Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop ups and redirects


  • This topic is locked This topic is locked

#1
-_R1_-

-_R1_-

    Member

  • Member
  • PipPip
  • 93 posts

hello all for some reason no matter how many times i scan my computer for malware it just wont go away. My computer boots up fine there no problem at all but as soon as open on google chrome and search a website i got a pop up my page loads up and then i get redirected to a different site. i did a scan using FRST here is the logs i was given after the scan.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by John (administrator) on JOHN on 27-04-2015 20:59:32
Running from C:\Users\John\Downloads\Google Chrome Downloads
Loaded Profiles: John (Available profiles: John)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2404296 2014-08-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-29] (SUPERAntiSpyware)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\MountPoints2: {898a6b90-c1bf-11e2-be78-b888e3139436} - "E:\setup.exe" 
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-23] (NVIDIA Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OnePlus One Toolkit.lnk [2015-04-06]
ShortcutTarget: OnePlus One Toolkit.lnk -> C:\Program Files (x86)\OPO Toolkit\OnePlus One Toolkit.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-30] (Microsoft Corporation)
BootExecute: sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49235;https=127.0.0.1:49235
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/...CA&dcc=CA&opt=0
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=CA&unqvl=85
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=CA&unqvl=85
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1915954930-4168681749-542677032-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=CA&unqvl=85
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-30] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-06] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-06] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-18] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin HKU\S-1-5-21-1915954930-4168681749-542677032-1001: @tools.google.com/Google Update;version=3 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1915954930-4168681749-542677032-1001: @tools.google.com/Google Update;version=9 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.toshiba.ca/welcome/?w=30", "hxxp://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN26328059281073730&UM=2", "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtCtAzyyEtAyCyD0E0C0CtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyD0E0E0CtAtB0FtGtA0FzyyEtGzy0DtBtAtGtBtA0BtCtGtA0Ezy0E0C0ByEyDyEtDtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtC0ByEyByB0C0CtGyDtCyD0FtGyD0EtCyEtG0D0AyCtBtGyC0D0AzyyE0EzytC0FtB0C0B2Q&cr=1561541677&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M2856CDC0-2B00-4BF4-A903-E6873386CF77&SearchSource=55&CUI=&UM=6&UP=SPF1721CB3-2148-4470-9A57-0697745FF571&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-11]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-11]
CHR Extension: (Google Cast) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-27]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-11-13]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-11]
CHR Extension: (Bookmark Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-16] (SUPERAntiSpyware.com)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [658432 2014-06-16] (Macrovision Europe Ltd.) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1721800 2014-08-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18974152 2014-08-08] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-10] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-03-12] (Razer Inc.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2015-01-05] () <==== ATTENTION (zero size file/folder)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-20] (DT Soft Ltd)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-08-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [259176 2012-01-05] (Realtek Semiconductor Corp.)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-03-10] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 TosRfSnd; C:\Windows\system32\drivers\tosrfsnd.sys [63488 2010-04-26] (TOSHIBA Corporation) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S2 iPodDrv; \??\C:\WINDOWS\system32\drivers\iPodDrv.sys [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-27 20:57 - 2015-04-27 20:59 - 00000000 ____D () C:\FRST
2015-04-27 20:21 - 2015-04-27 20:21 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys.upd
2015-04-27 16:36 - 2015-04-27 17:10 - 00000000 ___HD () C:\$WINDOWS.~BT
2015-04-25 12:11 - 2015-04-27 20:53 - 01054788 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-25 12:10 - 2015-04-27 20:15 - 00001841 _____ () C:\WINDOWS\setupact.log
2015-04-25 12:10 - 2015-04-27 16:36 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-22 23:57 - 2015-04-22 23:57 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2015-04-22 23:53 - 2015-04-22 23:54 - 00000000 ____D () C:\Users\John\Downloads\Jupiter.Ascending.2015.HDRip.XviD-ETRG
2015-04-22 22:01 - 2015-04-22 22:13 - 00000000 ____D () C:\Users\John\Downloads\The Cobbler (2014)
2015-04-21 22:34 - 2015-04-21 22:35 - 00000000 ____D () C:\Users\John\Downloads\Young.and.Hungry.S02E04.HDTV.x264-ASAP[ettv]
2015-04-19 23:03 - 2015-04-19 23:03 - 00000000 ____D () C:\Users\John\AppData\Local\Microsoft Help
2015-04-19 20:57 - 2015-04-19 20:57 - 00001250 _____ () C:\Users\Public\Desktop\H&R Block Tax Software 2014.lnk
2015-04-19 20:57 - 2015-04-19 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block
2015-04-19 20:57 - 2015-04-19 20:57 - 00000000 ____D () C:\Program Files (x86)\H&R Block
2015-04-19 18:06 - 2015-04-19 21:36 - 00000000 ____D () C:\Users\John\AppData\Local\hrblock2014
2015-04-19 18:03 - 2015-04-19 18:03 - 00000000 ____D () C:\Users\John\AppData\Roaming\H&R Block
2015-04-19 17:39 - 2015-04-19 17:50 - 00000000 ____D () C:\Users\John\Downloads\Season 5 720p Web Dl x264 Mrlss
2015-04-19 17:37 - 2015-04-19 20:56 - 00000000 ____D () C:\Users\John\Downloads\Season 3
2015-04-19 17:37 - 2015-04-19 17:46 - 00000000 ____D () C:\Users\John\Downloads\The.Walking.Dead.S04.720p.BluRay.x264-ShAaNiG
2015-04-13 21:34 - 2015-04-13 21:34 - 00000000 ____D () C:\ProgramData\GZ
2015-04-13 20:04 - 2015-04-13 20:04 - 02523443 ____R () C:\Users\John\Downloads\Vicki Robin, Joe Dominguez, Monique Tilford-Your Money Or Your Life_ 9 Steps to Transforming Your Relationship with Money and Achieving Financial Independence_ Revised and Updated for the 21st Century.epub
2015-04-12 19:49 - 2015-04-12 19:49 - 00001212 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-04-12 19:49 - 2015-04-12 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-04-12 19:42 - 2015-04-19 14:50 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-04-11 20:08 - 2015-04-11 20:11 - 00000000 ____D () C:\Users\John\Documents\Heroes of the Storm
2015-04-10 22:28 - 2015-04-27 20:16 - 00000020 _____ () C:\Users\John\AppData\Roaming\appdataFr3.bin
2015-04-06 22:12 - 2015-04-06 22:12 - 00000000 ____D () C:\Users\John\Documents\My Games
2015-04-06 22:12 - 2015-04-06 22:12 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-04-06 18:57 - 2015-04-06 18:57 - 00001625 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2015-04-06 18:57 - 2015-04-06 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-04-06 16:41 - 2015-04-06 16:41 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-04-06 15:58 - 2012-07-31 06:42 - 00203104 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-04-06 15:58 - 2012-07-31 06:42 - 00102240 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-04-06 15:01 - 2015-04-06 15:01 - 00001176 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnePlus One Toolkit.lnk
2015-04-06 15:01 - 2015-04-06 15:01 - 00001146 _____ () C:\Users\John\Desktop\OnePlus One Toolkit.lnk
2015-04-06 15:01 - 2015-04-06 15:01 - 00000000 ____D () C:\Program Files (x86)\OPO Toolkit
2015-04-06 14:22 - 2015-04-06 14:22 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ssudeadb_01007.Wdf
2015-04-06 14:15 - 2015-04-06 14:15 - 00000000 ____D () C:\ProgramData\Samsung
2015-04-06 14:15 - 2015-04-06 14:15 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-04-06 14:15 - 2014-06-16 02:01 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll
2015-04-06 14:06 - 2015-04-12 17:57 - 00000000 ____D () C:\Users\John\Desktop\temp
2015-04-06 13:52 - 2015-04-06 13:53 - 00000000 ____D () C:\Users\John\Desktop\android
2015-04-06 13:41 - 2015-04-06 13:41 - 00000000 ____D () C:\Users\John\.android
2015-04-06 12:35 - 2015-04-21 00:06 - 00000000 ____D () C:\Program Files (x86)\SSaalePluus
2015-04-06 12:35 - 2015-04-06 12:35 - 00000000 ____D () C:\ProgramData\mabkmbgokkmmdbegbildglkoncmccela
2015-04-06 12:29 - 2015-04-12 23:09 - 00000000 ____D () C:\ProgramData\{befcec08-d13d-a8df-befc-cec08d13b023}
2015-04-06 12:16 - 2015-04-06 12:37 - 00000000 ____D () C:\Program Files (x86)\SegmentProlonger
2015-04-06 12:13 - 2015-04-21 00:06 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-04-06 12:13 - 2015-04-21 00:06 - 00000000 ____D () C:\Program Files (x86)\SAleePLus
2015-04-06 12:13 - 2015-04-06 12:13 - 00000000 ____D () C:\ProgramData\odedfngalicifbhfifkomiigdfghknkl
2015-04-06 12:13 - 2015-04-06 12:13 - 00000000 ____D () C:\ProgramData\11007507932223857474
2015-04-06 12:12 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{d7091b71-9193-4d05-d709-91b719196dc6}
2015-04-06 12:12 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{d584db96-fa38-3a52-d584-4db96fa36e5b}
2015-04-06 12:11 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{e3fe84b8-853a-e98d-e3fe-e84b885312e2}
2015-04-06 12:01 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{98429f38-881f-57fd-9842-29f388817ce2}
2015-04-06 12:01 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{3fbb97ef-b7f1-af11-3fbb-b97efb7f5fbe}
2015-04-05 23:22 - 2015-04-05 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-04-05 23:21 - 2015-01-30 10:02 - 00084992 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2015-04-05 23:14 - 2015-04-06 12:05 - 00000000 ____D () C:\Users\John\AppData\Local\Android
2015-04-05 23:13 - 2015-04-06 12:02 - 00000000 ____D () C:\Program Files\Android
2015-04-05 23:07 - 2015-04-06 12:42 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-05 23:07 - 2015-04-05 23:07 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-04-05 23:07 - 2015-04-05 23:07 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-04-05 23:07 - 2015-04-05 23:07 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-04-05 23:07 - 2015-04-05 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-05 23:06 - 2015-04-05 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-03-30 21:49 - 2015-03-30 21:49 - 00000000 ____D () C:\ProgramData\Steam
2015-03-30 18:52 - 2015-03-30 18:52 - 00000000 ____D () C:\Users\John\Documents\Razer
2015-03-30 18:52 - 2015-03-30 18:52 - 00000000 ____D () C:\Users\John\AppData\Local\Razer_Inc
2015-03-30 18:50 - 2015-04-06 22:09 - 00001279 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2015-03-30 18:50 - 2015-03-30 18:50 - 00000000 ____D () C:\Users\John\AppData\Local\Razer
2015-03-30 18:50 - 2015-03-30 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-03-30 18:49 - 2015-03-30 18:49 - 00000000 ____D () C:\ProgramData\Razer
2015-03-30 18:49 - 2015-03-30 18:49 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-03-30 18:49 - 2015-03-10 14:18 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2015-03-30 16:01 - 2015-03-30 16:01 - 00000000 ____D () C:\Program Files (x86)\UEFI WinFlash
2015-03-29 21:52 - 2015-04-17 02:02 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-29 21:52 - 2015-03-29 21:52 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-03-29 21:52 - 2015-03-29 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-29 21:51 - 2015-04-27 20:16 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-29 21:51 - 2015-04-27 19:01 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 21:51 - 2015-03-29 21:56 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-29 21:51 - 2015-03-29 21:56 - 00003652 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-29 21:13 - 2015-03-29 21:13 - 00000000 ____D () C:\Users\John\AppData\Local\Steam
2015-03-29 21:03 - 2015-04-19 18:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-29 21:03 - 2015-03-29 21:03 - 00000986 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-03-29 21:03 - 2015-03-29 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-27 20:31 - 2013-12-15 16:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-27 20:15 - 2013-12-15 11:59 - 00000000 __RDO () C:\Users\John\SkyDrive
2015-04-27 20:15 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-27 19:53 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-27 19:52 - 2012-10-27 17:39 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2015-04-27 18:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-27 17:41 - 2013-12-15 00:32 - 00001908 _____ () C:\WINDOWS\diagwrn.xml
2015-04-27 17:41 - 2013-12-15 00:32 - 00001908 _____ () C:\WINDOWS\diagerr.xml
2015-04-27 17:41 - 2013-07-18 00:10 - 00047104 ___SH () C:\Users\John\Documents\Thumbs.db
2015-04-27 17:01 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-27 16:39 - 2013-12-15 12:31 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9C7084A3-B535-4CFE-91D2-2FD6E660A2ED}
2015-04-25 23:42 - 2014-08-10 20:50 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 00:59 - 2012-10-27 17:36 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1915954930-4168681749-542677032-1001
2015-04-25 00:43 - 2012-10-29 23:34 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2015-04-22 23:57 - 2015-01-02 03:02 - 00000000 ____D () C:\Program Files (x86)\Kodi
2015-04-21 22:23 - 2013-10-03 22:12 - 00004388 _____ () C:\Users\John\.swfinfo
2015-04-21 22:20 - 2014-12-08 21:43 - 00000000 ____D () C:\Users\John\AppData\Roaming\Kodi
2015-04-19 23:11 - 2012-10-27 17:27 - 00000000 ____D () C:\Users\John\AppData\Local\Packages
2015-04-19 20:40 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-19 18:04 - 2015-01-05 17:18 - 00000000 ____D () C:\Users\John\Documents\registry cleaner backup
2015-04-19 18:02 - 2013-05-20 22:50 - 00000000 ____D () C:\Users\John\AppData\Roaming\DAEMON Tools Lite
2015-04-19 18:00 - 2014-05-28 00:09 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-19 17:40 - 2014-04-21 21:37 - 00199680 ___SH () C:\Users\John\Downloads\Thumbs.db
2015-04-19 14:59 - 2014-03-08 00:06 - 00000000 ____D () C:\Users\John\AppData\Local\Battle.net
2015-04-18 23:08 - 2013-12-15 00:32 - 00000000 ____D () C:\Users\John
2015-04-12 23:09 - 2014-08-10 18:58 - 00000000 ___RD () C:\Users\John\Desktop\AntiSpy&Virus
2015-04-12 18:21 - 2013-12-08 22:44 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-04-12 14:34 - 2013-01-10 23:38 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-04-11 20:08 - 2013-12-08 22:44 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-04-11 20:01 - 2014-03-08 00:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-07 19:40 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-06 22:12 - 2012-10-27 18:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-06 18:58 - 2014-09-03 13:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Riot Games
2015-04-06 14:50 - 2013-06-25 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-04-06 14:50 - 2013-06-25 23:05 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2015-04-06 14:49 - 2013-06-25 23:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-06 12:43 - 2014-09-03 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-06 12:41 - 2013-06-24 14:39 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-05 23:21 - 2013-12-15 00:27 - 00000000 ____D () C:\Program Files\Intel
2015-03-30 19:05 - 2015-01-05 18:10 - 00001110 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-03-30 15:52 - 2014-01-18 22:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-29 21:52 - 2015-01-05 17:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-29 21:52 - 2013-01-11 21:32 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-29 21:29 - 2013-09-18 22:12 - 00000000 ____D () C:\Users\John\AppData\Local\CRE
2015-03-29 20:28 - 2015-01-07 01:13 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
 
==================== Files in the root of some directories =======
 
2015-04-10 22:28 - 2015-04-27 20:16 - 0000020 _____ () C:\Users\John\AppData\Roaming\appdataFr3.bin
2014-04-01 01:13 - 2014-04-02 13:13 - 0000087 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-26 18:28 - 2014-03-26 18:28 - 0007600 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-01-05 17:20 - 2015-01-05 17:20 - 0172775 _____ () C:\ProgramData\1420492563.bdinstall.bin
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\avchv.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-26 00:06
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by John at 2015-04-27 21:00:11
Running from C:\Users\John\Downloads\Google Chrome Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1915954930-4168681749-542677032-500 - Administrator - Disabled)
Guest (S-1-5-21-1915954930-4168681749-542677032-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1915954930-4168681749-542677032-1006 - Limited - Enabled)
John (S-1-5-21-1915954930-4168681749-542677032-1001 - Administrator - Enabled) => C:\Users\John
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
ChromecastApp (HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Ear Force Audio Hub (HKLM-x32\...\{A492B658-0E72-4561-B745-256CBD202E68}) (Version: 2.0.7.0 - Voyetra Turtle Beach, Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
H&R Block Tax Software 2014 (HKLM-x32\...\{20BEEEAA-C87B-41EC-9089-9535EFA91A3C}) (Version: 14.0.0 - H&R Block)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Kodi (HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Kodi) (Version:  - XBMC-Foundation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.65 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.4.15.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29008 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SRS Premium Sound Control Panel (HKLM\...\{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}) (Version: 1.12.0300 - SRS Labs, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1010 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.7 - Synaptics Incorporated)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Videostream Port Fix (HKLM-x32\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-04-2015 17:22:19 Removed Universal Adb Driver
23-04-2015 00:17:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
23-04-2015 00:17:44 Installed DirectX
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0CA99F6F-46B3-4A61-8D55-7052D9D6F83A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {2B6A00E6-7C64-44D8-9243-393C5F016A6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-30] (Microsoft Corporation)
Task: {2F819F03-EB36-4B5B-B2C6-36F4169AEA9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {47CC7C7B-F5C3-488E-9B55-4B02B8CC4BB9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {9E024D46-5923-458B-89EA-B1257339CF47} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {B263420B-2DC9-4704-BF10-E0DDDF0FBEB6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {E8B2CECC-3FDF-4B5F-8C40-8E0A7F61372E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-30] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1915954930-4168681749-542677032-1001Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1915954930-4168681749-542677032-1001Core1cff177e2592cdc.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-05 17:16 - 2013-03-19 13:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-01-05 17:16 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2013-12-23 13:33 - 2013-12-23 13:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-30 15:50 - 2015-03-30 15:50 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-21 17:36 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-10 14:20 - 2015-03-10 14:20 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-05-18 16:54 - 2005-04-22 00:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2013-11-04 20:22 - 2013-11-04 20:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-23 13:33 - 2013-12-23 13:33 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-30 18:50 - 2015-03-12 13:04 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2014-05-18 16:53 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-04-17 02:02 - 2015-04-13 17:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 02:02 - 2015-04-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-17 02:02 - 2015-04-13 17:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth Monitor.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "ITSecMng"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "PivotSoftware"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\StartupFolder: => "RapidMediaConverterApp.lnk"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "SearchProtect"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [EventForwarder-In-TCP] => (Allow) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Allow) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{03382A0E-74C6-492B-A7AD-53834FCCCB83}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{8181EEB9-614B-43D0-B1F3-2ECC7A29AB3C}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{5B172F9C-0319-4B00-ACAE-8E94612B83EA}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{CDC4C456-D5DC-4E15-9916-762E237EDF33}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{7620C87A-C700-4245-A593-5B83407CFE9A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{ACD61E09-86EE-4BE1-860C-BDB217758720}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6E9D1423-8A0D-4EC8-B7A2-7660A76DDBDB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1C68DE2D-CD58-4302-A482-B0F839BABF70}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D619500D-2605-4051-A494-00D4C3747894}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{680868F4-794A-4ABA-969C-FE3503ACE61E}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6948F6D9-6C61-4259-87AE-99DFB2505A5B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{56FA9C49-0CCD-43E9-955F-90222A632D92}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D38A5580-8DD2-41B0-BD80-A3557955C6A2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{65A2EA3E-BFE6-4E12-9A99-83848322BD66}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{5AAC9BF6-09B5-4DDA-96D4-01634979365D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{254EC8A8-453B-42CA-AACA-4C68E3A8929B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D5B76FE0-43E5-4A61-AFE6-8465E5D7BC81}C:\programdata\battle.net\agent\agent.beta.2737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2737\agent.exe
FirewallRules: [UDP Query User{79BC0E98-13A0-4112-827C-C6E0E3A0DE39}C:\programdata\battle.net\agent\agent.beta.2737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2737\agent.exe
FirewallRules: [{C27ED43C-6726-486F-A9FB-8C7FE46C5A0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FAA1D247-ECBE-453D-92C6-9F9EF06CC608}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{B0814BF7-6950-4636-9568-BB374D72C247}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{ABE8A209-127D-4099-B066-3DA6798FC17B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{24DBBD5C-5C9E-43ED-B015-0A4C8A424BF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{7C187261-A0F4-42E4-821D-7FBC12907D6F}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B193351F-97F3-4634-975D-9F196E14BF98}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0C07C4FF-0FFA-450D-BD4C-65792876CE27}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{A03DE4EF-D33C-47C6-8973-A44E12A97A34}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{27BE8AAE-97DD-4570-8E82-8FD723F59092}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{A4110231-0435-42B1-A359-3AA4375F3676}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{AEF55CFF-0A6C-48CA-A845-97C8EE95EE88}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{27E5629C-9D1A-4377-9055-3B7C2D1BD01C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D3EC4B34-FBA8-42C1-B3A4-3238DA514D69}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8CC6F60C-0DAF-4CE7-A04F-537A005D9FF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{54C0742A-2D4D-4E6C-B218-9DCFF9ECA4E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{357F4CD7-31A1-4565-9E5F-A8E6B89246DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3805DA7B-4119-43FC-9CB2-496138E86870}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B468553E-72AC-4C3C-B789-C1ABAB8F3942}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{01829910-4EB7-4151-9F84-54B1D88B80EB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7B4415E2-29D8-45B1-B640-38085AC41590}] => (Allow) LPort=5556
FirewallRules: [{EDC13833-6EFE-4008-AAC4-4F7E6C3A2E3B}] => (Allow) LPort=5558
FirewallRules: [TCP Query User{5547CB40-93E0-44A7-9A80-ADE85D305198}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{399CAAC6-B645-4755-AA01-5C4687D25CC1}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{534CC0B0-AAF1-483C-8310-7AE134D5D5E0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{B54A1284-7091-4ED8-B694-694A59E47B87}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{EBC68CD6-B3B5-4415-A513-11B8D8ECE145}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{94D5D7FF-69BF-47A2-B371-52D5E9CED66E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{552F4949-4E5E-41AC-85A4-76FE56E88B97}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8AB1F62A-2868-4EE2-80B5-D24871420465}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3C11D680-1EE8-41E8-8148-214AB1CB55F8}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{72CD80AB-D071-4304-9E04-7D8A445625CF}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{054C2F36-6B08-4670-BCDC-F01EBF6E8EC0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/27/2015 09:00:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2015 08:45:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2015 08:30:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2015 07:52:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2015 07:40:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2015 07:25:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2015 07:10:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2015 06:53:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2015 06:40:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2015 06:25:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (04/27/2015 08:15:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iPodDrv service failed to start due to the following error: 
%%2
 
Error: (04/27/2015 08:15:06 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.
 
Error: (04/26/2015 11:16:37 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (04/26/2015 11:15:53 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (04/26/2015 11:15:53 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (04/26/2015 11:15:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (04/26/2015 11:15:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (04/26/2015 11:15:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (04/25/2015 00:11:15 PM) (Source: DCOM) (EventID: 10016) (User: JOHN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JohnJohnS-1-5-21-1915954930-4168681749-542677032-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/25/2015 00:11:15 PM) (Source: DCOM) (EventID: 10016) (User: JOHN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JohnJohnS-1-5-21-1915954930-4168681749-542677032-1001LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (04/27/2015 09:00:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
Error: (04/27/2015 08:45:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
Error: (04/27/2015 08:30:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
Error: (04/27/2015 07:52:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
Error: (04/27/2015 07:40:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
Error: (04/27/2015 07:25:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
Error: (04/27/2015 07:10:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
Error: (04/27/2015 06:53:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
Error: (04/27/2015 06:40:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
Error: (04/27/2015 06:25:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App-2147417842
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 8086.57 MB
Available physical RAM: 4250.46 MB
Total Pagefile: 9366.57 MB
Available Pagefile: 4891.7 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (S3A9943D002) (Fixed) (Total:684.06 GB) (Free:373.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 58B3EF2C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=684.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=17)
 
==================== End Of Log ============================

 

 

I would greatly appriacate any help I could get with this.


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


First do this:
Farber Recovery Scanner needs to be running from the desktop. You have it in the downloads folder. Please move to desktop
To do that:
  • Navagate to your downloads folder--> C:\Users\John\Downloads\Google Chrome Downloads
  • In the downloads folder find FRST (Farber recovery scan tool)
  • Right click on it,Choose cut.
  • Go back to the desktop.
  • On an empty space right click, choose paste.
  • Farber will now have been successfully moved to desktop.
No need to do another scan

Next

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
2015-04-06 12:35 - 2015-04-21 00:06 - 00000000 ____D () C:\Program Files (x86)\SSaalePluus
2015-04-06 12:35 - 2015-04-06 12:35 - 00000000 ____D () C:\ProgramData\mabkmbgokkmmdbegbildglkoncmccela
2015-04-06 12:29 - 2015-04-12 23:09 - 00000000 ____D () C:\ProgramData\{befcec08-d13d-a8df-befc-cec08d13b023}
2015-04-06 12:16 - 2015-04-06 12:37 - 00000000 ____D () C:\Program Files (x86)\SegmentProlonger
2015-04-06 12:13 - 2015-04-21 00:06 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-04-06 12:13 - 2015-04-21 00:06 - 00000000 ____D () C:\Program Files (x86)\SAleePLus
2015-04-06 12:13 - 2015-04-06 12:13 - 00000000 ____D () C:\ProgramData\odedfngalicifbhfifkomiigdfghknkl
2015-04-06 12:13 - 2015-04-06 12:13 - 00000000 ____D () C:\ProgramData\11007507932223857474
2015-04-06 12:12 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{d7091b71-9193-4d05-d709-91b719196dc6}
2015-04-06 12:12 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{d584db96-fa38-3a52-d584-4db96fa36e5b}
2015-04-06 12:11 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{e3fe84b8-853a-e98d-e3fe-e84b885312e2}
2015-04-06 12:01 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{98429f38-881f-57fd-9842-29f388817ce2}
2015-04-06 12:01 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{3fbb97ef-b7f1-af11-3fbb-b97efb7f5fbe}
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Policies\system: [DisableLockWorkstation] 0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=CA&unqvl=85
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1915954930-4168681749-542677032-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=CA&unqvl=85
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1915954930-4168681749-542677032-1001: @tools.google.com/Google Update;version=3 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1915954930-4168681749-542677032-1001: @tools.google.com/Google Update;version=9 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
S2 iPodDrv; \??\C:\WINDOWS\system32\drivers\iPodDrv.sys [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] 
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Post the fixlog.txt in your next reply. That log will be found on the desktop after fix has run.
  • 0

#3
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

hi thank you for your help i did everything that you asked and here is the log that i got from the fix

 

 

Fix result of Farbar Recovery Toolarrow-10x10.png (FRST written by Farbar) (x64) Version: 29-04-2015 01
Ran by John at 2015-04-30 21:54:47 Run:1
Running from C:\Users\John\Desktop
Loaded Profilesarrow-10x10.png: John (Available profiles: John)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
2015-04-06 12:35 - 2015-04-21 00:06 - 00000000 ____D () C:\Programarrow-10x10.png Files (x86)\SSaalePluus
2015-04-06 12:35 - 2015-04-06 12:35 - 00000000 ____D () C:\ProgramData\mabkmbgokkmmdbegbildglkoncmccela
2015-04-06 12:29 - 2015-04-12 23:09 - 00000000 ____D () C:\ProgramData\{befcec08-d13d-a8df-befc-cec08d13b023}
2015-04-06 12:16 - 2015-04-06 12:37 - 00000000 ____D () C:\Program Files (x86)\SegmentProlonger
2015-04-06 12:13 - 2015-04-21 00:06 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-04-06 12:13 - 2015-04-21 00:06 - 00000000 ____D () C:\Program Files (x86)\SAleePLus
2015-04-06 12:13 - 2015-04-06 12:13 - 00000000 ____D () C:\ProgramData\odedfngalicifbhfifkomiigdfghknkl
2015-04-06 12:13 - 2015-04-06 12:13 - 00000000 ____D () C:\ProgramData\11007507932223857474
2015-04-06 12:12 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{d7091b71-9193-4d05-d709-91b719196dc6}
2015-04-06 12:12 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{d584db96-fa38-3a52-d584-4db96fa36e5b}
2015-04-06 12:11 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{e3fe84b8-853a-e98d-e3fe-e84b885312e2}
2015-04-06 12:01 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{98429f38-881f-57fd-9842-29f388817ce2}
2015-04-06 12:01 - 2015-04-21 00:06 - 00000000 ____D () C:\ProgramData\{3fbb97ef-b7f1-af11-3fbb-b97efb7f5fbe}
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Policies\system: [DisableLockWorkstation] 0
HKLM\Software\Microsoftarrow-10x10.png\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=CA&unqvl=85
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1915954930-4168681749-542677032-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=CA&unqvl=85
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1915954930-4168681749-542677032-1001: @tools.googlearrow-10x10.png.com/Google Update;version=3 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1915954930-4168681749-542677032-1001: @tools.google.com/Google Update;version=9 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
S2 iPodDrv; \??\C:\WINDOWS\system32\drivers\iPodDrv.sys [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] 
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoftarrow-10x10.png\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
C:\Programarrow-10x10.png Files (x86)\SSaalePluus => Moved successfully.
C:\ProgramData\mabkmbgokkmmdbegbildglkoncmccela => Moved successfully.
C:\ProgramData\{befcec08-d13d-a8df-befc-cec08d13b023} => Moved successfully.
C:\Program Files (x86)\SegmentProlonger => Moved successfully.
C:\Program Files (x86)\youtubeadblocker => Moved successfully.
C:\Program Files (x86)\SAleePLus => Moved successfully.
C:\ProgramData\odedfngalicifbhfifkomiigdfghknkl => Moved successfully.
C:\ProgramData\11007507932223857474 => Moved successfully.
C:\ProgramData\{d7091b71-9193-4d05-d709-91b719196dc6} => Moved successfully.
C:\ProgramData\{d584db96-fa38-3a52-d584-4db96fa36e5b} => Moved successfully.
C:\ProgramData\{e3fe84b8-853a-e98d-e3fe-e84b885312e2} => Moved successfully.
C:\ProgramData\{98429f38-881f-57fd-9842-29f388817ce2} => Moved successfully.
C:\ProgramData\{3fbb97ef-b7f1-af11-3fbb-b97efb7f5fbe} => Moved successfully.
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1915954930-4168681749-542677032-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\MozillaPlugins\@tools.googlearrow-10x10.png.com/Google Update;version=3" => Key deleted successfully.
C:\Users\John\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\MozillaPlugins\@tools.googlearrow-10x10.png.com/Google Update;version=9" => Key deleted successfully.
C:\Users\John\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll not found.
iPodDrv => Service deleted successfully.
SmbDrvI => Service deleted successfully.
"C:\Users\John\SkyDrive" => ":ms-properties" ADS not found.
 
=========  netsh winsock reset catalog =========
 
'netsh' is not recognized as an internal or external command,
operable programarrow-10x10.png or batch file.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
'ipconfig' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\Software\Microsoftarrow-10x10.png\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 459.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:55:52 ====

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Please run Malwarebytes next, if you already have it you will not need to download it. After this you will need to reinstall Chrome. Ill give instructions for that. Malware has broken the Chrome browser...

Just run the Malwarebytes for now.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.
    Thanks
    Joe :)

  • 0

#5
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

i did the scan here is the log i got

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/1/2015
Scan Time: 9:06:43 PM
Logfile: scan1.1.15.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.01.07
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382978
Time Elapsed: 23 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215, Quarantined, [8af14d41b4d62610646c4f0eec191be5], 
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc, Quarantined, [8af14d41b4d62610646c4f0eec191be5], 
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215, Quarantined, [5724820c107adc5a2ea2b0ad43c2a55b], 
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc, Quarantined, [5724820c107adc5a2ea2b0ad43c2a55b], 
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215, Quarantined, [dba0d1bd61291521def2015cba4bb54b], 
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc, Quarantined, [dba0d1bd61291521def2015cba4bb54b], 
 
Files: 19
PUP.Optional.PricePeep.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [f18a4e40f397a0967a151aaf02018e72], 
PUP.Optional.PricePeep.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [f3882668fa902d09f29de9e033d03ec2], 
PUP.Optional.PricePeep.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [215a672703876fc7345b15b45aa9cb35], 
PUP.Optional.PricePeep.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [87f4a1edbcce73c3632c1faa6c9749b7], 
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\lsdb.js, Quarantined, [8af14d41b4d62610646c4f0eec191be5], 
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\background.html, Quarantined, [8af14d41b4d62610646c4f0eec191be5], 
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\content.js, Quarantined, [8af14d41b4d62610646c4f0eec191be5], 
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\manifest.json, Quarantined, [8af14d41b4d62610646c4f0eec191be5], 
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\sYAZ.js, Quarantined, [8af14d41b4d62610646c4f0eec191be5], 
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\lsdb.js, Quarantined, [5724820c107adc5a2ea2b0ad43c2a55b], 
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\background.html, Quarantined, [5724820c107adc5a2ea2b0ad43c2a55b], 
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\content.js, Quarantined, [5724820c107adc5a2ea2b0ad43c2a55b], 
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\manifest.json, Quarantined, [5724820c107adc5a2ea2b0ad43c2a55b], 
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\sYAZ.js, Quarantined, [5724820c107adc5a2ea2b0ad43c2a55b], 
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\lsdb.js, Quarantined, [dba0d1bd61291521def2015cba4bb54b], 
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\background.html, Quarantined, [dba0d1bd61291521def2015cba4bb54b], 
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\content.js, Quarantined, [dba0d1bd61291521def2015cba4bb54b], 
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\manifest.json, Quarantined, [dba0d1bd61291521def2015cba4bb54b], 
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\215\sYAZ.js, Quarantined, [dba0d1bd61291521def2015cba4bb54b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.


In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

#7
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

i tried to do both scan but that junkware one just keeps giving me a message right at the begining of the scan that say reg is not recongized as an internal or external command, operable program or batch file creating a registry back then is just shuts down here is the log from adw

 

 

 

 

# AdwCleaner v4.203 - Logfile created 01/05/2015 at 22:58:07
# Updated 30/04/2015 by Xplode
# Database : 2015-04-30.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : John - JOHN
# Running from : C:\Users\John\Desktop\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\KingSoft
Folder Deleted : C:\Program Files (x86)\KingSoft
Folder Deleted : C:\Users\John\AppData\Local\KingSoft
Folder Deleted : C:\Users\John\AppData\Roaming\KingSoft
File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\354bdd65-a5c9-0058-efea-ba72db12bb31
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EFEE0228DC83E77358593193D847A0EC
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EFEE0228DC83E77358593193D847A0EC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v
 
[0\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtCtAzyyEtAyCyD0E0C0CtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyD0E0E0CtAtB0FtGtA0FzyyEtGzy0DtBtAtGtBtA0BtCtGtA0Ezy0E0C0ByEyDyEtDtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtC0ByEyByB0C0CtGyDtCyD0FtGyD0EtCyEtG0D0AyCtBtGyC0D0AzyyE0EzytC0FtB0C0B2Q&cr=1561541677&ir=
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M2856CDC0-2B00-4BF4-A903-E6873386CF77&SearchSource=58&CUI=&UM=6&UP=SPF1721CB3-2148-4470-9A57-0697745FF571&q={searchTerms}&SSPV=
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.coolsearches.info/?l=1&q={searchTerms}&pid=20495&r=2015/04/06&hid=13153826020603066295&lg=EN&cc=CA&unqvl=85
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.toshiba.ca/welcome/?w=30", "hxxp://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN26328059281073730&UM=2
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [7601 bytes] - [05/01/2015 20:12:16]
AdwCleaner[R1].txt - [2139 bytes] - [05/01/2015 22:54:34]
AdwCleaner[R2].txt - [11171 bytes] - [01/05/2015 22:54:21]
AdwCleaner[S0].txt - [9162 bytes] - [05/01/2015 20:15:43]
AdwCleaner[S1].txt - [2208 bytes] - [06/01/2015 00:05:15]
AdwCleaner[S2].txt - [4659 bytes] - [01/05/2015 22:58:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4718  bytes] ##########

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

1.Close all Chrome windows and tabs.
2.Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
3.Click Programs and Features.
4.Double-click Google Chrome.
5.Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.

If you have Bookmarks that you want to save, you want to do that first.

Export / Import Bookmarks. https://support.goog...wer/96816?hl=en

Then reinstall Chrome from here-->http://www.google.com/chrome/

Let me know how things are after this.
  • 0

#9
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

thank you so much for all of your help i followed your instructions now i can surf the web in peace without having pop ups redirctes and ads thank you so much


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
OK.

That's fine but we have a bit more to cover to make sure things are ok. You can delete the other logs on the desktop to avoid confusion.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.


  • 0

#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP