 AM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 08:34:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 41.0.2272.118 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: b98
Start Time: 01d077767323f9e5
Termination Time: 890
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Report Id: 8bc6e9d2-e36b-11e4-84bf-002713ac33ec
Error: (04/15/2015 08:19:47 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/15/2015 06:52:02 AM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 05:52:02 AM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 04:52:20 AM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
System errors:
=============
Error: (04/15/2015 06:49:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2146893809
Error: (04/15/2015 06:49:15 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x8009000f
Error: (04/15/2015 06:47:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2146893809
Error: (04/15/2015 06:47:40 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x8009000f
Error: (04/15/2015 06:39:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147467259
Error: (04/15/2015 06:39:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147467259
Error: (04/15/2015 06:37:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
xfilt
Error: (04/15/2015 08:36:29 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (04/15/2015 08:28:59 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (04/15/2015 08:20:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Microsoft Office Sessions:
=========================
Error: (04/15/2015 06:52:01 PM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 06:39:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/15/2015 00:52:01 PM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 00:03:49 PM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 08:52:07 AM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 08:34:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe41.0.2272.118b9801d077767323f9e5890C:\Program Files\Google\Chrome\Application\chrome.exe8bc6e9d2-e36b-11e4-84bf-002713ac33ec
Error: (04/15/2015 08:19:47 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/15/2015 06:52:02 AM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 05:52:02 AM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/15/2015 04:52:20 AM) (Source: MsiInstaller) (EventID: 10015) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Object already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 69%
Total physical RAM: 1912.27 MB
Available physical RAM: 575.42 MB
Total Pagefile: 3824.53 MB
Available Pagefile: 2215.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.33 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:148.95 GB) (Free:95.34 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C4F23008)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
#4
Posted 15 April 2015 - 05:16 PM
Brenda50
- Topic Starter
-
- Member
-
- 30 posts
Member
I don't know if I did the aswMBR right but here is the file
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-04-15 19:09:09
-----------------------------
19:09:09.899 OS Version: Windows 6.1.7601 Service Pack 1
19:09:09.900 Number of processors: 2 586 0x170A
19:09:09.902 ComputerName: HOME-PC UserName:
19:09:17.798 Initialize success
19:09:17.975 VM: initialized successfully
19:09:17.976 VM: Intel CPU BiosDisabled
19:11:26.570 The log file has been saved successfully to "C:\Users\Presbyterian\Desktop\aswMBR.txt"
#5
Posted 15 April 2015 - 05:45 PM
Brenda50
- Topic Starter
-
- Member
-
- 30 posts
Member
I tried aswMBR again and I think I got it right this time. It seems to show an infected download in the program I suspected was the problem.
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-04-15 19:09:09
-----------------------------
19:09:09.899 OS Version: Windows 6.1.7601 Service Pack 1
19:09:09.900 Number of processors: 2 586 0x170A
19:09:09.902 ComputerName: HOME-PC UserName:
19:09:17.798 Initialize success
19:09:17.975 VM: initialized successfully
19:09:17.976 VM: Intel CPU BiosDisabled
19:11:26.570 The log file has been saved successfully to "C:\Users\Presbyterian\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-04-15 19:22:00
-----------------------------
19:22:00.792 OS Version: Windows 6.1.7601 Service Pack 1
19:22:00.792 Number of processors: 2 586 0x170A
19:22:00.792 ComputerName: HOME-PC UserName:
19:22:13.459 Initialize success
19:22:48.840 AVAST engine defs: 15041501
19:23:33.986 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:23:33.986 Disk 0 Vendor: ST916041 0006 Size: 152627MB BusType: 3
19:23:34.345 Disk 0 MBR read successfully
19:23:34.345 Disk 0 MBR scan
19:23:34.361 Disk 0 Windows 7 default MBR code
19:23:34.361 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:23:34.376 Disk 0 default boot code
19:23:34.392 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
19:23:34.392 Disk 0 scanning sectors +312579760
19:23:34.470 Disk 0 scanning C:\Windows\system32\drivers
19:23:45.639 Service scanning
19:24:02.191 Modules scanning
19:24:02.191 Disk 0 trace - called modules:
19:24:02.207 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll iaStorF.sys ACPI.sys iaStor.sys
19:24:02.207 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fa2030]
19:24:02.222 3 CLASSPNP.SYS[87f8f59e] -> nt!IofCallDriver -> [0x86fa14d8]
19:24:02.222 5 hpdskflt.sys[887c9f92] -> nt!IofCallDriver -> [0x86fa1998]
19:24:02.222 7 iaStorF.sys[887b92d7] -> nt!IofCallDriver -> [0x850f9888]
19:24:02.238 9 ACPI.sys[87e3d3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85126028]
19:24:06.668 AVAST engine scan C:\Windows
19:24:10.677 AVAST engine scan C:\Windows\system32
19:26:47.567 AVAST engine scan C:\Windows\system32\drivers
19:27:05.757 AVAST engine scan C:\Users\Presbyterian
19:28:45.503 Disk 0 MBR has been saved successfully to "C:\Users\Presbyterian\Desktop\MBR.dat"
19:28:45.503 The log file has been saved successfully to "C:\Users\Presbyterian\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-04-15 19:22:00
-----------------------------
19:22:00.792 OS Version: Windows 6.1.7601 Service Pack 1
19:22:00.792 Number of processors: 2 586 0x170A
19:22:00.792 ComputerName: HOME-PC UserName:
19:22:13.459 Initialize success
19:22:48.840 AVAST engine defs: 15041501
19:23:33.986 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:23:33.986 Disk 0 Vendor: ST916041 0006 Size: 152627MB BusType: 3
19:23:34.345 Disk 0 MBR read successfully
19:23:34.345 Disk 0 MBR scan
19:23:34.361 Disk 0 Windows 7 default MBR code
19:23:34.361 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:23:34.376 Disk 0 default boot code
19:23:34.392 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
19:23:34.392 Disk 0 scanning sectors +312579760
19:23:34.470 Disk 0 scanning C:\Windows\system32\drivers
19:23:45.639 Service scanning
19:24:02.191 Modules scanning
19:24:02.191 Disk 0 trace - called modules:
19:24:02.207 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll iaStorF.sys ACPI.sys iaStor.sys
19:24:02.207 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fa2030]
19:24:02.222 3 CLASSPNP.SYS[87f8f59e] -> nt!IofCallDriver -> [0x86fa14d8]
19:24:02.222 5 hpdskflt.sys[887c9f92] -> nt!IofCallDriver -> [0x86fa1998]
19:24:02.222 7 iaStorF.sys[887b92d7] -> nt!IofCallDriver -> [0x850f9888]
19:24:02.238 9 ACPI.sys[87e3d3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85126028]
19:24:06.668 AVAST engine scan C:\Windows
19:24:10.677 AVAST engine scan C:\Windows\system32
19:26:47.567 AVAST engine scan C:\Windows\system32\drivers
19:27:05.757 AVAST engine scan C:\Users\Presbyterian
19:28:45.503 Disk 0 MBR has been saved successfully to "C:\Users\Presbyterian\Desktop\MBR.dat"
19:28:45.503 The log file has been saved successfully to "C:\Users\Presbyterian\Desktop\aswMBR.txt"
19:35:35.768 File: C:\Users\Presbyterian\Downloads\adobe_flash_setup.exe **INFECTED** Win32:Malware-gen
19:35:38.763 File: C:\Users\Presbyterian\Downloads\ShowBox (1).exe **INFECTED** Win32:Dropper-gen [Drp]
19:35:38.888 File: C:\Users\Presbyterian\Downloads\ShowBox.exe **INFECTED** Win32:Adware-gen [Adw]
19:36:49.634 AVAST engine scan C:\ProgramData
19:39:34.137 File: C:\ProgramData\{091f7b29-1666-6544-091f-f7b29166eca4}\ShowBox.exe **INFECTED** Win32:Adware-gen [Adw]
19:39:34.464 File: C:\ProgramData\{ebf6967a-fdc6-125f-ebf6-6967afdc59eb}\ShowBox (1).exe **INFECTED** Win32:Dropper-gen [Drp]
19:39:34.480 Disk 0 statistics 3105418/0/0 @ 2.13 MB/s
19:39:34.480 Scan finished successfully
19:40:11.561 Disk 0 MBR has been saved successfully to "C:\Users\Presbyterian\Desktop\MBR.dat"
19:40:11.577 The log file has been saved successfully to "C:\Users\Presbyterian\Desktop\aswMBR.txt"
thanking you in advance for your help I hope this can clear up the problem I thought I had deleted the show box program
#6
Posted 16 April 2015 - 07:40 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK lets now get at it, this will be a long fix but at the end you should nearly be back to normal
Uninstall Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome do this via control panel.
Note: When asked about user data or settings you must remove this also so please check the box.
5. We will re-install Chrome once we have finished
NEXT
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
Uninstall Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome do this via control panel.
Note: When asked about user data or settings you must remove this also so please check the box.
5. We will re-install Chrome once we have finished
NEXT
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79864 2014-05-25] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dregol.co...r=691625700&ir=
R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [249024 2014-05-25] ()
2015-04-09 21:27 - 2015-04-09 21:27 - 00000000 ____D () C:\ProgramData\6d7669d100003e8a
2015-04-09 20:39 - 2015-04-09 20:39 - 00830768 _____ (Software Web App ) C:\Users\Presbyterian\Downloads\adobe_flash_setup.exe
2015-04-08 20:36 - 2015-04-08 20:36 - 00000000 ____D () C:\ProgramData\{ebf6967a-fdc6-125f-ebf6-6967afdc59eb}
2015-04-08 20:35 - 2015-04-08 20:35 - 00464384 _____ () C:\Users\Presbyterian\Downloads\ShowBox (1).exe
2015-04-08 20:25 - 2015-04-08 20:25 - 00000000 ____D () C:\Program Files\Ripple Emulator
2015-04-08 20:25 - 2015-04-08 20:25 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-08 20:24 - 2015-04-08 20:24 - 00000000 ____D () C:\ProgramData\fjfabpckpmjjdajgmpfdgmecmcgppclp
2015-04-08 20:24 - 2015-04-08 20:24 - 00000000 ____D () C:\ProgramData\12377648289326806371
2015-04-08 20:24 - 2015-04-08 20:24 - 00000000 ____D () C:\Program Files\SealePLUs
2015-04-08 20:22 - 2015-04-08 20:22 - 00464896 _____ () C:\Users\Presbyterian\Downloads\ShowBox.exe
2015-04-08 20:22 - 2015-04-08 20:22 - 00000000 ____D () C:\ProgramData\{091f7b29-1666-6544-091f-f7b29166eca4}
2015-04-08 19:52 - 2015-04-08 19:52 - 02309572 _____ () C:\Users\Presbyterian\Downloads\showbox.apk
Task: {818F7C25-3FEC-4EA1-AAA5-49B6DF24498C} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-25] () <==== ATTENTION
Task: {85AFD589-3F5E-453E-BF2D-550226D70E06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {D3779927-EA8A-40C6-BE28-332F87C76E1A} - System32\Tasks\{1E02A1C5-384A-4048-A003-A5F7E2AFD10C} => pcalua.exe -a C:\Users\Presbyterian\Downloads\wlsetup-web.exe -d C:\Users\Presbyterian\Downloads
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8d0cd3660325.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfedd61718752e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0003439191b8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03f2a5a6bea8c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_C89E687D-4582-11E4-881D-002713AC33EC.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Presbyterian\Documents\Tyleana diploma.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Presbyterian\Documents\Tyleana diploma.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\ProgramData\{091f7b29-1666-6544-091f-f7b29166eca4}
C:\ProgramData\{ebf6967a-fdc6-125f-ebf6-6967afdc59eb}
C:\Users\Presbyterian\Downloads\adobe_flash_setup.exe
C:\Users\Presbyterian\Downloads\ShowBox (1).exe
C:\Users\Presbyterian\Downloads\ShowBox.exe
C:\Program Files\SparkTrust
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Users\Presbyterian\AppData\Local\Google\Chrome
C:\Program Files\Google\Chrome
C:\Program Files\pcmax
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
#7
Posted 16 April 2015 - 04:56 PM
Brenda50
- Topic Starter
-
- Member
-
- 30 posts
Member
I hope I didn't screw up to badly. I did the adcleaner scan before uninstalling Chrome. I then went back and uninstalled Chrome and ran the ADWcleaner again. Here is the log
# AdwCleaner v4.201 - Logfile created 16/04/2015 at 18:40:27
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Presbyterian - HOME-PC
# Running from : C:\Users\Presbyterian\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] -
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Google Chrome v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [5537 bytes] - [26/09/2014 10:11:22]
AdwCleaner[R1].txt - [3469 bytes] - [16/04/2015 18:21:28]
AdwCleaner[R2].txt - [1109 bytes] - [16/04/2015 18:37:53]
AdwCleaner[S0].txt - [5546 bytes] - [26/09/2014 10:28:32]
AdwCleaner[S1].txt - [3607 bytes] - [16/04/2015 18:23:30]
AdwCleaner[S2].txt - [1037 bytes] - [16/04/2015 18:40:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1096 bytes] ##########
#8
Posted 16 April 2015 - 05:00 PM
Brenda50
- Topic Starter
-
- Member
-
- 30 posts
Member
Here is the first scan file Thank you for your patience.
# AdwCleaner v3.310 - Report created 26/09/2014 at 10:28:32
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Presbyterian - HOME-PC
# Running from : C:\Users\Presbyterian\Downloads\adwcleaner_3.310.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\Bench
Folder Deleted : C:\Users\Gamer\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\Presbyterian\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Presbyterian\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Presbyterian\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Presbyterian\AppData\Roaming\Systweak
File Deleted : C:\Windows\system32\roboot.exe
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WeatherAlerts_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WeatherAlerts_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Google Chrome v37.0.2062.124
[ File : C:\Users\Gamer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[ File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=B776FC3E-5CC2-470E-B7F8-590133FD551C&n=780b5c29&ind=2014010409&p2=^ZK^xdm931^YYA^us
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=B776FC3E-5CC2-470E-B7F8-590133FD551C&n=780b5c29&ind=2014010409&p2=^ZK^xdm931^YYA^us
*************************
AdwCleaner[R0].txt - [5537 octets] - [26/09/2014 10:11:22]
AdwCleaner[S0].txt - [5406 octets] - [26/09/2014 10:28:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5466 octets] ##########
#9
Posted 17 April 2015 - 05:16 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you run the FRST fix please and post the fixlog, then re-install Chrome and let me know what problems are outstanding
#10
Posted 17 April 2015 - 11:03 AM
Brenda50
- Topic Starter
-
- Member
-
- 30 posts
Member
I have reloaFix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by Presbyterian at 2015-04-17 12:21:30 Run:2
Running from C:\Users\Presbyterian\Desktop
Loaded Profiles: Presbyterian (Available profiles: Presbyterian & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79864 2014-05-25] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\Software\MICROSOFT\INTERNET EXPLORER\Main,Start Page = http://www.dregol.co...r=691625700&ir=
R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [249024 2014-05-25] ()
2015-04-09 21:27 - 2015-04-09 21:27 - 00000000 ____D () C:\ProgramData\6d7669d100003e8a
2015-04-09 20:39 - 2015-04-09 20:39 - 00830768 _____ (Software Web App ) C:\Users\Presbyterian\Downloads\adobe_flash_setup.exe
2015-04-08 20:36 - 2015-04-08 20:36 - 00000000 ____D () C:\ProgramData\{ebf6967a-fdc6-125f-ebf6-6967afdc59eb}
2015-04-08 20:35 - 2015-04-08 20:35 - 00464384 _____ () C:\Users\Presbyterian\Downloads\ShowBox (1).exe
2015-04-08 20:25 - 2015-04-08 20:25 - 00000000 ____D () C:\Program Files\Ripple Emulator
2015-04-08 20:25 - 2015-04-08 20:25 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-08 20:24 - 2015-04-08 20:24 - 00000000 ____D () C:\ProgramData\fjfabpckpmjjdajgmpfdgmecmcgppclp
2015-04-08 20:24 - 2015-04-08 20:24 - 00000000 ____D () C:\ProgramData\12377648289326806371
2015-04-08 20:24 - 2015-04-08 20:24 - 00000000 ____D () C:\Program Files\SealePLUs
2015-04-08 20:22 - 2015-04-08 20:22 - 00464896 _____ () C:\Users\Presbyterian\Downloads\ShowBox.exe
2015-04-08 20:22 - 2015-04-08 20:22 - 00000000 ____D () C:\ProgramData\{091f7b29-1666-6544-091f-f7b29166eca4}
2015-04-08 19:52 - 2015-04-08 19:52 - 02309572 _____ () C:\Users\Presbyterian\Downloads\showbox.apk
Task: {818F7C25-3FEC-4EA1-AAA5-49B6DF24498C} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-25] () <==== ATTENTION
Task: {85AFD589-3F5E-453E-BF2D-550226D70E06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {D3779927-EA8A-40C6-BE28-332F87C76E1A} - System32\Tasks\{1E02A1C5-384A-4048-A003-A5F7E2AFD10C} => pcalua.exe -a C:\Users\Presbyterian\Downloads\wlsetup-web.exe -d C:\Users\Presbyterian\Downloads
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8d0cd3660325.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfedd61718752e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0003439191b8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03f2a5a6bea8c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SparkTrust PC CLEANER Plus_sch_C89E687D-4582-11E4-881D-002713AC33EC.job => C:\Program Files\SparkTrust\SparkTrust PC CLEANERPlus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Presbyterian\Documents\Tyleana DIPLOMA.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Presbyterian\Documents\Tyleana diploma.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\ProgramData\{091f7b29-1666-6544-091f-f7b29166eca4}
C:\ProgramData\{ebf6967a-fdc6-125f-ebf6-6967afdc59eb}
C:\Users\Presbyterian\Downloads\adobe_flash_setup.exe
C:\Users\Presbyterian\Downloads\ShowBox (1).exe
C:\Users\Presbyterian\Downloads\ShowBox.exe
C:\Program Files\SparkTrust
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Users\Presbyterian\AppData\Local\Google\Chrome
C:\Program Files\Google\Chrome
C:\Program Files\pcmax
Reg: reg delete HKLM\SOFTWARE\Policies\MICROSOFT\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
pcmaxservice => Service deleted successfully.
"C:\ProgramData\6d7669d100003e8a" => File/Directory not found.
C:\Users\Presbyterian\Downloads\adobe_flash_setup.exe => Moved successfully.
C:\ProgramData\{ebf6967a-fdc6-125f-ebf6-6967afdc59eb} => Moved successfully.
C:\Users\Presbyterian\Downloads\ShowBox (1).exe => Moved successfully.
C:\Program Files\Ripple Emulator => Moved successfully.
"C:\Program Files\bestadblocker" => File/Directory not found.
C:\ProgramData\fjfabpckpmjjdajgmpfdgmecmcgppclp => Moved successfully.
C:\ProgramData\12377648289326806371 => Moved successfully.
"C:\Program Files\SealePLUs" => File/Directory not found.
C:\Users\Presbyterian\Downloads\ShowBox.exe => Moved successfully.
C:\ProgramData\{091f7b29-1666-6544-091f-f7b29166eca4} => Moved successfully.
"C:\Users\Presbyterian\Downloads\showbox.apk" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{818F7C25-3FEC-4EA1-AAA5-49B6DF24498C} => Key not found.
C:\Windows\System32\Tasks\pcreg not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85AFD589-3F5E-453E-BF2D-550226D70E06} => Key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3779927-EA8A-40C6-BE28-332F87C76E1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3779927-EA8A-40C6-BE28-332F87C76E1A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1E02A1C5-384A-4048-A003-A5F7E2AFD10C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1E02A1C5-384A-4048-A003-A5F7E2AFD10C}" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8d0cd3660325.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfedd61718752e.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0003439191b8.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03f2a5a6bea8c.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
C:\Windows\Tasks\SparkTrust PC CLEANER Plus_sch_C89E687D-4582-11E4-881D-002713AC33EC.job => Moved successfully.
"C:\Users\Presbyterian\Documents\Tyleana DIPLOMA.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Presbyterian\Documents\Tyleana diploma.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\ProgramData\{091f7b29-1666-6544-091f-f7b29166eca4}" => File/Directory not found.
"C:\ProgramData\{ebf6967a-fdc6-125f-ebf6-6967afdc59eb}" => File/Directory not found.
"C:\Users\Presbyterian\Downloads\adobe_flash_setup.exe" => File/Directory not found.
"C:\Users\Presbyterian\Downloads\ShowBox (1).exe" => File/Directory not found.
"C:\Users\Presbyterian\Downloads\ShowBox.exe" => File/Directory not found.
"C:\Program Files\SparkTrust" => File/Directory not found.
"C:\Program Files\Google\Update\GoogleUpdate.exe" => File/Directory not found.
C:\Users\Presbyterian\AppData\Local\Google\Chrome => Moved successfully.
"C:\Program Files\Google\Chrome" => File/Directory not found.
C:\Program Files\pcmax => Moved successfully.
========= reg delete HKLM\SOFTWARE\Policies\MICROSOFT\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= RemoveProxy: =========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1798075911-1676469755-1713155969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
========= End of RemoveProxy: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset c:\resetlog.txt =========
Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= ipconfig /release =========
Windows IP Configuration
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::6554:c001:91ff:932b%16
Default Gateway . . . . . . . . . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.nyp.org:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:302d:1832:f562:6caf
Link-local IPv6 Address . . . . . : fe80::302d:1832:f562:6caf%12
Default Gateway . . . . . . . . . : ::
========= End of CMD: =========
========= ipconfig /renew =========
Windows IP Configuration
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : nyp.org
Link-local IPv6 Address . . . . . : fe80::6554:c001:91ff:932b%16
IPv4 Address. . . . . . . . . . . : 10.157.147.80
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.157.147.250
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:18dd:34e8:f562:6caf
Link-local IPv6 Address . . . . . : fe80::18dd:34e8:f562:6caf%12
Default Gateway . . . . . . . . . : ::
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{B470CF99-563B-42C9-B0AB-8C1C4A60D4CE} canceled.
{292A4401-B718-40A8-BAE6-662796D46691} canceled.
2 out of 2 jobs canceled.
========= End of CMD: =========
EmptyTemp: => Removed 815.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 12:22:13 ====ded Chrome and don't seem to have any issues. Here is the fixlog.
#11
Posted 17 April 2015 - 11:14 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK how is the computer behaving now ?
#12
Posted 17 April 2015 - 06:24 PM
Brenda50
- Topic Starter
-
- Member
-
- 30 posts
Member
It's behaving good. No issues that I can see. What antivirus programs would you recommend I put in place? Thank you for your invaluable help. I tell everyone with a computer about you guys. You are a godsend.
#13
Posted 18 April 2015 - 03:59 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Standby for my little spiel about a light, secure system....
There is a fair bit to read but take your time and ask any questions that you wish
How to set up a reasonable and light security regime for your system. Apart from cryptoprevent all other elements are install and forget.
DOWNLOAD AND INSTALL ANTIVIRUS
Download Avast - direct link Avast 2015
Select Custom install
Remove the ticks from the first page for the following unless you want them :
Dropbox
Chrome
Chrome toolbar
Select Next
Deselect the following from the middle column as you will not need them :
SecureLine
Grimefighter
Select Continue and allow the programme to install
Be aware that the first reboot may take a few minutes as Avast builds the virtual machine
Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb
How to register
Right click the Avast orange blob on the task bar
Select registration
Select Standard Protection
Fill in your e-mail address
Click register with e-mail address and you are done
Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Place a tick in "Silent /Gaming mode"
PROTECT AGAINST RANSOMEWARE
CryptoPrevent install this programme to lock down and prevent crypto ransome ware.
Manually update monthly
PROTECT AGAINST UNWANTED BUNDLED SOFTWARE
Unchecky
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme
IF YOU USE USB DRIVES
Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
Plug in the drive and McShield will start a scan
BACKUP AND IMAGING
It is always advisable to have a backup of your current windows set up on a seperate USB external drive
I recommend Macrium Reflect for this
I have a small tutorial here on how to use it http://www.geekstogo...t-imaging-tool/
The restore from backup usually completes in about 20 minutes (depending on the size of your drive )
There is a fair bit to read but take your time and ask any questions that you wish
How to set up a reasonable and light security regime for your system. Apart from cryptoprevent all other elements are install and forget.
DOWNLOAD AND INSTALL ANTIVIRUS
Download Avast - direct link Avast 2015
Select Custom install
Remove the ticks from the first page for the following unless you want them :
Dropbox
Chrome
Chrome toolbar
Select Next
Deselect the following from the middle column as you will not need them :
SecureLine
Grimefighter
Select Continue and allow the programme to install
Be aware that the first reboot may take a few minutes as Avast builds the virtual machine
Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb
How to register
Right click the Avast orange blob on the task bar
Select registration
Select Standard Protection
Fill in your e-mail address
Click register with e-mail address and you are done
Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Place a tick in "Silent /Gaming mode"
PROTECT AGAINST RANSOMEWARE
CryptoPrevent install this programme to lock down and prevent crypto ransome ware.
Manually update monthly
PROTECT AGAINST UNWANTED BUNDLED SOFTWARE
Unchecky
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme
IF YOU USE USB DRIVES
Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
Plug in the drive and McShield will start a scan
BACKUP AND IMAGING
It is always advisable to have a backup of your current windows set up on a seperate USB external drive
I recommend Macrium Reflect for this
I have a small tutorial here on how to use it http://www.geekstogo...t-imaging-tool/
The restore from backup usually completes in about 20 minutes (depending on the size of your drive )
#14
Posted 19 April 2015 - 10:56 AM
Brenda50
- Topic Starter
-
- Member
-
- 30 posts
Member
I loaded everything except the backup I have to go get a flash drive for that. Was I supposed to load drop box? It seems to just appear but I didn't register because I was unsure. will do back up shortly.
#15
Posted 19 April 2015 - 12:34 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Uninstall dropbox unless you wish to use it
How is the computer behaving now ?
How is the computer behaving now ?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
