[AdamIsAdam]

Help! My 11 year old got a new laptop while I was away. By the time I got home he already is so infected with Malware that I can barely get this topic started! I know the folks here will be able to get him clean and set up for a long, malware free future.

When using Chrome to browse, every time I click I get a new tab of ads as well as constant pop-up ads.

I downloaded and ran the scan tool as instructed Here are the two logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by adami_000 (administrator) on MAXROSENFELD on 14-05-2015 17:15:43
Running from C:\Users\adami_000\Desktop
Loaded Profiles: adami_000 (Available profiles: adami_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Toshiba\TOSHIBA System Driver\TOSTABSYSSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Pokki) C:\Users\adami_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Super PC Tools Ltd) C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}\hqghumeaylnlf.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Pokki) C:\Users\adami_000\AppData\Local\Pokki\Engine\HostAppService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\PluginContainer.exe
() C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\plugins\4\Plugin.exe
() C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\plugins\3\Plugin.exe
() C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\plugins\5\Plugin.exe
() C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\plugins\3\Plugin.exe
() C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\plugins\2\Plugin.exe
() C:\Program Files (x86)\Common Files\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\updater.exe
() C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\plugins\8\Plugin.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [517536 2014-04-06] (TOSHIBA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\...\RunOnce: [Application Restart #4] => C:\Users\adami_000\AppData\Local\Pokki\Engine\HostAppService.exe [7853056 2015-05-05] (Pokki)
HKU\S-1-5-18\...\Run: [] => [X]
AppInit_DLLs-x32: c:\progra~2\amazon\amazon~1\amazon~3.dll => c:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-05-23] (Amazon Inc.)
Startup: C:\Users\adami_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-20]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}\hqghumeaylnlf.exe (Super PC Tools Ltd)
Startup: C:\Users\adami_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....q={searchTerms}
SearchScopes: HKLM -> DefaultScope {105EC9BF-C5FC-429A-80DA-B7D7AAFD3C20} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {105EC9BF-C5FC-429A-80DA-B7D7AAFD3C20} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://us.yhs4.searc...5_17&os=Windows8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1190642625-1873434813-491721638-1001 -> DefaultScope {0C181DD7-EC66-11E4-826C-D61CB079928F} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1190642625-1873434813-491721638-1001 -> {0C181DD7-EC66-11E4-826C-D61CB079928F} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1190642625-1873434813-491721638-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
BHO: roCckietsalle -> {30869705-DAFB-4A89-9932-C459F4447A83} -> C:\Program Files (x86)\roCckietsalle\I9dCTYV0j2bHxe.x64.dll [2015-05-13] ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-21] (Microsoft Corporation)
BHO: dailypriize -> {6FE5178B-B276-4B67-B9B9-9A0FD6113F5C} -> C:\Program Files (x86)\dailypriize\riOroizAPbt8Tk.x64.dll [2015-05-13] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-21] (Microsoft Corporation)
BHO-x32: roCckietsalle -> {30869705-DAFB-4A89-9932-C459F4447A83} -> C:\Program Files (x86)\roCckietsalle\I9dCTYV0j2bHxe.dll [2015-05-13] ()
BHO-x32: dailypriize -> {6FE5178B-B276-4B67-B9B9-9A0FD6113F5C} -> C:\Program Files (x86)\dailypriize\riOroizAPbt8Tk.dll [2015-05-13] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation)
BHO-x32: browse pulse -> {ed8e593d-1965-4e45-9d55-d56162dcde14} -> C:\Program Files (x86)\browse pulse\Extensions\ed8e593d-1965-4e45-9d55-d56162dcde14.dll [2015-04-20] ()
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-21] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2014-12-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-12-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbc_15_17&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyE0C0B0ByDzzyC0FtB0FyBtByDzz0AyBtN0D0Tzu0StCtBtDyDtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCtDtD0Ezy0CzzyBtG0FtByByEtG0A0A0ByBtG0C0AyBzytGyDtDyE0F0E0BtC0CtCyByC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyE0F0CtB0ByDyCtGtA0F0E0CtGyEyDtD0AtG0ByDtC0DtG0F0CtCzytDyB0B0E0EyCtB0A2QtN0A0LzuyE%26cr%3D426752944%26a%3Dwny_ggbc_15_17%26os%3DWindows 8.1
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbc_15_17&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyE0C0B0ByDzzyC0FtB0FyBtByDzz0AyBtN0D0Tzu0StCtBtDyDtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCtDtD0Ezy0CzzyBtG0FtByByEtG0A0A0ByBtG0C0AyBzytGyDtDyE0F0E0BtC0CtCyByC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyE0F0CtB0ByDyCtGtA0F0E0CtGyEyDtD0AtG0ByDtC0DtG0F0CtCzytDyB0B0E0EyCtB0A2QtN0A0LzuyE%26cr%3D426752944%26a%3Dwny_ggbc_15_17%26os%3DWindows 8.1"
CHR DefaultSearchKeyword: Default -> homepage-web.com
CHR DefaultSearchURL: Default -> http://search.homepa...q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19]
CHR Extension: (Google Search) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19]
CHR Extension: (SiteAdvisor) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-04-19]
CHR Extension: (IMG inspector) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpogobkggapdhmfnamfnhmchcbmehokb [2015-05-13]
CHR Extension: (browse pulse) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohaifmlpecbkpanlpandmagoinoogjn [2015-04-30]
CHR Extension: (Gmail) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 580a4029; c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll [2431488 2015-05-12] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe [121856 2014-07-15] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21816 2014-08-26] ()
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-17] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
R2 Service Mgr browsepulse; C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\PluginContainer.exe [556304 2015-05-14] ()
R2 TOSTABSYSSVC; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe [34680 2014-08-01] ()
R2 Update Mgr browsepulse; C:\Program Files (x86)\Common Files\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\updater.exe [478992 2015-05-14] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 McODS; "C:\ProgramData\McAfee\Update\Installs\pkg_default\Download_Files\default\vso\vso_li_cat\%VSINSTALL_DIR64%\mcods.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [70104 2013-07-08] (ASIX Electronics Corp.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-09-05] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3560664 2014-09-04] (Realtek Semiconductor Corporation )
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [27136 2014-03-24] (Windows ® Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 17:15 - 2015-05-14 17:16 - 00023618 _____ () C:\Users\adami_000\Desktop\FRST.txt
2015-05-14 17:07 - 2015-05-14 17:14 - 00024471 _____ () C:\Users\adami_000\Downloads\FRST.txt
2015-05-14 17:06 - 2015-05-14 17:16 - 00000000 ____D () C:\FRST
2015-05-14 17:05 - 2015-05-14 17:06 - 02106368 _____ (Farbar) C:\Users\adami_000\Desktop\FRST64.exe
2015-05-14 17:04 - 2015-05-14 17:04 - 01145856 _____ (Farbar) C:\Users\adami_000\Downloads\FRST.exe
2015-05-13 17:37 - 2015-05-13 17:37 - 02875575 _____ () C:\Users\adami_000\Desktop\max_rosenfeld_9R.pptx
2015-05-13 14:48 - 2015-05-13 14:48 - 00005632 ___SH () C:\Users\adami_000\Desktop\Thumbs.db
2015-05-13 14:04 - 2015-05-13 14:04 - 00000000 ____D () C:\Program Files (x86)\IMG inspector
2015-05-13 14:03 - 2015-05-13 14:04 - 00000000 ____D () C:\Program Files (x86)\roCckietsalle
2015-05-13 14:03 - 2015-05-13 14:03 - 00000000 ____D () C:\Program Files (x86)\dailypriize
2015-05-13 14:03 - 2015-05-13 14:03 - 00000000 ____D () C:\Program Files (x86)\coOlnecheaap
2015-05-13 13:53 - 2015-05-13 13:53 - 00604894 _____ () C:\Users\adami_000\Documents\14-year-old girl killed after planned videotaped fight - CNN.com.html
2015-05-13 13:53 - 2015-05-13 13:53 - 00000000 ____D () C:\Users\adami_000\Documents\14-year-old girl killed after planned videotaped fight - CNN.com_files
2015-05-13 04:29 - 2015-05-13 04:29 - 00447542 _____ () C:\Users\adami_000\Downloads\max_rosenfeld_9R (3).pptx
2015-05-13 04:25 - 2015-05-13 04:25 - 00447542 _____ () C:\Users\adami_000\Downloads\max_rosenfeld_9R (2).pptx
2015-05-12 17:15 - 2015-05-12 17:17 - 00000000 ____D () C:\Users\adami_000\Desktop\Building Homes of Our Own
2015-05-12 16:27 - 2015-05-12 16:27 - 00000424 _____ () C:\Users\adami_000\Desktop\This PC.lnk
2015-05-12 14:51 - 2015-05-12 14:51 - 00000000 ____D () C:\Users\adami_000\AppData\Local\IsolatedStorage
2015-05-12 13:58 - 2015-05-12 13:58 - 00000000 ____D () C:\Program Files (x86)\IncrementInstance
2015-05-12 13:56 - 2015-05-12 13:58 - 00000000 ____D () C:\ProgramData\db17de9200004904
2015-05-12 13:28 - 2015-05-12 13:28 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2015-05-11 17:31 - 2015-05-11 17:31 - 00000000 ____D () C:\Users\adami_000\Desktop\mp3
2015-05-11 17:13 - 2015-05-11 17:13 - 00000000 ____D () C:\Program Files (x86)\Paste Lorem ipsum
2015-05-11 17:12 - 2015-05-13 15:53 - 00000000 ____D () C:\Program Files (x86)\bRowseandshop
2015-05-11 17:12 - 2015-05-13 15:52 - 00000000 ____D () C:\Program Files (x86)\OOfferapp
2015-05-11 17:12 - 2015-05-11 17:12 - 00000000 ____D () C:\Program Files (x86)\oFferaPop
2015-05-11 16:24 - 2015-05-11 16:24 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchApp
2015-05-11 15:44 - 2015-05-14 16:28 - 00005004 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MAXROSENFELD-adami_000 MaxRosenfeld
2015-05-11 15:29 - 2015-05-11 15:30 - 00074917 _____ () C:\Users\adami_000\Downloads\shrinking_cars_current_events.pptx
2015-05-10 17:15 - 2015-05-10 17:15 - 00000000 ____D () C:\Users\adami_000\Documents\under water walking
2015-05-10 17:15 - 2015-05-10 17:15 - 00000000 ____D () C:\Users\adami_000\Documents\tek it
2015-05-10 17:15 - 2015-05-10 17:15 - 00000000 ____D () C:\Users\adami_000\Documents\technology
2015-05-10 17:15 - 2015-05-10 17:15 - 00000000 ____D () C:\Users\adami_000\Documents\spanish
2015-05-10 17:15 - 2015-05-10 17:15 - 00000000 ____D () C:\Users\adami_000\Documents\other computer files
2015-05-10 17:15 - 2015-04-21 17:16 - 00009568 _____ () C:\Users\adami_000\Documents\kayak fundraiser.xlsx
2015-05-10 17:15 - 2015-04-20 12:49 - 00001886 _____ () C:\Users\adami_000\Documents\MyPC Backup.lnk
2015-05-10 17:14 - 2015-05-10 17:15 - 00000000 ____D () C:\Users\adami_000\Documents\kindle
2015-05-10 17:14 - 2015-05-10 17:14 - 00000000 ____D () C:\Users\adami_000\Documents\100PHOTO
2015-05-10 17:14 - 2015-05-06 14:40 - 00791853 _____ () C:\Users\adami_000\Documents\stuff.zip
2015-05-10 17:14 - 2015-05-01 15:00 - 00000000 ____D () C:\Users\adami_000\Documents\english
2015-05-05 18:36 - 2015-05-05 18:36 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-05 18:12 - 2015-05-05 18:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-05 18:11 - 2015-05-05 18:36 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-05 18:11 - 2015-05-05 18:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-05 16:38 - 2015-03-03 06:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-05 16:33 - 2015-05-05 16:33 - 00000000 ___HD () C:\kleaner.tmp
2015-05-05 16:28 - 2015-05-05 16:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-05-02 10:42 - 2015-05-02 10:42 - 00073593 _____ () C:\Users\adami_000\Downloads\Introduction_Directions.pptx
2015-05-01 18:42 - 2015-05-01 18:42 - 00002807 _____ () C:\Users\adami_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNN.lnk
2015-05-01 15:01 - 2015-05-13 17:38 - 00000000 ____D () C:\Users\adami_000\Desktop\technology
2015-05-01 15:00 - 2015-05-13 04:28 - 00000000 ____D () C:\Users\adami_000\Desktop\spanish
2015-05-01 15:00 - 2015-05-12 15:42 - 00000000 ____D () C:\Users\adami_000\Desktop\english
2015-05-01 14:59 - 2015-05-13 04:27 - 01185887 _____ () C:\Users\adami_000\Desktop\stuff.zip
2015-05-01 14:29 - 2015-05-01 14:29 - 00446714 _____ () C:\Users\adami_000\Downloads\max_rosenfeld_9R (1).pptx
2015-05-01 14:23 - 2015-05-01 14:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-01 14:23 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 16:58 - 2014-10-28 20:59 - 00014144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2015-04-30 16:58 - 2014-10-28 20:58 - 00014528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2015-04-30 16:58 - 2014-10-28 18:01 - 00843776 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2015-04-30 16:58 - 2014-10-28 18:00 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-04-30 16:58 - 2014-10-28 17:50 - 12749824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-04-30 16:58 - 2014-10-28 17:46 - 09530368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2015-04-30 16:58 - 2014-10-28 17:45 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-30 16:58 - 2014-10-28 17:39 - 02814464 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-04-30 16:58 - 2014-10-28 17:34 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-30 16:58 - 2014-10-08 02:24 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-04-30 16:58 - 2014-09-26 21:59 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-04-30 16:58 - 2014-09-24 20:42 - 00373568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-04-30 16:57 - 2014-10-28 20:52 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-30 16:57 - 2014-10-28 19:08 - 18822656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-04-30 16:57 - 2014-10-28 18:33 - 15157760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-04-30 16:57 - 2014-10-28 18:02 - 14354944 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-04-30 16:57 - 2014-10-28 17:52 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-30 16:57 - 2014-10-28 17:52 - 01275904 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-04-30 16:57 - 2014-10-28 17:37 - 06386176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2015-04-30 16:55 - 2014-10-28 17:45 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-30 16:53 - 2014-10-28 20:59 - 03460472 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2015-04-30 16:53 - 2014-10-28 19:19 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-30 16:53 - 2014-10-28 18:43 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2015-04-30 16:53 - 2014-10-28 18:16 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2015-04-30 16:53 - 2014-10-28 17:58 - 00926208 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-04-30 16:53 - 2014-10-28 17:54 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-04-30 16:53 - 2014-10-28 17:38 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-30 16:53 - 2014-10-28 17:33 - 06213632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-30 16:53 - 2014-10-06 23:45 - 03307112 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-30 16:52 - 2014-10-28 20:59 - 02529856 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-04-30 16:52 - 2014-10-28 20:52 - 02334080 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-04-30 16:52 - 2014-10-28 19:29 - 04483072 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2015-04-30 16:52 - 2014-10-28 18:45 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-30 16:52 - 2014-10-28 18:45 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\rdpinput.exe
2015-04-30 16:52 - 2014-10-28 18:40 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2015-04-30 16:52 - 2014-10-28 18:35 - 04709888 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-04-30 16:52 - 2014-10-28 18:28 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-04-30 16:52 - 2014-10-28 18:22 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-04-30 16:52 - 2014-10-28 17:43 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-04-30 16:52 - 2014-10-06 20:44 - 02890296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-30 16:51 - 2014-10-28 20:57 - 03138720 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2015-04-30 16:51 - 2014-10-28 20:57 - 01286048 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2015-04-30 16:51 - 2014-10-28 20:13 - 01901240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-04-30 16:51 - 2014-10-28 20:11 - 02689392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2015-04-30 16:51 - 2014-10-28 20:07 - 02324208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-04-30 16:51 - 2014-10-28 19:59 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-04-30 16:51 - 2014-10-28 19:24 - 04418560 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-04-30 16:51 - 2014-10-28 18:56 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2015-04-30 16:51 - 2014-10-28 18:51 - 00941056 _____ (Microsoft Corporation) C:\Windows\system32\XpsFilt.dll
2015-04-30 16:51 - 2014-10-28 18:39 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-04-30 16:51 - 2014-10-28 18:38 - 04690432 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2015-04-30 16:51 - 2014-10-28 18:26 - 03561984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2015-04-30 16:51 - 2014-10-28 18:24 - 02464768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-04-30 16:51 - 2014-10-28 18:12 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-04-30 16:51 - 2014-10-28 18:08 - 02608640 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-04-30 16:51 - 2014-10-28 18:08 - 02542080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-04-30 16:51 - 2014-10-28 18:05 - 03273216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-04-30 16:51 - 2014-10-28 18:03 - 04067840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-04-30 16:51 - 2014-10-28 17:52 - 02554880 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-04-30 16:51 - 2014-10-28 17:48 - 03056128 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2015-04-30 16:51 - 2014-10-28 17:42 - 01922560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-04-30 16:50 - 2014-10-28 21:00 - 02314952 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-04-30 16:50 - 2014-10-28 21:00 - 02229168 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2015-04-30 16:50 - 2014-10-28 20:57 - 03118096 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2015-04-30 16:50 - 2014-10-28 20:57 - 02745160 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-04-30 16:50 - 2014-10-28 20:55 - 02174976 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2015-04-30 16:50 - 2014-10-28 20:55 - 01660528 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-04-30 16:50 - 2014-10-28 20:52 - 01518504 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2015-04-30 16:50 - 2014-10-28 20:52 - 01509688 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-04-30 16:50 - 2014-10-28 20:51 - 01310912 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-30 16:50 - 2014-10-28 20:12 - 01907384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2015-04-30 16:50 - 2014-10-28 20:11 - 02528760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-04-30 16:50 - 2014-10-28 20:11 - 01024200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2015-04-30 16:50 - 2014-10-28 20:10 - 01564464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2015-04-30 16:50 - 2014-10-28 19:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-04-30 16:50 - 2014-10-28 18:57 - 02924032 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2015-04-30 16:50 - 2014-10-28 18:47 - 02072064 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2015-04-30 16:50 - 2014-10-28 18:44 - 02984448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-04-30 16:50 - 2014-10-28 18:42 - 01999872 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-04-30 16:50 - 2014-10-28 18:35 - 03256320 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-04-30 16:50 - 2014-10-28 18:31 - 02941952 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2015-04-30 16:50 - 2014-10-28 18:15 - 02259456 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-30 16:50 - 2014-10-28 18:10 - 02344960 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-30 16:50 - 2014-10-28 18:08 - 02174976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-04-30 16:50 - 2014-10-28 18:08 - 01822720 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2015-04-30 16:50 - 2014-10-28 17:54 - 01945600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-30 16:50 - 2014-10-28 17:52 - 02170368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-04-30 16:50 - 2014-10-28 17:51 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-30 16:50 - 2014-10-28 17:46 - 01919488 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-04-30 16:50 - 2014-10-28 17:46 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-04-30 16:50 - 2014-10-28 17:35 - 01668096 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2015-04-30 16:49 - 2014-10-28 21:10 - 01816008 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2015-04-30 16:49 - 2014-10-28 20:57 - 02450216 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2015-04-30 16:49 - 2014-10-28 20:55 - 01543768 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-04-30 16:49 - 2014-10-28 20:52 - 01288096 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2015-04-30 16:49 - 2014-10-28 20:52 - 01165744 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2015-04-30 16:49 - 2014-10-28 20:52 - 00952384 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-04-30 16:49 - 2014-10-28 20:12 - 01946144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-04-30 16:49 - 2014-10-28 20:11 - 02447104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2015-04-30 16:49 - 2014-10-28 20:10 - 01209624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-04-30 16:49 - 2014-10-28 20:07 - 01321192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2015-04-30 16:49 - 2014-10-28 19:25 - 00785920 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-30 16:49 - 2014-10-28 19:17 - 02003456 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2015-04-30 16:49 - 2014-10-28 19:00 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-04-30 16:49 - 2014-10-28 18:55 - 01697280 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-30 16:49 - 2014-10-28 18:53 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-30 16:49 - 2014-10-28 18:24 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2015-04-30 16:49 - 2014-10-28 18:23 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-30 16:49 - 2014-10-28 18:22 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2015-04-30 16:49 - 2014-10-28 18:22 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-04-30 16:49 - 2014-10-28 18:21 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-04-30 16:49 - 2014-10-28 18:18 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-04-30 16:49 - 2014-10-28 18:17 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2015-04-30 16:49 - 2014-10-28 18:14 - 03553280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2015-04-30 16:49 - 2014-10-28 18:11 - 01639424 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2015-04-30 16:49 - 2014-10-28 18:10 - 02469888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-04-30 16:49 - 2014-10-28 18:03 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2015-04-30 16:49 - 2014-10-28 17:59 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-04-30 16:49 - 2014-10-28 17:52 - 01461248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dui70.dll
2015-04-30 16:49 - 2014-10-28 17:50 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2015-04-30 16:49 - 2014-10-28 17:45 - 01725952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-04-30 16:49 - 2014-10-28 17:42 - 01221120 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2015-04-30 16:49 - 2014-10-28 17:39 - 01000448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-04-30 16:49 - 2014-10-28 17:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-04-30 16:49 - 2014-10-15 01:32 - 02025792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-04-30 16:48 - 2014-10-28 21:00 - 01385216 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-30 16:48 - 2014-10-28 20:57 - 01576312 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2015-04-30 16:48 - 2014-10-28 20:55 - 01133200 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-30 16:48 - 2014-10-28 20:52 - 01064720 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-30 16:48 - 2014-10-28 20:52 - 00988544 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2015-04-30 16:48 - 2014-10-28 20:52 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-30 16:48 - 2014-10-28 20:52 - 00850656 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2015-04-30 16:48 - 2014-10-28 20:52 - 00821696 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-04-30 16:48 - 2014-10-28 20:18 - 00016504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psapi.dll
2015-04-30 16:48 - 2014-10-28 20:10 - 01178104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2015-04-30 16:48 - 2014-10-28 20:07 - 01115104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2015-04-30 16:48 - 2014-10-28 20:07 - 00959112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2015-04-30 16:48 - 2014-10-28 20:07 - 00857384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2015-04-30 16:48 - 2014-10-28 20:07 - 00785568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-04-30 16:48 - 2014-10-28 20:05 - 00890128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-30 16:48 - 2014-10-28 19:50 - 01192960 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-04-30 16:48 - 2014-10-28 19:31 - 00971264 _____ (Microsoft Corporation) C:\Windows\system32\sqlceqp40.dll
2015-04-30 16:48 - 2014-10-28 19:28 - 01502208 _____ (Microsoft Corporation) C:\Windows\system32\xpssvcs.dll
2015-04-30 16:48 - 2014-10-28 19:08 - 01540096 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2015-04-30 16:48 - 2014-10-28 18:56 - 01526784 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2015-04-30 16:48 - 2014-10-28 18:50 - 01289216 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2015-04-30 16:48 - 2014-10-28 18:48 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-04-30 16:48 - 2014-10-28 18:45 - 00618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-30 16:48 - 2014-10-28 18:43 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2015-04-30 16:48 - 2014-10-28 18:42 - 03724800 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2015-04-30 16:48 - 2014-10-28 18:37 - 01563136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2015-04-30 16:48 - 2014-10-28 18:34 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-30 16:48 - 2014-10-28 18:33 - 01056768 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2015-04-30 16:48 - 2014-10-28 18:32 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2015-04-30 16:48 - 2014-10-28 18:32 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-04-30 16:48 - 2014-10-28 18:25 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-04-30 16:48 - 2014-10-28 18:25 - 01534464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2015-04-30 16:48 - 2014-10-28 18:21 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-30 16:48 - 2014-10-28 18:20 - 01492480 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-04-30 16:48 - 2014-10-28 18:19 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2015-04-30 16:48 - 2014-10-28 18:17 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2015-04-30 16:48 - 2014-10-28 18:16 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-04-30 16:48 - 2014-10-28 18:09 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2015-04-30 16:48 - 2014-10-28 18:08 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-04-30 16:48 - 2014-10-28 18:06 - 00747520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2015-04-30 16:48 - 2014-10-28 18:03 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2015-04-30 16:48 - 2014-10-28 18:03 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2015-04-30 16:48 - 2014-10-28 18:01 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2015-04-30 16:48 - 2014-10-28 18:00 - 01705984 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-04-30 16:48 - 2014-10-28 17:59 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-04-30 16:48 - 2014-10-28 17:59 - 01021440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-04-30 16:48 - 2014-10-28 17:56 - 01337344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-04-30 16:48 - 2014-10-28 17:56 - 01248256 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2015-04-30 16:48 - 2014-10-28 17:56 - 01028608 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-04-30 16:48 - 2014-10-28 17:56 - 01001984 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2015-04-30 16:48 - 2014-10-28 17:47 - 02090496 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-04-30 16:48 - 2014-10-28 17:45 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-04-30 16:48 - 2014-10-28 17:41 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2015-04-30 16:48 - 2014-10-28 17:41 - 01317376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2015-04-30 16:48 - 2014-10-28 17:40 - 02104832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2015-04-30 16:48 - 2014-10-28 17:36 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2015-04-30 16:48 - 2014-10-28 17:33 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2015-04-30 16:47 - 2014-10-28 21:09 - 01950280 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2015-04-30 16:47 - 2014-10-28 21:09 - 01239576 _____ (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
2015-04-30 16:47 - 2014-10-28 21:00 - 01540696 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-04-30 16:47 - 2014-10-28 21:00 - 00740664 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-04-30 16:47 - 2014-10-28 20:57 - 01552704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-30 16:47 - 2014-10-28 20:57 - 01210176 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2015-04-30 16:47 - 2014-10-28 20:57 - 00643064 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-04-30 16:47 - 2014-10-28 20:55 - 01063432 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2015-04-30 16:47 - 2014-10-28 20:55 - 00730824 _____ (Microsoft Corporation) C:\Windows\system32\clbcatq.dll
2015-04-30 16:47 - 2014-10-28 20:52 - 00734448 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-30 16:47 - 2014-10-28 20:52 - 00634768 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-30 16:47 - 2014-10-28 20:52 - 00580024 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2015-04-30 16:47 - 2014-10-28 20:18 - 01782912 _____ (M
...

[Advertisements]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!



This is onla a part of the first logfile. There should be two of them: FRST.txt and Addition.txt (both located on the desktop). Can you post them both and completed?

[Naathim]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!



This is onla a part of the first logfile. There should be two of them: FRST.txt and Addition.txt (both located on the desktop). Can you post them both and completed?

[AdamIsAdam]

Hey Naat,

Thanks for your help!  I must start off by saying I'm having very odd problems even posting.  So much so that I copied the text from the two log files and emailed them to myself on a different computer.  I posted them both completely in a reply, and the reply is hung up after I hit "post".  On the lower right of the post window, it says "saving post..."   and has been hung up there for a about 5 minutes.

 

I'll try and post the log files separately.  Strange as it sounds, the first file seems to be so large that it's causing problems.

 

Adam

 

EDIT:  Finally got this error message 10 minutes later (posting from different PC):

Fatal error: Maximum execution time of 30 seconds exceeded in /home/geeks/public_html/forum/ips_kernel/HTMLPurifier/HTMLPurifier/Strategy/MakeWellFormed.php on line 493

 

EDIT 2:

Ok, I know this is totally unconventional, but I'm desperate.  I posted the two log files on my public DropBox folder. Here are the links:

https://dl.dropboxus...8/firstfile.txt

 

https://dl.dropboxusercontent.com/u/11192078/secondfile.txt 

 

The second file seems to not be able to open for some reason via this link.  But it's there when I view it on my dropbox.  This is really weird.  I promise, I'm not incompetent.  These are very odd issues!

 

Try this one. I had to save it in Unicode because in ANSI it was giving me an error message about coding in the file that won't be saved right.  This is in notepad when I pasted the text into a new Notepad file.

https://dl.dropboxus...secondfile2.txt

Edited by AdamIsAdam, 15 May 2015 - 05:30 AM.

[AdamIsAdam]

Argh! I cannot post here without the forum timing out.  So, if the above DropBox doesn't work, I combined the info from both log files into one .txt file and will attach it here.

 

Note that the second log file won't save in the default setting without an error message about coding, so I also saved it in UNICODE.  I'm attaching both versions here. 

Attached Files

•  Combined log files UNICODE.txt   1.06MB   312 downloads
•  Combined log files.txt   544.67KB   174 downloads

[Essexboy]

Hi, Naat tenders his apologies as he was unexpectedly called away. If you have no objections I will take over

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome do this via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

NEXT

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Startup: C:\Users\adami_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-20]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}\hqghumeaylnlf.exe (Super PC Tools Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: roCckietsalle -> {30869705-DAFB-4A89-9932-C459F4447A83} -> C:\Program Files (x86)\roCckietsalle\I9dCTYV0j2bHxe.x64.dll [2015-05-13] ()
BHO: dailypriize -> {6FE5178B-B276-4B67-B9B9-9A0FD6113F5C} -> C:\Program Files (x86)\dailypriize\riOroizAPbt8Tk.x64.dll [2015-05-13] ()
BHO-x32: roCckietsalle -> {30869705-DAFB-4A89-9932-C459F4447A83} -> C:\Program Files (x86)\roCckietsalle\I9dCTYV0j2bHxe.dll [2015-05-13] ()
BHO-x32: dailypriize -> {6FE5178B-B276-4B67-B9B9-9A0FD6113F5C} -> C:\Program Files (x86)\dailypriize\riOroizAPbt8Tk.dll [2015-05-13] ()
BHO-x32: browse pulse -> {ed8e593d-1965-4e45-9d55-d56162dcde14} -> C:\Program Files (x86)\browse pulse\Extensions\ed8e593d-1965-4e45-9d55-d56162dcde14.dll [2015-04-20] ()
R2 580a4029; c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll [2431488 2015-05-12] () [File not signed]
R2 Service Mgr browsepulse; C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\PluginContainer.exe [556304 2015-05-14] ()
R2 Update Mgr browsepulse; C:\Program Files (x86)\Common Files\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\updater.exe [478992 2015-05-14] ()
2015-05-13 14:04 - 2015-05-13 14:04 - 00000000 ____D () C:\Program Files (x86)\IMG inspector
2015-05-13 14:03 - 2015-05-13 14:04 - 00000000 ____D () C:\Program Files (x86)\roCckietsalle
2015-05-13 14:03 - 2015-05-13 14:03 - 00000000 ____D () C:\Program Files (x86)\dailypriize
2015-05-13 14:03 - 2015-05-13 14:03 - 00000000 ____D () C:\Program Files (x86)\coOlnecheaap
2015-05-12 13:58 - 2015-05-12 13:58 - 00000000 ____D () C:\Program Files (x86)\IncrementInstance
2015-05-12 13:56 - 2015-05-12 13:58 - 00000000 ____D () C:\ProgramData\db17de9200004904
2015-05-12 13:28 - 2015-05-12 13:28 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2015-05-11 17:13 - 2015-05-11 17:13 - 00000000 ____D () C:\Program Files (x86)\Paste Lorem ipsum
2015-05-11 17:12 - 2015-05-13 15:53 - 00000000 ____D () C:\Program Files (x86)\bRowseandshop
2015-05-11 17:12 - 2015-05-13 15:52 - 00000000 ____D () C:\Program Files (x86)\OOfferapp
2015-05-11 17:12 - 2015-05-11 17:12 - 00000000 ____D () C:\Program Files (x86)\oFferaPop
2015-05-10 17:15 - 2015-04-20 12:49 - 00001886 _____ () C:\Users\adami_000\Documents\MyPC Backup.lnk
2015-04-20 12:50 - 2015-04-20 12:50 - 00000000 ____D () C:\Users\adami_000\AppData\Roaming\Gameo
2015-04-20 12:49 - 2015-05-14 01:25 - 00000000 ____D () C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15
2015-04-20 12:49 - 2015-04-30 12:34 - 00000000 ____D () C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}
2015-04-20 12:49 - 2015-04-30 12:34 - 00000000 ____D () C:\Program Files (x86)\360
2015-04-20 12:49 - 2015-04-20 12:49 - 00004000 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-20 12:49 - 2015-04-20 12:49 - 00000000 ____D () C:\Program Files (x86)\browse pulse
2015-04-18 16:34 - 2015-04-18 16:34 - 00000000 __SHD () C:\Users\adami_000\AppData\Local\EmieUserList
2015-04-18 16:34 - 2015-04-18 16:34 - 00000000 __SHD () C:\Users\adami_000\AppData\Local\EmieSiteList
2015-04-18 13:28 - 2015-04-18 13:28 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-05-12 13:30 - 2014-12-22 06:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
Task: {06BFF80F-B654-4356-9707-5950563F46CE} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {F5F5999D-9FD8-497A-8564-26739F5392D7} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}
C:\Program Files (x86)\roCckietsalle
C:\Program Files (x86)\dailypriize
C:\Program Files (x86)\browse pulse
c:\Program Files (x86)\IncrementInstance
C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15
C:\Program Files (x86)\Common Files\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15
C:\Program Files (x86)\MyPC Backup
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

[AdamIsAdam]

THANKS for taking over, Essexboy.  I sent Naat a PM about his situation.

 

Anyway, it took a long time but I finally got Chome reinstalled and ran FRST.  I'm posting that log here as I proceed to the AdwCleaner step.

 

The reason this took so long is because something keeps disabling my mouse pad.  after each reboot, I have use off the pad for a few minutes, and then at some point something disables it.  

 

Log...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02

Ran by adami_000 at 2015-05-18 11:57:26 Run:1

Running from C:\Users\adami_000\Desktop

Loaded Profiles: adami_000 (Available profiles: adami_000)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

CreateRestorePoint:

Startup: C:\Users\adami_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-20]

ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}\hqghumeaylnlf.exe (Super PC Tools Ltd)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1190642625-1873434813-491721638-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

BHO: roCckietsalle -> {30869705-DAFB-4A89-9932-C459F4447A83} -> C:\Program Files (x86)\roCckietsalle\I9dCTYV0j2bHxe.x64.dll [2015-05-13] ()

BHO: dailypriize -> {6FE5178B-B276-4B67-B9B9-9A0FD6113F5C} -> C:\Program Files (x86)\dailypriize\riOroizAPbt8Tk.x64.dll [2015-05-13] ()

BHO-x32: roCckietsalle -> {30869705-DAFB-4A89-9932-C459F4447A83} -> C:\Program Files (x86)\roCckietsalle\I9dCTYV0j2bHxe.dll [2015-05-13] ()

BHO-x32: dailypriize -> {6FE5178B-B276-4B67-B9B9-9A0FD6113F5C} -> C:\Program Files (x86)\dailypriize\riOroizAPbt8Tk.dll [2015-05-13] ()

BHO-x32: browse pulse -> {ed8e593d-1965-4e45-9d55-d56162dcde14} -> C:\Program Files (x86)\browse pulse\Extensions\ed8e593d-1965-4e45-9d55-d56162dcde14.dll [2015-04-20] ()

R2 580a4029; c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll [2431488 2015-05-12] () [File not signed]

R2 Service Mgr browsepulse; C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\PluginContainer.exe [556304 2015-05-14] ()

R2 Update Mgr browsepulse; C:\Program Files (x86)\Common Files\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\updater.exe [478992 2015-05-14] ()

2015-05-13 14:04 - 2015-05-13 14:04 - 00000000 ____D () C:\Program Files (x86)\IMG inspector

2015-05-13 14:03 - 2015-05-13 14:04 - 00000000 ____D () C:\Program Files (x86)\roCckietsalle

2015-05-13 14:03 - 2015-05-13 14:03 - 00000000 ____D () C:\Program Files (x86)\dailypriize

2015-05-13 14:03 - 2015-05-13 14:03 - 00000000 ____D () C:\Program Files (x86)\coOlnecheaap

2015-05-12 13:58 - 2015-05-12 13:58 - 00000000 ____D () C:\Program Files (x86)\IncrementInstance

2015-05-12 13:56 - 2015-05-12 13:58 - 00000000 ____D () C:\ProgramData\db17de9200004904

2015-05-12 13:28 - 2015-05-12 13:28 - 00000000 ____D () C:\Program Files (x86)\DriverRestore

2015-05-11 17:13 - 2015-05-11 17:13 - 00000000 ____D () C:\Program Files (x86)\Paste Lorem ipsum

2015-05-11 17:12 - 2015-05-13 15:53 - 00000000 ____D () C:\Program Files (x86)\bRowseandshop

2015-05-11 17:12 - 2015-05-13 15:52 - 00000000 ____D () C:\Program Files (x86)\OOfferapp

2015-05-11 17:12 - 2015-05-11 17:12 - 00000000 ____D () C:\Program Files (x86)\oFferaPop

2015-05-10 17:15 - 2015-04-20 12:49 - 00001886 _____ () C:\Users\adami_000\Documents\MyPC Backup.lnk

2015-04-20 12:50 - 2015-04-20 12:50 - 00000000 ____D () C:\Users\adami_000\AppData\Roaming\Gameo

2015-04-20 12:49 - 2015-05-14 01:25 - 00000000 ____D () C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15

2015-04-20 12:49 - 2015-04-30 12:34 - 00000000 ____D () C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}

2015-04-20 12:49 - 2015-04-30 12:34 - 00000000 ____D () C:\Program Files (x86)\360

2015-04-20 12:49 - 2015-04-20 12:49 - 00004000 _____ () C:\Windows\System32\Tasks\LaunchPreSignup

2015-04-20 12:49 - 2015-04-20 12:49 - 00000000 ____D () C:\Program Files (x86)\browse pulse

2015-04-18 16:34 - 2015-04-18 16:34 - 00000000 __SHD () C:\Users\adami_000\AppData\Local\EmieUserList

2015-04-18 16:34 - 2015-04-18 16:34 - 00000000 __SHD () C:\Users\adami_000\AppData\Local\EmieSiteList

2015-04-18 13:28 - 2015-04-18 13:28 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2015-05-12 13:30 - 2014-12-22 06:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

Task: {06BFF80F-B654-4356-9707-5950563F46CE} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION

Task: {F5F5999D-9FD8-497A-8564-26739F5392D7} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION

C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}

C:\Program Files (x86)\roCckietsalle

C:\Program Files (x86)\dailypriize

C:\Program Files (x86)\browse pulse

c:\Program Files (x86)\IncrementInstance

C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15

C:\Program Files (x86)\Common Files\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15

C:\Program Files (x86)\MyPC Backup

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

 

*****************

 

Restore point was successfully created.

C:\Users\adami_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.

C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}\hqghumeaylnlf.exe => Moved successfully.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-1190642625-1873434813-491721638-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30869705-DAFB-4A89-9932-C459F4447A83}" => Key deleted successfully.

"HKCR\CLSID\{30869705-DAFB-4A89-9932-C459F4447A83}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FE5178B-B276-4B67-B9B9-9A0FD6113F5C}" => Key deleted successfully.

"HKCR\CLSID\{6FE5178B-B276-4B67-B9B9-9A0FD6113F5C}" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30869705-DAFB-4A89-9932-C459F4447A83}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{30869705-DAFB-4A89-9932-C459F4447A83}" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FE5178B-B276-4B67-B9B9-9A0FD6113F5C}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{6FE5178B-B276-4B67-B9B9-9A0FD6113F5C}" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed8e593d-1965-4e45-9d55-d56162dcde14}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{ed8e593d-1965-4e45-9d55-d56162dcde14}" => Key deleted successfully.

580a4029 => Unable to stop service

580a4029 => Service deleted successfully.

Service Mgr browsepulse => Unable to stop service

Service Mgr browsepulse => Service deleted successfully.

Update Mgr browsepulse => Unable to stop service

Update Mgr browsepulse => Service deleted successfully.

C:\Program Files (x86)\IMG inspector => Moved successfully.

C:\Program Files (x86)\roCckietsalle => Moved successfully.

C:\Program Files (x86)\dailypriize => Moved successfully.

C:\Program Files (x86)\coOlnecheaap => Moved successfully.

C:\Program Files (x86)\IncrementInstance => Moved successfully.

C:\ProgramData\db17de9200004904 => Moved successfully.

C:\Program Files (x86)\DriverRestore => Moved successfully.

C:\Program Files (x86)\Paste Lorem ipsum => Moved successfully.

C:\Program Files (x86)\bRowseandshop => Moved successfully.

C:\Program Files (x86)\OOfferapp => Moved successfully.

C:\Program Files (x86)\oFferaPop => Moved successfully.

C:\Users\adami_000\Documents\MyPC Backup.lnk => Moved successfully.

C:\Users\adami_000\AppData\Roaming\Gameo => Moved successfully.

 

"C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15" directory move:

 

Could not move "C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15" directory. => Scheduled to move on reboot.

 

 

"C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}" directory move:

 

Could not move "C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}" directory. => Scheduled to move on reboot.

 

C:\Program Files (x86)\360 => Moved successfully.

C:\Windows\System32\Tasks\LaunchPreSignup => Moved successfully.

C:\Program Files (x86)\browse pulse => Moved successfully.

C:\Users\adami_000\AppData\Local\EmieUserList => Moved successfully.

C:\Users\adami_000\AppData\Local\EmieSiteList => Moved successfully.

C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => Moved successfully.

C:\Windows\SysWOW64\AI_RecycleBin => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06BFF80F-B654-4356-9707-5950563F46CE}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06BFF80F-B654-4356-9707-5950563F46CE}" => Key deleted successfully.

C:\Windows\System32\Tasks\LaunchApp => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5F5999D-9FD8-497A-8564-26739F5392D7}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5F5999D-9FD8-497A-8564-26739F5392D7}" => Key deleted successfully.

C:\Windows\System32\Tasks\LaunchPreSignup not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => Key deleted successfully.

 

"C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}" directory move:

 

Could not move "C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2}" directory. => Scheduled to move on reboot.

 

"C:\Program Files (x86)\roCckietsalle" => File/Directory not found.

"C:\Program Files (x86)\dailypriize" => File/Directory not found.

"C:\Program Files (x86)\browse pulse" => File/Directory not found.

"c:\Program Files (x86)\IncrementInstance" => File/Directory not found.

 

"C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15" directory move:

 

Could not move "C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15" directory. => Scheduled to move on reboot.

 

C:\Program Files (x86)\Common Files\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15 => Moved successfully.

"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.

 

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

ERROR: The system was unable to find the specified registry key or value.

 

 

========= End of Reg: =========

 

 

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-21-1190642625-1873434813-491721638-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\S-1-5-21-1190642625-1873434813-491721638-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

 

 

========= End of RemoveProxy: =========

 

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

Unable to cancel {2C6A5A89-43BE-47C3-A62C-3D98E88993C3}.

Unable to cancel {C845CD11-BFBB-41D9-B045-90F10DF9D625}.

Unable to cancel {83D01383-8291-4995-BD76-E2B558F3C3E9}.

Unable to cancel {80ED814D-9849-408C-96FF-FB36B90F4BD8}.

Unable to cancel {CBF4F0D8-4242-45A2-A657-13C18863EEB0}.

Unable to cancel {A7B1F6FD-515C-4ADA-ACBD-B730AC443C4C}.

Unable to cancel {B0FBFCD7-2FD3-4BC9-A883-E8D257BD8EBD}.

Unable to cancel {D89C6E0B-B5DA-4181-8259-792656447A66}.

Unable to cancel {88967DDE-6306-485F-B134-EDBB4092D4E3}.

Unable to cancel {5D67BC29-3F8A-40E0-9D70-53FD1A05974E}.

Unable to cancel {91A0AA40-E411-4B6E-AC68-68CCEBEF1B95}.

Unable to cancel {F154F78F-355F-485F-AED6-4D9431B01A7B}.

Unable to cancel {F291344C-3431-4142-896C-39E0070DC7A5}.

Unable to cancel {9A2A16DA-3A81-4B8E-A919-9566BE6D860C}.

Unable to cancel {BB6AC0D5-F9BE-4DF0-BEE7-EC91DB300CBC}.

Unable to cancel {5BF449A2-A73F-4886-852E-F6E5295BEA58}.

Unable to cancel {776DC423-5C3D-4B1A-8A5B-0A33644407DE}.

Unable to cancel {A8117B75-BB3B-4398-AB3E-91417DC21DB8}.

Unable to cancel {2A4CF59F-3410-463C-9752-87D362165DDD}.

Unable to cancel {40B49076-378D-411B-82CB-FB291A692E71}.

Unable to cancel {09A6A538-B214-4BAB-9518-88998A90D97E}.

Unable to cancel {D05D487E-4E9B-4F11-BC3B-27463974D116}.

Unable to cancel {C2000ECD-1301-4C2D-9F36-8776F64662A2}.

Unable to cancel {FD2C043A-EAC7-439E-B2E6-F2654EE96247}.

Unable to cancel {0191FCE4-E55C-484A-93A3-6E0413C6B25B}.

Unable to cancel {BDF75D02-456C-49B6-9106-8CB12E76DC85}.

Unable to cancel {88E8AA0E-B960-41AC-9558-48F506BE8915}.

Unable to cancel {B3E12CD9-7E89-4A84-AC2E-B48845A79A59}.

Unable to cancel {3884C797-5AAB-4F58-8363-A1295FECDB05}.

Unable to cancel {EC27EEEC-3CDC-492A-AF35-D4AABDEB2746}.

Unable to cancel {CFAE1E80-96F5-4516-968D-CF8290D6018C}.

Unable to cancel {EAD0894A-9567-42D4-96B5-95E1B3BFC75B}.

Unable to cancel {B9186B08-7462-4DBA-9947-4F5667EB43FC}.

Unable to cancel {11158417-486E-47CF-B6D5-B742E9D61F3D}.

Unable to cancel {3427E821-9852-4A59-94F2-52F1EB1F65F9}.

Unable to cancel {E0628882-2482-435F-9C1F-7010E1E063DA}.

Unable to cancel {ABAAA0D8-8750-4B4A-B4F6-70F849DEE441}.

Unable to cancel {74E56366-294B-42CC-BC46-563010BF37A2}.

Unable to cancel {38FA93BD-4B42-4FD3-9803-198C601066F6}.

Unable to cancel {0F9439CA-51C0-4352-8D97-ADFEB6386FB8}.

Unable to cancel {7010D943-6CB8-4E84-963F-F6C70B93DABC}.

Unable to cancel {27C5AA81-B458-443F-BE31-5729647B2255}.

Unable to cancel {7D4094F8-CCE4-4BAA-8579-E88622477419}.

Unable to cancel {C260412A-EBF1-428F-BFDC-8A516EAF7432}.

Unable to cancel {4F675645-9C35-4C0D-BDAD-CD57ADD8A3A7}.

Unable to cancel {8967BB9B-BB46-4941-89A0-F9BA57109AA0}.

Unable to cancel {470427CF-555B-4EC7-A52E-A96BD7D02B3D}.

Unable to cancel {FED705A2-543A-4968-8806-48C70E0F8597}.

Unable to cancel {6343E484-1FB6-4514-8784-EBF400992D9B}.

Unable to cancel {EA3C94C2-00D3-455C-A739-8E9CAAC741B3}.

Unable to cancel {0BD12149-0A87-490D-871F-7B930404B30E}.

Unable to cancel {5D2D1B1F-0477-46B4-8C08-B32646134FEF}.

Unable to cancel {F8BED220-359B-4083-9DFD-BA8BE1ECBEFA}.

Unable to cancel {7961AACF-32A2-4CBA-AB03-7060B1C92667}.

Unable to cancel {0A2C2A8D-7EC5-42D6-A642-2B92B1CF0B29}.

Unable to cancel {B3D17813-8FF7-4D73-BA13-84C8F22CC652}.

Unable to cancel {8858C913-B84F-445E-BDC3-3A3B729495A2}.

Unable to cancel {CF56521D-DB05-4358-9234-5A8C663930AB}.

Unable to cancel {C065C0BC-CB72-44F9-8F37-2A17DDE69B6A}.

Unable to cancel {012CDCBD-4BB4-4DCB-BAD9-DF95CF2B87D4}.

Unable to cancel {43CF5DF4-C9CD-4A38-B329-CFFDC581B2A2}.

Unable to cancel {31632E7F-CE6A-4F6B-81E2-FCF3FEF23BF9}.

Unable to cancel {01E04587-410F-4C79-8C7D-793CB997F9B8}.

Unable to cancel {9C45A420-F24F-4A06-8BC2-C86CCC26C642}.

Unable to cancel {E5952512-3466-400B-8506-E693678DEF30}.

Unable to cancel {D4968CFE-5618-443B-82E2-64AE892E89AB}.

Unable to cancel {924E29F8-D220-43B9-BB8C-47DF97164A67}.

Unable to cancel {D2566C76-0880-4E8D-9D95-0DF3CBFBB324}.

0 out of 68 jobs canceled.

 

========= End of CMD: =========

 

EmptyTemp: => Removed 800.6 MB temporary data.

 

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-18 12:00:58)<=

 

C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15 => Is moved successfully.

C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2} => Moved successfully.

C:\ProgramData\{c4f23f34-8405-3a0c-c4f2-23f34840fcd2} => Is moved successfully.

C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15 => Is moved successfully.

 

==== End of Fixlog 12:00:58 ====

[AdamIsAdam]

Here is the AdwCleaner log. Please note that I am still losing control of my mouse pad shortly after reboot.

 

# AdwCleaner v4.204 - Logfile created 18/05/2015 at 12:19:04

# Updated 12/05/2015 by Xplode

# Database : 2015-05-12.2 [Local]

# Operating system : Windows 8.1  (x64)

# Username : adami_000 - MAXROSENFELD

# Running from : C:\Users\adami_000\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\pokki

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Optimizer

Folder Deleted : C:\Program Files (x86)\System Optimizer

Folder Deleted : C:\Users\adami_000\AppData\Local\pokki

File Deleted : C:\Users\adami_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki

Key Deleted : HKCU\Software\Classes\Directory\shell\pokki

Key Deleted : HKCU\Software\Classes\Drive\shell\pokki

Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki

Key Deleted : HKLM\SOFTWARE\2e633b19-2203-c8b1-0bc7-abc328bf21b3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{580a4029}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{832008D4-0A5E-4F74-A62E-7284F91F7681}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8E593D-1965-4E45-9D55-D56162DCDE14}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ED8E593D-1965-4E45-9D55-D56162DCDE14}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}

Key Deleted : HKCU\Software\eSupport.com

Key Deleted : HKCU\Software\Pokki

Key Deleted : HKCU\Software\DriverRestore

Key Deleted : HKCU\Software\Super Optimizer

Key Deleted : HKCU\Software\System Optimizer

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\CompeteInc

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKLM\SOFTWARE\browsepulse

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browse pulse

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B750649-0E5A-78CB-A6AE-E2D6E2AD8882}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{144AC25F-D7A7-B233-BFB8-433771ECB92D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D790D3FB-670B-6EF4-3686-4CB69E4ADE96}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Google Chrome v42.0.2311.152

 

[C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [4229 bytes] - [18/05/2015 12:08:37]

AdwCleaner[S0].txt - [4003 bytes] - [18/05/2015 12:19:04]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4062  bytes] ##########

 

[Essexboy]

OK could you run a fresh FRST scan now please.. When the pad stops does it lock totally or just become very slow and erratic ?

[AdamIsAdam]

Once again, I can't paste the contents of that log file so I'm attaching it.  Let me know if this works.  I can't even cut/paste it without the PC hanging up for about 2 minutes.

 

As for the mouse pad, it just goes from normal to not there, as if it was disabled.

Attached Files

•  FRST.txt   503.83KB   174 downloads

Edited by AdamIsAdam, 18 May 2015 - 11:46 AM.

[Essexboy]

We will now remove any remnants and see if we can resolve the touchpad problem

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\...\RunOnce: [Application Restart #4] => C:\Users\adami_000\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable (the data entry has 579 more characters).
HKU\S-1-5-18\...\Run: [] => [X]
AppInit_DLLs-x32: c:\progra~2\amazon\amazon~1\amazon~3.dll => c:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-05-23] (Amazon Inc.)
2015-05-18 12:00 - 2015-05-18 12:00 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-05-18 11:58 - 2015-05-18 11:58 - 00000000 __SHD () C:\Users\adami_000\AppData\Local\EmieUserList
2015-05-18 11:58 - 2015-05-18 11:58 - 00000000 __SHD () C:\Users\adami_000\AppData\Local\EmieSiteList
2015-04-30 16:15 - 2015-05-13 17:04 - 00000000 ____D () C:\ProgramData\13985683913315256963
2015-04-29 20:11 - 2015-04-29 20:12 - 04697768 _____ () C:\Users\adami_000\Downloads\TechnicLauncher.exe
2015-04-29 17:57 - 2015-04-29 17:57 - 00003048 _____ () C:\Windows\System32\Tasks\{1C034622-AC42-44C3-806D-C4B5EA6CBDEC}
2015-04-20 20:08 - 2015-04-20 20:08 - 00000000 ____D () C:\Users\adami_000\AppData\Roaming\1H1Q1V1N1N1S1R
2015-04-20 18:26 - 2015-04-29 17:37 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-04-20 18:26 - 2015-04-29 17:37 - 00000000 __SHD () C:\$360Section
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that
THEN

Please download Malwarebytes Anti-Malware to your desktop

• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• At the end, be sure a check-mark is placed next to the following:
  • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
  • Launch Malwarebytes Anti-Malware
• Then click Finish.
• If an update is found, you will be prompted to download and install the latest version.
• Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
• When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
• Reboot your computer if prompted.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:



1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here


For the touch pad it may need the driver to be re-installed
There are some troubleshooting tips here http://www.mytoshiba...t/items/faq/117

If they do not work then we will locate a driver

[AdamIsAdam]

Battery just died during scan after FRST.  LOL.  I'll finish up tonight.  

[Essexboy]

OK no problem These things are sent to try us

[AdamIsAdam]

Here's the log

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/18/2015

Scan Time: 2:46:18 PM

Logfile: scan log.txt

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.05.18.05

Rootkit Database: v2015.05.16.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: adami_000

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 350909

Time Elapsed: 1 hr, 43 min, 29 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.ConsumerInput.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [b865efa6b9d169cd8158dc7fe81bc040], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 2

PUP.Optional.BrowsePulse.A, C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohaifmlpecbkpanlpandmagoinoogjn\1.0.5595.28183_0, Quarantined, [0419633225658da956b605588c7ada26], 

PUP.Optional.BrowsePulse.A, C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohaifmlpecbkpanlpandmagoinoogjn, Quarantined, [0419633225658da956b605588c7ada26], 

 

Files: 6

PUP.Optional.InstallCore.SID.C, C:\Users\adami_000\Downloads\minecraft-1.8.3-setup.exe, Quarantined, [3ae3e1b4266443f3d0bfa7b5cb3b49b7], 

PUP.Optional.InstallCore.SID.C, C:\Users\adami_000\Downloads\Minecraft.exe, Quarantined, [41dcd8bdfe8cb3831d7696c6fb0b6e92], 

PUP.Optional.BrowsePulse.A, C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohaifmlpecbkpanlpandmagoinoogjn\1.0.5595.28183_0\manifest.json, Quarantined, [0419633225658da956b605588c7ada26], 

PUP.Optional.BrowsePulse.A, C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohaifmlpecbkpanlpandmagoinoogjn\1.0.5595.28183_0\background.js, Quarantined, [0419633225658da956b605588c7ada26], 

PUP.Optional.BrowsePulse.A, C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohaifmlpecbkpanlpandmagoinoogjn\1.0.5595.28183_0\content.js, Quarantined, [0419633225658da956b605588c7ada26], 

PUP.Optional.BrowsePulse.A, C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohaifmlpecbkpanlpandmagoinoogjn\1.0.5595.28183_0\icon.png, Quarantined, [0419633225658da956b605588c7ada26], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

EDIT;  I figured out the mouse pad issue from that FAQ you sent: F5 button turns it back on  Not sure why it starts out on when booting up but then turns off, but at least the fix is easy enough.

 

tnx

Edited by AdamIsAdam, 18 May 2015 - 08:06 PM.

[Essexboy]

Glad that it was something simple

How is the computer behaving now ? Any apparent problems

[AdamIsAdam]

So far the laptop seems to be working ok.  I just got on it but there are no popups, clicking links works well, in both Explorer and chrome.  tnx!!!