Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer lags - possible malware? [Solved]

Started by Lady_Rocker , Jun 09 2015 04:56 AM

This topic is locked

#16
Essexboy

Posted 21 June 2015 - 03:07 AM

GeekU Moderator

Retired Staff
69,964 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Narcis at 2015-06-19 19:49:20
Running from C:\Users\Narcis\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1492978049-1898015326-2695977172-500 - Administrator - Disabled)
Guest (S-1-5-21-1492978049-1898015326-2695977172-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1492978049-1898015326-2695977172-1002 - Limited - Enabled)
Narcis (S-1-5-21-1492978049-1898015326-2695977172-1001 - Administrator - Enabled) => C:\Users\Narcis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{FFB768E4-E427-4553-BC36-A11F5E62A94D}) (Version: 10.1.53.64 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{E2D662AD-3FE3-26C5-5540-90E4974EF412}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3107 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.00.165 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.4.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightningDownloader (HKLM-x32\...\{0F44DC3H-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - LightningDownloader)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1492978049-1898015326-2695977172-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)
PriceMinus (HKLM-x32\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version: - ) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3025 - CyberLink Corp.) Hidden
RegisterAppend (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5d135e43}) (Version: - RegisterAppend) <==== ATTENTION
SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Xmarks Bookmark Sync (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1492978049-1898015326-2695977172-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Narcis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492978049-1898015326-2695977172-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Narcis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492978049-1898015326-2695977172-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Narcis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492978049-1898015326-2695977172-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Narcis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492978049-1898015326-2695977172-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Narcis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

12-06-2015 03:00:44 Windows Update
15-06-2015 20:11:23 Restore Point Created by FRST
17-06-2015 18:14:25 Removed Norton Online Backup
17-06-2015 18:42:14 Windows Update
19-06-2015 06:19:35 PROPLUS

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F75996F-1A2C-465A-9879-8F07787995AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-01] (Hewlett-Packard Company)
Task: {182E6528-1E39-440A-952A-0038DFFA168C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {351EBD6D-2215-46FB-8722-3CE4E37A51AD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {67C80356-A14C-461D-B5D6-36D94DDB87B7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7D5A1B77-D3CD-4233-8D13-FE8E0BBD45D1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: {871AF5D6-9340-4B7E-A75E-E6C73BD57DFD} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe [2014-06-18] () <==== ATTENTION
Task: {A08A5B32-9B90-47ED-BA1E-FAA7EB400286} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {A37CF83B-D324-46E2-B431-4C25CEE52225} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {BB719B86-2740-45E1-BA71-812E9AE1C3A5} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {C9B7D966-F7A8-4668-A472-EB358DFF13F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CC29EFD6-897C-4AF2-9C2A-DFEF35B3C8B9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {CE364D42-9201-4D9A-86D3-1A7986B6AD36} - System32\Tasks\HPCeeScheduleForNarcis => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {D9A8752A-F25D-4D58-8155-B7921D1FDB09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-01] (Hewlett-Packard Company)
Task: {DB0C634E-647C-4CA7-948A-B8A5826235EC} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2015-06-04] (Microsoft Corporation)
Task: {E4F1FC59-7CBE-44E4-B917-39F3AC230AB5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-17] (Microsoft Corporation)
Task: {E5DCBC78-C754-4115-9E3D-E979146037BE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {F45E0D40-0BAB-4549-8708-E4F3D47845C6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {FDEDA84D-37D9-4C72-96E6-51414170661B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForNarcis.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2010-08-22 11:58 - 2010-06-24 05:09 - 00125552 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
2010-01-19 03:21 - 2010-01-19 03:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-06-09 09:45 - 2009-06-09 09:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-22 11:21 - 2010-08-22 11:21 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-04-14 17:14 - 2015-04-14 17:14 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-18 06:31 - 2015-06-18 06:31 - 01786880 _____ () c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll
2015-04-14 17:14 - 2015-04-14 17:14 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-01 22:56 - 2010-06-18 10:00 - 12286520 _____ () C:\Users\Narcis\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-14 07:03 - 2009-07-14 11:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2015-06-01 22:57 - 2010-06-18 10:11 - 01699384 _____ () C:\Users\Narcis\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2010-08-22 11:58 - 2010-05-26 02:29 - 00014856 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll
2015-06-10 07:43 - 2015-06-06 04:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 07:43 - 2015-06-06 04:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-10 07:43 - 2015-06-06 04:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1492978049-1898015326-2695977172-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Narcis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 202.151.64.110

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F6D5A59A-D70B-419C-972A-E12D1E9C4B69}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{725D1927-94B2-4E99-BC35-7A7EEB780E39}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{738BB676-1443-46AB-8847-65343A920BDF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3E245060-673E-4CB6-96E7-6D6276C28508}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

==================== Faulty Device Manager Devices =============

Name: Dell USB Smartcard Keyboard
Description: Dell USB Smartcard Keyboard
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2015 05:58:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/18/2015 10:59:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bbc

Start Time: 01d0a9c07fd3179e

Termination Time: 6334

Application Path: C:\Windows\Explorer.EXE

Report Id: c677ee5d-15b9-11e5-8092-7071bc89a168

Error: (06/15/2015 09:19:10 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/15/2015 08:11:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {33b5e21c-2353-40b4-9572-1b6aa17b9ebb}

Error: (06/13/2015 09:09:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/11/2015 06:20:20 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Narcis-HP)
Description: Application or service 'Windows Search' could not be shut down.

Error: (06/11/2015 03:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ccSvcHst.exe, version: 10.1.1.16, time stamp: 0x4daa1893
Faulting module name: KERNEL32.DLL_unloaded, version: 0.0.0.0, time stamp: 0x556363bb
Exception code: 0xc0000005
Fault offset: 0x746b76f7
Faulting process id: 0x730
Faulting application start time: 0xccSvcHst.exe0
Faulting application path: ccSvcHst.exe1
Faulting module path: ccSvcHst.exe2
Report Id: ccSvcHst.exe3

Error: (06/11/2015 03:07:04 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/10/2015 01:52:03 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.81;lang=;guid=7E92CB911EBB45819FED79FDD691CE66;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\054a1128-8b98-440b-9b43-b206e7b99545.dmp

Error: (06/10/2015 08:50:04 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.81;lang=;guid=7E92CB911EBB45819FED79FDD691CE66;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\bf1e51b0-42c1-4a1a-9fd4-95fa54e698cc.dmp

System errors:
=============
Error: (06/19/2015 06:12:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 06:12:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Narcis\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2015 06:12:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 06:12:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Narcis\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2015 06:12:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 06:12:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Narcis\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2015 05:59:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 05:59:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Narcis\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2015 05:59:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 05:59:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Narcis\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office:
=========================
Error: (06/19/2015 05:58:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Narcis\Downloads\esetsmartinstaller_enu.exe

Error: (06/18/2015 10:59:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567bbc01d0a9c07fd3179e6334C:\Windows\Explorer.EXEc677ee5d-15b9-11e5-8092-7071bc89a168

Error: (06/15/2015 09:19:10 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/15/2015 08:11:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {33b5e21c-2353-40b4-9572-1b6aa17b9ebb}

Error: (06/13/2015 09:09:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/11/2015 06:20:20 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Narcis-HP)
Description: 1SearchIndexer.exeWindows Search03026216123560

Error: (06/11/2015 03:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ccSvcHst.exe10.1.1.164daa1893KERNEL32.DLL_unloaded0.0.0.0556363bbc0000005746b76f773001d0a3735f22c340C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exeKERNEL32.DLL05430c94-0f98-11e5-95d4-7071bc89a168

Error: (06/11/2015 03:07:04 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/10/2015 01:52:03 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.81;lang=;guid=7E92CB911EBB45819FED79FDD691CE66;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\054a1128-8b98-440b-9b43-b206e7b99545.dmp

Error: (06/10/2015 08:50:04 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.81;lang=;guid=7E92CB911EBB45819FED79FDD691CE66;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\bf1e51b0-42c1-4a1a-9fd4-95fa54e698cc.dmp

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 260u Processor
Percentage of memory in use: 62%
Total physical RAM: 2815.3 MB
Available physical RAM: 1053.18 MB
Total Pagefile: 5628.82 MB
Available Pagefile: 2935.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.7 GB) (Free:322.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 704524EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End of log ============================

#17
Essexboy

Posted 21 June 2015 - 03:08 AM

GeekU Moderator

Retired Staff
69,964 posts

Results of screen317's Security Check version 1.004
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome (43.0.2357.124)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

#18
Lady_Rocker

Posted 21 June 2015 - 04:53 AM

Member

Topic Starter
Member
168 posts

so what do i do with the results from the Malwarebytes scan?

#19
Sugartooth

Posted 21 June 2015 - 06:28 AM

Member

Member
881 posts

Hi Lady_Rocker,

b) java and flash based applicatons are still lagging

You don't have Java installed on your machine. Your Adobe Flash Player is out of date. I'll give you instructions for them later.

c) screen seems all pixellated after cocmin

I'm sorry, but I don't know what cocmin is.

so what do i do with the results from the Malwarebytes scan?

You've already gave me the results in Post #8.

I'm glad you were finally able to get the new logs to me. I see you've picked up new malware.

This line is listed in your log

CHR dev: Chrome dev build detected! <======= ATTENTION

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things, this allows malware to install any extension it wants. Chrome needs to be uninstalled so we can deal with the infections present on your computer. After your computer is clean, Chrome can be reinstalled.

Step 1
Google Chrome

If you have bookmarks/favorites:

Open Chrome, click on the 3 bars in the top right hand corner, select Bookmarks and then Bookmarks Manager.
Click on Organize and then select Export Bookmarks to HTML file, then choose Desktop to save it.

Sign into Google Sync:

Click on the 3 bars in the top right hand corner and select Settings.
In the list of Settings under “Sign in” click on Disconnect your Google Account.
In the text of the next window click on Google Dashboard, at the “Chrome sync” screen, click on Stop and Clear at the bottom.
A box will open and ask for confirmation, click on OK (wait for this to complete before doing the next step).
When confirmation appears, close that page and then click on Disconnect account and close Google Chrome.

Step 2
Program Uninstalls

If any of the programs give you an error during the uninstall, notate it and move on to the next one. If you are asked to restart the computer, answer No until all the programs have been uninstalled and then you can restart. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended.

1. Please click Start, Control Panel, and under the Programs heading, double-click on "Uninstall a program".
2. In the list of programs installed, locate the following programs:

Google Chrome
bestadblocker
LightningDownloader
PriceMinus
RegisterAppend
Xmarks Bookmark Sync

3. Click on each program, and then click Uninstall/Change.
4. If you are prompted to confirm the removal of the program, click Yes.
5. After the programs have been uninstalled, close the Uninstall or change a program window and the Control Panel.
6. Restart the computer.

Step 3
FRST Fix

1. Open notepad (Start =>All Programs => Accessories => Notepad) and copy/paste the text present inside the code box below.
To Copy: Highlight the contents of the box, right-click on it, and choose Copy. To Paste: In the opened notepad, right-click and select Paste.

Warning: These fixes have been customized for this computer only. If you are NOT this user, DO NOT follow these directions as the tools used may damage your computer.

Start
CreateRestorePoint:
CloseProcesses: 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hotsearches.info/?pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90  
HKU\S-1-5-21-1492978049-1898015326-2695977172-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hotsearches.info/?pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90   
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90   
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90
SearchScopes: HKU\S-1-5-21-1492978049-1898015326-2695977172-1001 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?l=1&q={searchTerms}
&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90
SearchScopes: HKU\S-1-5-21-1492978049-1898015326-2695977172-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90                 
BHO: PriceMinus -> {7BD16028-9A0F-4649-AD15-289DE1DDB6EA} -> C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51.x64.dll [2015-06-18] ()    
BHO: bestadblocker -> {87C5639B-D78F-4CB0-B554-26DECDF2926A} -> C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.x64.dll [2015-06-18] ()         
BHO-x32: PriceMinus -> {7BD16028-9A0F-4649-AD15-289DE1DDB6EA} -> C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51.dll [2015-06-18] ()            
BHO-x32: bestadblocker -> {87C5639B-D78F-4CB0-B554-26DECDF2926A} -> C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.dll [2015-06-18] () 
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-06-18]   
CHR Extension: (iLivid) - C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-06-18]    
CHR Extension: (No Name) - C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheipkkgfejkeajniamlabkiebejdpaa [2015-06-19]
R2 5d135e43; c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll [1786880 2015-06-18] () [File not signed]           
c:\Program Files (x86)\ProcessRunner
2015-06-18 06:31 - 2015-06-18 06:31 - 00002067 _____ C:\Users\Public\Desktop\LightningDownloader.lnk        
2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\Windows\SysWOW64\X86  
2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\Windows\SysWOW64\AMD64   
2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightningDownloader      
2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\Program Files (x86)\ProcessRunner
2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\Program Files (x86)\LightningDownloader        
2015-06-18 06:29 - 2015-06-18 06:29 - 00000000 ____D C:\Program Files (x86)\Xmarks Bookmark Sync         
2015-06-18 06:28 - 2015-06-18 06:30 - 00000000 ____D C:\ProgramData\13222406889394377016         
2015-06-18 06:28 - 2015-06-18 06:28 - 00000000 ____D C:\Program Files (x86)\bestadblocker       
2015-06-18 06:27 - 2015-06-18 06:28 - 00000000 ____D C:\Program Files (x86)\PrIceMinus 
2015-06-18 06:26 - 2015-06-18 06:26 - 00000000 ____D C:\ProgramData\dpfakgebmeomffkfcbmnpoapedemnolh      
2015-06-18 06:25 - 2015-06-19 18:25 - 00000350 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job                    
2015-06-18 06:25 - 2015-06-18 18:25 - 00000000 ____D C:\ProgramData\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}      
2015-06-18 06:25 - 2015-06-18 06:25 - 00198144 _____ C:\Users\Narcis\Downloads\Gre-ElJa.epub (1).exe       
2015-06-18 06:25 - 2015-06-18 06:25 - 00003264 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b]              
2015-06-02 01:38 - 2015-06-10 07:43 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk       
Task: {871AF5D6-9340-4B7E-A75E-E6C73BD57DFD} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe [2014-06-18] () <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe <==== ATTENTION
2015-06-18 06:31 - 2015-06-18 06:31 - 01786880 _____ () c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll  
2015-06-10 07:43 - 2015-06-06 04:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll 
2015-06-02 19:07 - 2015-06-02 19:08 - 40479080 _____ (The Chromium Authors) C:\Users\Narcis\Downloads\Maelstrom.exe 
2015-06-01 22:43 - 2010-08-22 12:01 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
CMD: bitsadmin /reset /allusers
EmptyTemp:
End

2. Click on File > Save as... and a Save As box will appear.

You will need to save this file to your Desktop. Under Favorites in the left column, locate Desktop and click on it.

Inside the File Name: box type fixlist.txt

Click the Save button and the box will close.

You can now close Notepad by clicking on the X in the top right corner.

NOTE: => It's important that both files, FRST64 and fixlist.txt are in the same location (on the Desktop) or the fix will not work.

3. Right click FRST64 and select Run as administrator. When the tool opens click Yes to the UAC. Click the Fix button just once and wait.
NOTE: => FRST may check and download an updated version.
After the completion, a log (Fixlog.txt) will be produced. Copy and Paste the contents of the log in your next reply.

Things I need to see in your next posting:

1. Any problems uninstalling programs? Did you uninstall Chrome?
2. Fixlog.txt
3. How is your computer doing now?

#20
Lady_Rocker

Posted 21 June 2015 - 12:35 PM

Member

Topic Starter
Member
168 posts

Before I follow your recommendations, let me clarify what I meant with one of my issues regarding the "pixelioin". I think I was growing very tired when i was trying to post the last results and when I meant to type "coming out of sleep mode" I ended up typing "cocmin".. LOL..

When I wake the computer after it goes into sleep mode (after 15 minutes), the display has a bunch of "green pixels" which only clears up when I reboot the computer. This may be hardware or software issues, but I'm still looking for any resolution to it.

Edited by Lady_Rocker, 21 June 2015 - 12:36 PM.

#21
Lady_Rocker

Posted 21 June 2015 - 06:03 PM

Member

Topic Starter
Member
168 posts

Things I need to see in your next posting:

1. Any problems uninstalling programs? Did you uninstall Chrome?
2. Fixlog.txt
3. How is your computer doing now?

1) I had a problem with this step:

In the text of the next window click on Google Dashboard, at the “Chrome sync” screen, click on Stop and Clear at the bottom.

I could not find the "Stop and Clear" option, but proceeded to complete the remaining steps.

2) Here is the FixLog . txt

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015

Ran by Narcis at 2015-06-22 08:44:54 Run:2

Running from C:\Users\Narcis\Desktop

Loaded Profiles: Narcis (Available Profiles: Narcis)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...info/?pid=3888

r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90

HKU\S15211492978049189801532626959771721001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websear

ch.hotsearches.info/?pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90

SearchScopes: HKLMx32 > DefaultScope {BB82DE59BC4C41729AC473315F71CFFE} URL = http://websearch.hotsearches.info

/?l=1&q={searchTerms}&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90

SearchScopes: HKLMx32 > {BB82DE59BC4C41729AC473315F71CFFE} URL = http://websearch.hot...nfo/?l=1&q={sea

rchTerms}&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90

SearchScopes: HKU\S15211492978049189801532626959771721001 > DefaultScope {BB82DE59BC4C41729AC473315F71CFF

E} URL = http://websearch.hot...q={searchTerms}

&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90

SearchScopes: HKU\S15211492978049189801532626959771721001 > {BB82DE59BC4C41729AC473315F71CFFE} URL = http

://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&u

nqvl=90

BHO: PriceMinus > {7BD160289A0F4649AD15289DE1DDB6EA} > C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51.x64.

dll [20150618] ()

BHO: bestadblocker > {87C5639BD78F4CB0B55426DECDF2926A} > C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3

Kj.x64.dll [20150618] ()

BHOx32: PriceMinus > {7BD160289A0F4649AD15289DE1DDB6EA} > C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51.

dll [20150618] ()

BHOx32: bestadblocker > {87C5639BD78F4CB0B55426DECDF2926A} > C:\Program Files (x86)\bestadblocker\HLZ5TfmrG

Wk3Kj.dll [20150618] ()

CHR Extension: (Xmarks Bookmark Sync) C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajp

gkpeckebdhofmmjfgcjjiiejpodla [20150618]

CHR Extension: (iLivid) C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmab

olbppcngeolgf [20150618]

CHR Extension: (No Name) C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheipkkgfejkeajnia

mlabkiebejdpaa [20150619]

R2 5d135e43; c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll [1786880 20150618] () [File not signed]

c:\Program Files (x86)\ProcessRunner

20150618 06:31 20150618 06:31 00002067 _____ C:\Users\Public\Desktop\LightningDownloader.lnk

20150618 06:31 20150618 06:31 00000000 ____D C:\Windows\SysWOW64\X86

20150618 06:31 20150618 06:31 00000000 ____D C:\Windows\SysWOW64\AMD64

20150618 06:31 20150618 06:31 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightning

Downloader

20150618 06:31 20150618 06:31 00000000 ____D C:\Program Files (x86)\ProcessRunner

20150618 06:31 20150618 06:31 00000000 ____D C:\Program Files (x86)\LightningDownloader

20150618 06:29 20150618 06:29 00000000 ____D C:\Program Files (x86)\Xmarks Bookmark Sync

20150618 06:28 20150618 06:30 00000000 ____D C:\ProgramData\13222406889394377016

20150618 06:28 20150618 06:28 00000000 ____D C:\Program Files (x86)\bestadblocker

20150618 06:27 20150618 06:28 00000000 ____D C:\Program Files (x86)\PrIceMinus

20150618 06:26 20150618 06:26 00000000 ____D C:\ProgramData\dpfakgebmeomffkfcbmnpoapedemnolh

20150618 06:25 20150619 18:25 00000350 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job

20150618 06:25 20150618 18:25 00000000 ____D C:\ProgramData\{5bc4f8c6819307cf5bc44f8c6819e31a}

20150618 06:25 20150618 06:25 00198144 _____ C:\Users\Narcis\Downloads\GreElJa.epub (1).exe

20150618 06:25 20150618 06:25 00003264 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b]

20150602 01:38 20150610 07:43 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

Task: {871AF5D693404B7EA75EE6C73BD57DFD} System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{5bc4

f8c6819307cf5bc44f8c6819e31a}\greelja.epub (1).exe [20140618] () <==== ATTENTION

Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{5bc4f8c6819307cf5bc44f8c6819e31a}\gree

lja.epub (1).exe <==== ATTENTION

20150618 06:31 20150618 06:31 01786880 _____ () c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll

20150610 07:43 20150606 04:22 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\Pe

pperFlash\pepflashplayer.dll

20150602 19:07 20150602 19:08 40479080 _____ (The Chromium Authors) C:\Users\Narcis\Downloads\Maelstrom.exe

20150601 22:43 20100822 12:01 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

CMD: bitsadmin /reset /allusers

EmptyTemp:

End

*****************

Restore point was successfully created.

Processes closed successfully.

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION => Error: No automatic fix found for this entry.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...info/?pid=3888=> Error: No automatic fix found for this entry.

r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90 => Error: No automatic fix found for this entry.

HKU\S15211492978049189801532626959771721001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websear=> Error: No automatic fix found for this entry.

ch.hotsearches.info/?pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90 => Error: No automatic fix found for this entry.

SearchScopes: HKLMx32 > DefaultScope {BB82DE59BC4C41729AC473315F71CFFE} URL = http://websearch.hotsearches.info=> Error: No automatic fix found for this entry.

/?l=1&q={searchTerms}&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90 => Error: No automatic fix found for this entry.

SearchScopes: HKLMx32 > {BB82DE59BC4C41729AC473315F71CFFE} URL = http://websearch.hot...nfo/?l=1&q={sea=> Error: No automatic fix found for this entry.

rchTerms}&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90 => Error: No automatic fix found for this entry.

SearchScopes: HKU\S15211492978049189801532626959771721001 > DefaultScope {BB82DE59BC4C41729AC473315F71CFF => Error: No automatic fix found for this entry.

E} URL = http://websearch.hot...q={searchTerms}=> Error: No automatic fix found for this entry.

&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&unqvl=90 => Error: No automatic fix found for this entry.

SearchScopes: HKU\S15211492978049189801532626959771721001 > {BB82DE59BC4C41729AC473315F71CFFE} URL = http => Error: No automatic fix found for this entry.

://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=3888&r=2015/06/17&hid=14634825571559576549&lg=EN&cc=GU&u => Error: No automatic fix found for this entry.

nqvl=90 => Error: No automatic fix found for this entry.

BHO: PriceMinus > {7BD160289A0F4649AD15289DE1DDB6EA} > C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51.x64. => Error: No automatic fix found for this entry.

dll [20150618] () => Error: No automatic fix found for this entry.

BHO: bestadblocker > {87C5639BD78F4CB0B55426DECDF2926A} > C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3 => Error: No automatic fix found for this entry.

Kj.x64.dll [20150618] () => Error: No automatic fix found for this entry.

BHOx32: PriceMinus > {7BD160289A0F4649AD15289DE1DDB6EA} > C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51. => Error: No automatic fix found for this entry.

dll [20150618] () => Error: No automatic fix found for this entry.

BHOx32: bestadblocker > {87C5639BD78F4CB0B55426DECDF2926A} > C:\Program Files (x86)\bestadblocker\HLZ5TfmrG => Error: No automatic fix found for this entry.

Wk3Kj.dll [20150618] () => Error: No automatic fix found for this entry.

CHR Extension: (Xmarks Bookmark Sync) C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajp => Error: No automatic fix found for this entry.

gkpeckebdhofmmjfgcjjiiejpodla [20150618] => Error: No automatic fix found for this entry.

CHR Extension: (iLivid) C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmab => Error: No automatic fix found for this entry.

olbppcngeolgf [20150618] => Error: No automatic fix found for this entry.

CHR Extension: (No Name) C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheipkkgfejkeajnia => Error: No automatic fix found for this entry.

mlabkiebejdpaa [20150619] => Error: No automatic fix found for this entry.

R2 5d135e43; c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll [1786880 20150618] () [File not signed] => Error: No automatic fix found for this entry.

"c:\Program Files (x86)\ProcessRunner" => File/Folder not found.

20150618 06:31 20150618 06:31 00002067 _____ C:\Users\Public\Desktop\LightningDownloader.lnk => Error: No automatic fix found for this entry.

20150618 06:31 20150618 06:31 00000000 ____D C:\Windows\SysWOW64\X86 => Error: No automatic fix found for this entry.

20150618 06:31 20150618 06:31 00000000 ____D C:\Windows\SysWOW64\AMD64 => Error: No automatic fix found for this entry.

20150618 06:31 20150618 06:31 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightning => Error: No automatic fix found for this entry.

Downloader => Error: No automatic fix found for this entry.

20150618 06:31 20150618 06:31 00000000 ____D C:\Program Files (x86)\ProcessRunner => Error: No automatic fix found for this entry.

20150618 06:31 20150618 06:31 00000000 ____D C:\Program Files (x86)\LightningDownloader => Error: No automatic fix found for this entry.

20150618 06:29 20150618 06:29 00000000 ____D C:\Program Files (x86)\Xmarks Bookmark Sync => Error: No automatic fix found for this entry.

20150618 06:28 20150618 06:30 00000000 ____D C:\ProgramData\13222406889394377016 => Error: No automatic fix found for this entry.

20150618 06:28 20150618 06:28 00000000 ____D C:\Program Files (x86)\bestadblocker => Error: No automatic fix found for this entry.

20150618 06:27 20150618 06:28 00000000 ____D C:\Program Files (x86)\PrIceMinus => Error: No automatic fix found for this entry.

20150618 06:26 20150618 06:26 00000000 ____D C:\ProgramData\dpfakgebmeomffkfcbmnpoapedemnolh => Error: No automatic fix found for this entry.

20150618 06:25 20150619 18:25 00000350 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => Error: No automatic fix found for this entry.

20150618 06:25 20150618 18:25 00000000 ____D C:\ProgramData\{5bc4f8c6819307cf5bc44f8c6819e31a} => Error: No automatic fix found for this entry.

20150618 06:25 20150618 06:25 00198144 _____ C:\Users\Narcis\Downloads\GreElJa.epub (1).exe => Error: No automatic fix found for this entry.

20150618 06:25 20150618 06:25 00003264 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b] => Error: No automatic fix found for this entry.

20150602 01:38 20150610 07:43 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk => Error: No automatic fix found for this entry.

Task: {871AF5D693404B7EA75EE6C73BD57DFD} System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{5bc4 => Error: No automatic fix found for this entry.

f8c6819307cf5bc44f8c6819e31a}\greelja.epub (1).exe [20140618] () <==== ATTENTION => Error: No automatic fix found for this entry.

Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{5bc4f8c6819307cf5bc44f8c6819e31a}\gree => Error: No automatic fix found for this entry.

lja.epub (1).exe <==== ATTENTION => Error: No automatic fix found for this entry.

20150618 06:31 20150618 06:31 01786880 _____ () c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll => Error: No automatic fix found for this entry.

20150610 07:43 20150606 04:22 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\Pe => Error: No automatic fix found for this entry.

pperFlash\pepflashplayer.dll => Error: No automatic fix found for this entry.

20150602 19:07 20150602 19:08 40479080 _____ (The Chromium Authors) C:\Users\Narcis\Downloads\Maelstrom.exe => Error: No automatic fix found for this entry.

20150601 22:43 20100822 12:01 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk => Error: No automatic fix found for this entry.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Invalid command

USAGE: BITSADMIN [/RAWRETURN] [/WRAP | /NOWRAP] command

The following commands are available:

/HELP Prints this help

/? Prints this help

/UTIL /? Prints the list of utilities commands

/PEERCACHING /? Prints the list of commands to manage Peercaching

/CACHE /? Prints the list of cache management commands

/PEERS /? Prints the list of peer management commands

/LIST [/ALLUSERS] [/VERBOSE] List the jobs

/MONITOR [/ALLUSERS] [/REFRESH sec] Monitors the copy manager

/RESET [/ALLUSERS] Deletes all jobs in the manager

/TRANSFER <job name> [type] [/PRIORITY priority] [/ACLFLAGS flags]

remote_url local_name

Transfers one of more files.

[type] may be /DOWNLOAD or /UPLOAD; default is download

Multiple URL/file pairs may be specified.

Unlike most commands, <job name> may only be a name and not a GUID.

/CREATE [type] <job name> Creates a job

[type] may be /DOWNLOAD, /UPLOAD, or /UPLOAD-REPLY; default is download

Unlike most commands, <job name> may only be a name and not a GUID.

/INFO <job> [/VERBOSE] Displays information about the job

/ADDFILE <job> <remote_url> <local_name> Adds a file to the job

/ADDFILESET <job> <textfile> Adds multiple files to the job

Each line of <textfile> lists a file's remote name and local name, separated

by spaces. A line beginning with '#' is treated as a comment.

Once the file set is read into memory, the contents are added to the job.

/ADDFILEWITHRANGES <job> <remote_url> <local_name range_list>

Like /ADDFILE, but BITS will read only selected byte ranges of the URL.

range_list is a comma-delimited series of offset and length pairs.

For example,

0:100,2000:100,5000:eof

instructs BITS to read 100 bytes starting at offset zero, 100 bytes starting

at offset 2000, and the remainder of the URL starting at offset 5000.

/REPLACEREMOTEPREFIX <job> <old_prefix> <new_prefix>

All files whose URL begins with <old_prefix> are changed to use <new_prefix>

Note that BITS currently supports HTTP/HTTPS downloads and uploads.

It also supports UNC paths and file:// paths as URLS

/LISTFILES <job> Lists the files in the job

/SUSPEND <job> Suspends the job

/RESUME <job> Resumes the job

/CANCEL <job> Cancels the job

/COMPLETE <job> Completes the job

/GETTYPE <job> Retrieves the job type

/GETACLFLAGS <job> Retrieves the ACL propagation flags

/SETACLFLAGS <job> <ACL_flags> Sets the ACL propagation flags for the job

O - OWNER G - GROUP

D - DACL S - SACL

Examples:

bitsadmin /setaclflags MyJob OGDS

bitsadmin /setaclflags MyJob OGD

/GETBYTESTOTAL <job> Retrieves the size of the job

/GETBYTESTRANSFERRED <job> Retrieves the number of bytes transferred

/GETFILESTOTAL <job> Retrieves the number of files in the job

/GETFILESTRANSFERRED <job> Retrieves the number of files transferred

/GETCREATIONTIME <job> Retrieves the job creation time

/GETMODIFICATIONTIME <job> Retrieves the job modification time

/GETCOMPLETIONTIME <job> Retrieves the job completion time

/GETSTATE <job> Retrieves the job state

/GETERROR <job> Retrieves detailed error information

/GETOWNER <job> Retrieves the job owner

/GETDISPLAYNAME <job> Retrieves the job display name

/SETDISPLAYNAME <job> <display_name> Sets the job display name

/GETDESCRIPTION <job> Retrieves the job description

/SETDESCRIPTION <job> <description> Sets the job description

/GETPRIORITY <job> Retrieves the job priority

/SETPRIORITY <job> <priority> Sets the job priority

Priority usage choices:

FOREGROUND

HIGH

NORMAL

LOW

/GETNOTIFYFLAGS <job> Retrieves the notify flags

/SETNOTIFYFLAGS <job> <notify_flags> Sets the notify flags

For more help on this option, please refer to the MSDN help page for SetNotifyFlags/GETNOTIFYINTERFACE <job> Determines if notify interface is registered

/GETMINRETRYDELAY <job> Retrieves the retry delay in seconds

/SETMINRETRYDELAY <job> <retry_delay> Sets the retry delay in seconds

/GETNOPROGRESSTIMEOUT <job> Retrieves the no progress timeout in seconds

/SETNOPROGRESSTIMEOUT <job> <timeout> Sets the no progress timeout in seconds

/GETMAXDOWNLOADTIME <job> Retrieves the download timeout in seconds

/SETMAXDOWNLOADTIME <job> <timeout> Sets the download timeout in seconds

/GETERRORCOUNT <job> Retrieves an error count for the job

/SETPROXYSETTINGS <job> <usage> Sets the proxy usage

usage choices:

PRECONFIG - Use the owner's default Internet settings.

AUTODETECT - Force autodetection of proxy.

NO_PROXY - Do not use a proxy server.

OVERRIDE - Use an explicit proxy list and bypass list.

Must be followed by a proxy list and a proxy bypass list.

NULL or "" may be used for an empty proxy bypass list.

Examples:

bitsadmin /setproxysettings MyJob PRECONFIG

bitsadmin /setproxysettings MyJob AUTODETECT

bitsadmin /setproxysettings MyJob NO_PROXY

bitsadmin /setproxysettings MyJob OVERRIDE proxy1:80 "<local>"

bitsadmin /setproxysettings MyJob OVERRIDE proxy1,proxy2,proxy3 NULL

/GETPROXYUSAGE <job> Retrieves the proxy usage setting

/GETPROXYLIST <job> Retrieves the proxy list

/GETPROXYBYPASSLIST <job> Retrieves the proxy bypass list

/TAKEOWNERSHIP <job> Take ownership of the job

/SETNOTIFYCMDLINE <job> <program_name> [program_parameters]

Sets a program to execute for notification, and optionally parameters.

The program name and parameters can be NULL.

IMPORTANT: if parameters are non-NULL, then the program name should be the

first parameter.

Examples:

bitsadmin /SetNotifyCmdLine MyJob c:\winnt\system32\notepad.exe NULL

bitsadmin /SetNotifyCmdLine MyJob c:\foo.exe "c:\foo.exe parm1 parm2"

bitsadmin /SetNotifyCmdLine MyJob NULL NULL

/GETNOTIFYCMDLINE <job> Returns the job's notification command line

/SETCREDENTIALS <job> <target> <scheme> <username> <password>

Adds credentials to a job.

<target> may be either SERVER or PROXY

<scheme> may be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT.

/REMOVECREDENTIALS <job> <target> <scheme>

Removes credentials from a job.

/GETCUSTOMHEADERS <job> Gets the Custom HTTP Headers

/SETCUSTOMHEADERS <job> <header1> <header2> <...> Sets the Custom HTTP Headers

/GETCLIENTCERTIFICATE <job> Gets the job's Client Certificate Information

/SETCLIENTCERTIFICATEBYID <job> <store_location> <store_name> <hexa-decimal_cert_id>

Sets a client authentication certificate to a job.

<store_location> may be

1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),

4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),

7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE).

/SETCLIENTCERTIFICATEBYNAME <job> <store_location> <store_name> <subject_name>

Sets a client authentication certificate to a job.

<store_location> may be

1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),

4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),

7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE).

/REMOVECLIENTCERTIFICATE <job> Removes the Client Certificate Information from the job

/SETSECURITYFLAGS <job> <value>

Sets the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.

The value is an unsigned integer with the following interpretation for the bits in the binary representation.

Enable CRL Check : Set the least significant bit

Ignore invalid common name in server certificate : Set the 2nd bit from right

Ignore invalid date in server certificate : Set the 3rd bit from right

Ignore invalid certificate authority in server

certificate : Set the 4th bit from right

Ignore invalid usage of certificate : Set the 5th bit from right

Redirection policy : Controlled by the 9th-11th bits from right

0,0,0 - Redirects will be automatically allowed.

0,0,1 - Remote name in the IBackgroundCopyFile interface will be updated if a redirect occurs.

0,1,0 - BITS will fail the job if a redirect occurs.

Allow redirection from HTTPS to HTTP : Set the 12th bit from right

/GETSECURITYFLAGS <job>

Reports the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.

/SETVALIDATIONSTATE <job> <file-index> <true|false>

<file-index> starts from 0

Sets the content-validation state of the given file within the job.

/GETVALIDATIONSTATE <job> <file-index>

<file-index> starts from 0

Reports the content-validation state of the given file within the job.

/GETTEMPORARYNAME <job> <file-index>

<file-index> starts from 0

Reports the temporary filename of the given file within the job.

The following options control peercaching of a particular job:

/SETPEERCACHINGFLAGS <job> <value>

Sets the flags for the job's peercaching behavior.

The value is an unsigned integer with the following interpretation for the bits in the binary representation.

Allow the job's data to be downloaded from a peer : Set the least significant bit

Allow the job's data to be served to peers : Set the 2nd bit from right

/GETPEERCACHINGFLAGS <job>

Reports the flags for the job's peercaching behavior.

The following options are valid for UPLOAD-REPLY jobs only:

/GETREPLYFILENAME <job> Gets the path of the file containing the server reply

/SETREPLYFILENAME <job> <path> Sets the path of the file containing the server reply

/GETREPLYPROGRESS <job> Gets the size and progress of the server reply

/GETREPLYDATA <job> Dumps the server's reply data in hex format

The following options can be placed before the command:

/RAWRETURN Return data more suitable for parsing

/WRAP Wrap output around console (default)

/NOWRAP Don't wrap output around console

The /RAWRETURN option strips new line characters and formatting.

It is recognized by the /CREATE and /GET* commands.

Commands that take a <job> parameter will accept either a job name or a job ID

GUID inside braces. BITSADMIN reports an error if a name is ambiguous.

========= End of CMD: =========

EmptyTemp: => 92.3 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 08:45:36 ====

3) Need to update Flash player

#22
Sugartooth

Posted 22 June 2015 - 04:50 PM

Member

Member
881 posts

Hi Lady_Rocker,

When I wake the computer after it goes into sleep mode (after 15 minutes), the display has a bunch of "green pixels" which only clears up when I reboot the computer. This may be hardware or software issues, but I'm still looking for any resolution to it.

The problem is not malware related. The solutions range from a faulty monitor, to overheating, to needing to clean the dust out of the computer, to a bad graphics card, bad video cards, etc.... After we have finished cleaning your computer, you can start a new topic at Hardware, Components and Peripherals. Make sure you tell them that I referred you from the Virus, Spyware, Malware Removal forum and provide a link to your topic.

1) I had a problem with this step:
In the text of the next window click on Google Dashboard, at the “Chrome sync” screen, click on Stop and Clear at the bottom.
I could not find the "Stop and Clear" option, but proceeded to complete the remaining steps.

Thank you for letting me know. I see the "Stop and Clear" was renamed to "Reset sync".

3) Need to update Flash player

We will do that after your computer has been cleaned.

Step 1
FRST Fix

Warning: These fixes have been customized for this computer only. If you are NOT this user, DO NOT follow these directions as the tools used may damage your computer.

Something went wrong with the prior fixlist, so we're going to do this one a little differently. Download the attached fixlist.txt to your Desktop.

NOTE: => It's important that both files, FRST64 and fixlist.txt are in the same location (on the Desktop) or the fix will not work.

Run FRST64 by right-clicking on it and selecting Run as Administrator and press Fix.
On completion a log (fixlog.txt) will be generated.
Please copy and paste it in your next reply.

We will also need to re-run the next two tools because of the new malware you contracted.

Step 2
Scan with AdwCleaner

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here. Re-enable them after you have completed the steps.

Do a Scan only. Do not use the Cleaning feature.

1. Close all open programs and internet browsers.
2. Right click on AdwCleaner and select Run as administrator. Accept the User Account Control prompt.

3. Click on Scan.
4. Once the scan has finished, it will say Waiting for action. Please uncheck elements you want to keep.
5. Click on the Logfile button. AdwCleaner[R1].txt will open. Copy and paste the log into your next reply for my review.
6. Close the program by clicking on the X located in the top right corner. Click Yes to confirm you want to close the program without cleaning.
*The log is also saved at C:\AdwCleaner\AdwCleaner[R1].txt. Make sure you copy and paste the current one. It should be R1. The previous one you posted was R0.

Step 3
Junkware Removal Tool

1. Close all open programs and internet browsers.
2. Right click on and select Run as Administrator. Accept the User Account Control prompt.
3. A black box will open. Press any key to continue.
4. The tool will start scanning your system.
5. Please be patient as this can take a while to complete depending on your system's specifications.
6. Upon completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
7. Close the text file and reboot your machine.
8. Please copy and paste the contents of JRT.txt into your next reply. I believe this one will overwrite the previous one.

Note: Don't forget to re-enable previously switched off protection software.

Things I need to see in your next posting:

1. Fixlog.txt
2. AdwCleaner[R1].txt
3. JRT.txt
4. Information on how your computer is running now.

#23
Lady_Rocker

Posted 23 June 2015 - 05:08 AM

Member

Topic Starter
Member
168 posts

Things I need to see in your next posting:

1. Fixlog.txt
2. AdwCleaner[R1].txt
3. JRT.txt
4. Information on how your computer is running now.

Step 1:

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015

Ran by Narcis at 2015-06-23 19:54:09 Run:3

Running from C:\Users\Narcis\Desktop

Loaded Profiles: Narcis (Available Profiles: Narcis)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

HKU\S-1-5-21-1492978049-1898015326-2695977172-1001\...\Run: [GoogleChromeAutoLaunch_7DC90F8F95FCEA001BCF7B9B28A6157E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-06] (Google Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=GU&unqvl=90

HKU\S-1-5-21-1492978049-1898015326-2695977172-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=GU&unqvl=90

SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=GU&unqvl=90

SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=GU&unqvl=90

SearchScopes: HKU\S-1-5-21-1492978049-1898015326-2695977172-1001 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=GU&unqvl=90

SearchScopes: HKU\S-1-5-21-1492978049-1898015326-2695977172-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=GU&unqvl=90

HO: PriceMinus -> {7BD16028-9A0F-4649-AD15-289DE1DDB6EA} -> C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51.x64.dll [2015-06-18] ()

BHO: bestadblocker -> {87C5639B-D78F-4CB0-B554-26DECDF2926A} -> C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.x64.dll [2015-06-18] ()

HO-x32: PriceMinus -> {7BD16028-9A0F-4649-AD15-289DE1DDB6EA} -> C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51.dll [2015-06-18] ()

BHO-x32: bestadblocker -> {87C5639B-D78F-4CB0-B554-26DECDF2926A} -> C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.dll [2015-06-18] ()

CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-06-18]

CHR Extension: (iLivid) - C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-06-18]

CHR Extension: (No Name) - C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheipkkgfejkeajniamlabkiebejdpaa [2015-06-19]

R2 5d135e43; c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll [1786880 2015-06-18] () [File not signed]

c:\Program Files (x86)\ProcessRunner

2015-06-18 06:31 - 2015-06-18 06:31 - 00002067 _____ C:\Users\Public\Desktop\LightningDownloader.lnk

2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\Windows\SysWOW64\X86

2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\Windows\SysWOW64\AMD64

2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightningDownloader

2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\Program Files (x86)\ProcessRunner

2015-06-18 06:31 - 2015-06-18 06:31 - 00000000 ____D C:\Program Files (x86)\LightningDownloader

2015-06-18 06:29 - 2015-06-18 06:29 - 00000000 ____D C:\Program Files (x86)\Xmarks Bookmark Sync

2015-06-18 06:28 - 2015-06-18 06:30 - 00000000 ____D C:\ProgramData\13222406889394377016

2015-06-18 06:28 - 2015-06-18 06:28 - 00000000 ____D C:\Program Files (x86)\bestadblocker

2015-06-18 06:27 - 2015-06-18 06:28 - 00000000 ____D C:\Program Files (x86)\PrIceMinus

2015-06-18 06:26 - 2015-06-18 06:26 - 00000000 ____D C:\ProgramData\dpfakgebmeomffkfcbmnpoapedemnolh

2015-06-18 06:25 - 2015-06-19 18:25 - 00000350 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job

2015-06-18 06:25 - 2015-06-18 18:25 - 00000000 ____D C:\ProgramData\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}

2015-06-18 06:25 - 2015-06-18 06:25 - 00198144 _____ C:\Users\Narcis\Downloads\Gre-ElJa.epub (1).exe

2015-06-18 06:25 - 2015-06-18 06:25 - 00003264 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b]

2015-06-02 01:38 - 2015-06-10 07:43 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-06-17 18:11 - 2010-08-22 12:07 - 00000000 ____D C:\ProgramData\Norton

Task: {871AF5D6-9340-4B7E-A75E-E6C73BD57DFD} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe [2014-06-18] () <==== ATTENTION

Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe <==== ATTENTION

2015-06-18 06:31 - 2015-06-18 06:31 - 01786880 _____ () c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll

2015-06-10 07:43 - 2015-06-06 04:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll

C:\$RECYCLE.BIN\S-1-5-21-1492978049-1898015326-2695977172-1001\$R4B2369.exe

C:\$RECYCLE.BIN\S-1-5-21-1492978049-1898015326-2695977172-1001\$RRJL7OX.exe

C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.dll

C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.exe

C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.x64.dll

C:\Program Files (x86)\PrIceMinus\5qO4yE9HBzQg51.dll

C:\Program Files (x86)\PrIceMinus\5qO4yE9HBzQg51.exe

C:\Program Files (x86)\PrIceMinus\5qO4yE9HBzQg51.x64.dll

C:\Program Files (x86)\PrIceMinus\PrIceMinus.exe

C:\Program Files (x86)\ProcessRunner\ProcessRunner.dll

C:\Program Files (x86)\Xmarks Bookmark Sync\Xmarks Bookmark Sync.exe

C:\ProgramData\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe

C:\Users\All Users\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe

C:\Users\Narcis\AppData\Local\Temp\3B40\temp\Gre-ElJa.epub (1).exe

C:\Users\Narcis\AppData\Local\Temp\3B40\temp\hpds_setup.exe

C:\Users\Narcis\AppData\Local\Temp\3B40\temp\RegisterAppend.xyz.exe

C:\Users\Narcis\Downloads\Gre-ElJa.epub (1).exe

C:\Users\Narcis\Downloads\Adobe Photoshop Elements 6 [first person]\keygen.rar

CMD: bitsadmin /reset /allusers

EmptyTemp:

End

*****************

Restore point was successfully created.

HKU\S-1-5-21-1492978049-1898015326-2695977172-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_7DC90F8F95FCEA001BCF7B9B28A6157E => value removed successfully

"HKLM\SOFTWARE\Policies\Google" => key removed successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKU\S-1-5-21-1492978049-1898015326-2695977172-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully

HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.

HKU\S-1-5-21-1492978049-1898015326-2695977172-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

"HKU\S-1-5-21-1492978049-1898015326-2695977172-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully

HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.

HO: PriceMinus -> {7BD16028-9A0F-4649-AD15-289DE1DDB6EA} -> C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51.x64.dll [2015-06-18] () => Error: No automatic fix found for this entry.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87C5639B-D78F-4CB0-B554-26DECDF2926A} => key not found.

"HKCR\CLSID\{87C5639B-D78F-4CB0-B554-26DECDF2926A}" => key removed successfully

HO-x32: PriceMinus -> {7BD16028-9A0F-4649-AD15-289DE1DDB6EA} -> C:\Program Files (x86)\PriceMinus\5qO4yE9HBzQg51.dll [2015-06-18] () => Error: No automatic fix found for this entry.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87C5639B-D78F-4CB0-B554-26DECDF2926A} => key not found.

"HKCR\Wow6432Node\CLSID\{87C5639B-D78F-4CB0-B554-26DECDF2926A}" => key removed successfully

C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla => moved successfully.

C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf => moved successfully.

C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheipkkgfejkeajniamlabkiebejdpaa => moved successfully.

5d135e43 => Service not found.

"c:\Program Files (x86)\ProcessRunner" => File/Folder not found.

"C:\Users\Public\Desktop\LightningDownloader.lnk" => File/Folder not found.

"C:\Windows\SysWOW64\X86" => File/Folder not found.

"C:\Windows\SysWOW64\AMD64" => File/Folder not found.

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightningDownloader" => File/Folder not found.

"C:\Program Files (x86)\ProcessRunner" => File/Folder not found.

"C:\Program Files (x86)\LightningDownloader" => File/Folder not found.

C:\Program Files (x86)\Xmarks Bookmark Sync => moved successfully.

C:\ProgramData\13222406889394377016 => moved successfully.

"C:\Program Files (x86)\bestadblocker" => File/Folder not found.

"C:\Program Files (x86)\PrIceMinus" => File/Folder not found.

C:\ProgramData\dpfakgebmeomffkfcbmnpoapedemnolh => moved successfully.

C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => moved successfully.

C:\ProgramData\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a} => moved successfully.

C:\Users\Narcis\Downloads\Gre-ElJa.epub (1).exe => moved successfully.

C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b] => moved successfully.

C:\Users\Public\Desktop\Google Chrome.lnk => moved successfully.

C:\ProgramData\Norton => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{871AF5D6-9340-4B7E-A75E-E6C73BD57DFD}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{871AF5D6-9340-4B7E-A75E-E6C73BD57DFD}" => key removed successfully

C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b] not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[973b]" => key removed successfully

C:\Windows\Tasks\Bidaily Synchronize Task[973b].job not found.

"c:\Program Files (x86)\ProcessRunner\ProcessRunner.dll" => File/Folder not found.

C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll => moved successfully.

"C:\$RECYCLE.BIN\S-1-5-21-1492978049-1898015326-2695977172-1001\$R4B2369.exe" => File/Folder not found.

"C:\$RECYCLE.BIN\S-1-5-21-1492978049-1898015326-2695977172-1001\$RRJL7OX.exe" => File/Folder not found.

"C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.dll" => File/Folder not found.

"C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.exe" => File/Folder not found.

"C:\Program Files (x86)\bestadblocker\HLZ5TfmrGWk3Kj.x64.dll" => File/Folder not found.

"C:\Program Files (x86)\PrIceMinus\5qO4yE9HBzQg51.dll" => File/Folder not found.

"C:\Program Files (x86)\PrIceMinus\5qO4yE9HBzQg51.exe" => File/Folder not found.

"C:\Program Files (x86)\PrIceMinus\5qO4yE9HBzQg51.x64.dll" => File/Folder not found.

"C:\Program Files (x86)\PrIceMinus\PrIceMinus.exe" => File/Folder not found.

"C:\Program Files (x86)\ProcessRunner\ProcessRunner.dll" => File/Folder not found.

"C:\Program Files (x86)\Xmarks Bookmark Sync\Xmarks Bookmark Sync.exe" => File/Folder not found.

"C:\ProgramData\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe" => File/Folder not found.

"C:\Users\All Users\{5bc4f8c6-8193-07cf-5bc4-4f8c6819e31a}\gre-elja.epub (1).exe" => File/Folder not found.

"C:\Users\Narcis\AppData\Local\Temp\3B40\temp\Gre-ElJa.epub (1).exe" => File/Folder not found.

"C:\Users\Narcis\AppData\Local\Temp\3B40\temp\hpds_setup.exe" => File/Folder not found.

"C:\Users\Narcis\AppData\Local\Temp\3B40\temp\RegisterAppend.xyz.exe" => File/Folder not found.

"C:\Users\Narcis\Downloads\Gre-ElJa.epub (1).exe" => File/Folder not found.

C:\Users\Narcis\Downloads\Adobe Photoshop Elements 6 [first person]\keygen.rar => moved successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 201.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 19:55:00 ====

Step 2:

# AdwCleaner v4.207 - Logfile created 23/06/2015 at 20:32:29

# Updated 21/06/2015 by Xplode

# Database : 2015-06-21.2 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Narcis - NARCIS-HP

# Running from : C:\Users\Narcis\Downloads\adwcleaner_4.207.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Found : C:\ProgramData\9410160000002772

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Key Found : HKLM\SOFTWARE\5ec56e6f-839c-0a07-8db3-5798f39c96b1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74CA59B5-0066-48C3-9D1A-84E0C0BB9AD7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.130

*************************

AdwCleaner[R0].txt - [994 bytes] - [15/06/2015 20:32:39]

AdwCleaner[R1].txt - [1551 bytes] - [23/06/2015 20:32:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1610 bytes] ##########

Step 3:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 7.0.8 (06.22.2015:1)

OS: Windows 7 Home Premium x64

Ran by Narcis on Tue 06/23/2015 at 20:39:30.06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_7DC90F8F95FCEA001BCF7B9B28A6157E

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\9410160000002772

~~~ Chrome

[C:\Users\Narcis\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Narcis\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

nafaimnnclfjfedmmabolbppcngeolgf

[C:\Users\Narcis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Narcis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[

ihdkejbciahopmbagpnjmmkkdpfpaaak,

nafaimnnclfjfedmmabolbppcngeolgf

]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 06/23/2015 at 20:42:55.50

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step 4:

AWESOME!! No major issues going on!! When I reinstalled Chrome browser, it had the Flash Player plug in so I opted for it when one of my pages required Flash.

As soon as my thread is final, I will take your word and have my hardware checked in another Forum section.

#24
Sugartooth

Posted 24 June 2015 - 03:34 PM

Member

Member
881 posts

Hi Lady_Rocker,

AWESOME!! No major issues going on!!

That's great news! We're almost done. Once you have completed Cleaning with AdwCleaner, your computer logs will be Clean! :yeah:

Step 1
Cleaning with AdwCleaner

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here. Re-enable them after you have completed the steps.

This time we'll be using the Cleaning feature.

1. Close all open programs and internet browsers.
2. Right click on AdwCleaner and select Run as administrator. Accept the User Account Control prompt.

3. Click on Scan.
4. Once the scan has finished, it will say Waiting for action. Please uncheck elements you want to keep.
5. Click Cleaning.
6. Click OK to the AdwCleaner - Closing programs box.
7. During the cleaning, AdwCleaner - Information box will pop up. Click OK.
8. Click OK to AdwCleaner - Reboot.
The report will be opened on the next reboot. Copy and paste AdwCleaner[S0].txt in your next reply.
The log is also saved at C:\AdwCleaner\AdwCleaner[S0].txt

Step 2
Clean Up with Delfix

Delfix will remove the tools used for cleaning your machine. This will also remove the quarantined malware from your computer.

1. Download Delfix from here to your desktop.
2. Ensure everything is checked.

3. Click Run.

Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
The log can also be located at the root of the system drive, C:\DelFix.txt.

4. After you have posted the aforementioned DelFix.txt, delete it by sending it to the Recycle Bin.

Step 3
Uninstall ESET Online Scanner

1. Please click Start, Control Panel, and under the Programs heading, double-click on "Uninstall a program".
2. In the list of programs installed, locate the following program:

ESET Online Scanner

3. Click on the program, and then click Uninstall/Change.
4. If you are prompted to confirm the removal of the program, click Yes.
5. After the program has been uninstalled, close the Uninstall or change a program (Add/Remove Programs) window and the Control Panel.
6. Restart the computer.

Step 4
Delete files if still present

If you see any other files (.log and .txt) created during our cleaning process, and left on the Desktop, delete them and empty the Recycle Bin.

Step 5
Windows Updates

Microsoft releases security updates that help to keep your computer from becoming vulnerable. To protect your computer In the future, set Windows to check, download, and install updates automatically. To do this:
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears.
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG

4. Click on Change Settings.
208003-how-do-i-configure-windows-update

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.

Now for some Information to help protect your machine.

1. Keep Installed Programs Up to Date
It's important to keep all programs on your computer updated because they can have security vulnerabilities. This can be done manually by using the Update feature included in most programs or you can use Heimdal Free to help you with this task. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

After Heimdal Free installs, click on the Modules tab.

Click OK to the pop up box: Sorry-but you don't have a PRO version
Under Software, check the 2 boxes for
- Enable scan for software updates
- Enable patching of software

Heimdal Free will then perform a scan on your computer. You can check the results under the Oveview and Software tabs

2. Firewall and Anti-Virus
Always ensure that your firewall and anti-virus program are updated and running.

3. Malwarebytes Anti-Malware
I recommend keeping Malwarebytes Anti-Malware installed as it's an excellent on demand scanner. Remember that the free version is not equipped with automatic updates, so you need to update it manually before every scan. Run it at least once a week.

4. Keep Adobe Flash Player Updated Check to see if Adobe Flash Player 10 is still installed. If it is, you need to remove it from the Control Panel. You don't need to perform the additional steps of installing a new one
NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.

Click Start and then Control Panel. Under the Programs heading click Uninstall a program
Remove ALL instances of Adobe Flash Player.
- Click each program and click the Uninstall button.
- Re-start your computer when all versions of Adobe Flash Player have been uninstalled.

1. Please click here to go to the Adobe Flash Player Installation page.
2. In the first column under Adobe Flash Player, make sure the system version and the browser are correct.
3. In the middle column, Optional offers:, make sure you UNCHECK the boxes unless you want them.
4. Click the Install now button. A download window for the file will open. Save it to the Desktop.
5. Close the browser and all open windows.
6. Back on the Desktop, right-click on the downloaded file and click Run as Administrator to install Adobe Flash Player.

5. CryptoPrevent
The CryptoLocker infection is very severe. CryptoLocker is a ransomware program that will encrypt and lock your files and then demand a ransom of up to $1,000. The cure is still unknown.The best way to prevent this is to use a small program called CryptoPrevent. Please download and install CryptoPrevent to avoid this infection.

6. TFC - Temp File Cleaner by OldTimer
A small tool that is used to clean unneeded temporary files from all user accounts resulting in a faster computer. Be sure to save any unsaved work before running TFC as it requires a reboot. It should be run weekly. You may download it from here.

Finally, here are three educational articles that I recommend reading: Simple and easy ways to keep your computer safe and secure on the Internet, Computer Security - a short guide to staying safer online and Best Practices for Safe Computing - Prevention of Malware Infection.

Things I need to see in your next posting:

1. AdwCleaner[S0].txt
2. DelFix.txt log

#25
Lady_Rocker

Posted 26 June 2015 - 06:28 AM

Member

Topic Starter
Member
168 posts

Things I need to see in your next posting:

1. AdwCleaner[S0].txt
2. DelFix.txt log

Uhm.... not sure if this is a major "booboo"...

I ran the "DelFix" before posting the "AdwCleaner", so I cannot find the file... nonetheless, here is the DelFix log:

# DelFix v1.010 - Logfile created 26/06/2015 at 22:19:20

# Updated 26/04/2015 by Xplode

# Username : Narcis - NARCIS-HP

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\RegBackup

Deleted : C:\Users\Narcis\Desktop\FRST-OlderVersion

Deleted : C:\log.txt

Deleted : C:\Users\Narcis\Desktop\Addition.txt

Deleted : C:\Users\Narcis\Desktop\adwcleaner_4.207.exe

Deleted : C:\Users\Narcis\Desktop\Fixlog.txt

Deleted : C:\Users\Narcis\Desktop\FRST.txt

Deleted : C:\Users\Narcis\Desktop\FRST64.exe

Deleted : C:\Users\Narcis\Desktop\JRT.exe

Deleted : C:\Users\Narcis\Desktop\JRT.txt

Deleted : C:\Users\Narcis\Desktop\SecurityCheck.exe

Deleted : C:\Users\Narcis\Downloads\esetsmartinstaller_enu.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #32 [PROPLUS | 06/19/2015 10:07:44]

Deleted : RP #33 [Windows Update | 06/20/2015 17:35:12]

Deleted : RP #34 [Removed PressReader. | 06/21/2015 06:50:09]

Deleted : RP #36 [Restore Point Created by FRST | 06/21/2015 22:44:59]

Deleted : RP #38 [Restore Point Created by FRST | 06/23/2015 09:54:17]

Deleted : RP #39 [Windows Update | 06/24/2015 09:09:40]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

#26
Lady_Rocker

Posted 26 June 2015 - 03:52 PM

Member

Topic Starter
Member
168 posts

PS: This keeps popping up and is irritating.. "Xmarks Authentication"

I cannot find it in the Programs to uninstall.. any ideas?

#27
Sugartooth

Posted 27 June 2015 - 04:07 AM

Member

Member
881 posts

Hi Lady_Rocker,

I ran the "DelFix" before posting the "AdwCleaner", so I cannot find the file... nonetheless, here is the DelFix log:

No problem. I'll have to adjust my speech so that the posting of the AdwCleaner log, before running DelFix, really stands out. :thumbsup:

This keeps popping up and is irritating.. "Xmarks Authentication"

It sounds like a Chrome browser addon. To remove it:

Open Chrome and click on the three horizontal bars in the top right corner, select Settings.
When the new tab in Chrome opens, on the left side select Extensions.
Scroll down until you see Xmarks. Either uncheck the Enable box or click on the trash can. Confirm removal by clicking on Remove.

Did that take care of the problem?

#28
Lady_Rocker

Posted 27 June 2015 - 08:26 AM

Member

Topic Starter
Member
168 posts

SMH... hahaha.. yep.. it did.. and to think there was that familiar "green X" at the top right near the close "X" button of the browser...

The computer is running smooth and so far so good..

Now I know I need to get my hardware checked... sometimes my computer will not turn on.. or when I first turn it on, it hangs and then I'll have to shut it down manually by holding the power button in ... other times I have to unplug the computer... I will check the "Hardware" help section after this..

But, yea!! The computer is running pretty smoothly and so far withlo

THANK YOU! THANK YOU!!

#29
Sugartooth

Posted 28 June 2015 - 03:00 PM

Member

Member
881 posts

Hi Lady_Rocker,

SMH... hahaha.. yep.. it did.. and to think there was that familiar "green X" at the top right near the close "X" button of the browser...

Sometimes it's the familiar things that we forget about. :lol:

THANK YOU! THANK YOU!!

You're Welcome!

You may now post in the Hardware, Components and Peripherals forum and this thread will be closed. Don't forget to tell them I sent you. Good luck!

#30
Essexboy

Posted 02 July 2015 - 02:41 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.