Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ninja Loader will not delete from my system [Solved]

Started by skandranon1971 , Jul 11 2015 06:41 PM

  • This topic is locked This topic is locked

#1
skandranon1971
Posted 11 July 2015 - 06:41 PM

skandranon1971

    Member

  • Member
  • PipPip
  • 67 posts

I have attempted to remove it with Maiwarebytes anti-malware program and it will not remove:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Jon (administrator) on KRAKEN on 11-07-2015 17:31:17
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Jon\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BitTorrent Inc.) C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Jon\AppData\Local\Ninja Loader\Discover\Discover.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-12] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Run: [GoogleChromeAutoLaunch_1476D5075BFDEEA31B57A901BC660F86] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-06] (Google Inc.)
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Run: [Spotify Web Helper] => C:\Users\Jon\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-18] (Spotify Ltd)
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Run: [uTorrent] => C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\MountPoints2: F - "F:\Setup.exe" 
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\MountPoints2: {9e122f1b-d294-11e4-8278-1458d0c06312} - "F:\LG_PC_Programs.exe" 
AppInit_DLLs: C:\ProgramData\LolliScan\LolliScan64.dll => C:\ProgramData\LolliScan\LolliScan64.dll File not found
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-02-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> {3F6221C3-393E-485B-B1EC-5F93ED8B3DF6} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {3F6221C3-393E-485B-B1EC-5F93ED8B3DF6} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002 -> {3F6221C3-393E-485B-B1EC-5F93ED8B3DF6} URL = http://www.amazon.co...s={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-11] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-02-09] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-11] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{8EE1EAB9-B157-4B13-B3DB-8BCE8196BF62}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{DFFE8011-ABA7-4E59-9450-DD5D8BF98E1C}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
 
FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\q5rpe8bc.default
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=M57B03A8F-928F-4362-AE67-176B61E66F90&SearchSource=55&CUI=&UM=8&UP=SP914EEEB9-B805-4B01-A2CD-F3DE8FA6FFF5&D=071115&SSPV=SP30339TB_sp_ff
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\ArcPlugins\NPSWF32.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-02-09] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-12-18]
FF HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ninja Loader\FireFox
FF Extension: NinjaLoader - C:\Program Files (x86)\Ninja Loader\FireFox [2015-07-10]
 
Chrome: 
=======
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11]
CHR Extension: (Angry Birds) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (YouTube) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (eBay) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2015-02-11]
CHR Extension: (Google Search) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Word Search) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2015-02-11]
CHR Extension: (Google Sheets) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11]
CHR Extension: (Avast Online Security) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-16]
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj [2015-02-11]
CHR Extension: (Personal Trainer) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke [2015-02-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]
CHR HKLM-x32\...\Chrome\Extension: [cmlhbjpgeogifjnmlajdaealbdlfonah] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2015-02-09] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-02-12] (BitRaider, LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-06-24] (Ninja Soft Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-12] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-12] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-01-20] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264392 2015-01-20] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-02-12] (BitRaider)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-15] (Word Surfer)
S3 andnetadb; \SystemRoot\System32\Drivers\lgandnetadb.sys [X]
S1 gfilterdrv; system32\drivers\gfilterdrv.sys [X]
S3 OATool; \??\C:\Windows\TEMP\OAToolx64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 17:31 - 2015-07-11 17:32 - 00028113 _____ C:\Users\Jon\Desktop\FRST.txt
2015-07-11 17:30 - 2015-07-11 17:31 - 00000000 ____D C:\FRST
2015-07-11 17:28 - 2015-07-11 17:29 - 02130944 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2015-07-11 10:26 - 2015-07-11 10:26 - 00003200 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe
2015-07-11 01:05 - 2015-07-11 17:05 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-11 01:00 - 2015-07-11 17:23 - 00000000 ____D C:\Program Files (x86)\GSafe
2015-07-11 00:56 - 2015-07-11 00:56 - 00004180 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-07-11 00:56 - 2015-07-11 00:56 - 00004170 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-07-11 00:41 - 2015-07-11 10:01 - 00034354 _____ C:\ProgramData\I2qi58ro.dat
2015-07-11 00:38 - 2015-07-11 16:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 00:37 - 2015-07-11 00:37 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 00:37 - 2015-07-11 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 00:37 - 2015-07-11 00:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-11 00:37 - 2015-07-11 00:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-11 00:37 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-11 00:37 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-11 00:37 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-11 00:36 - 2015-07-11 00:36 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jon\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-11 00:35 - 2015-07-11 09:29 - 00000000 ____D C:\Program Files (x86)\ORBTR
2015-07-10 23:52 - 2015-07-11 10:07 - 00000000 ____D C:\ProgramData\abc
2015-07-10 23:51 - 2015-07-10 23:51 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-07-10 23:50 - 2015-07-10 23:50 - 00001875 _____ C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-07-10 22:43 - 2015-07-10 22:43 - 00000000 ____D C:\ProgramData\50661bab000019bd
2015-07-10 22:37 - 2015-07-11 09:30 - 00000005 _____ C:\END
2015-07-10 22:11 - 2015-07-10 22:11 - 00000000 ____D C:\Program Files (x86)\predm
2015-07-10 22:09 - 2015-07-10 22:09 - 00003740 _____ C:\Windows\System32\Tasks\Convertor
2015-07-10 22:09 - 2015-07-10 22:09 - 00001085 _____ C:\Users\Jon\Desktop\DocToPDFConverter.lnk
2015-07-10 22:09 - 2015-07-10 22:09 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocToPDFConverter
2015-07-10 22:09 - 2015-07-10 22:09 - 00000000 ____D C:\Users\Jon\AppData\Roaming\DocToPDFConverter
2015-07-10 22:09 - 2015-07-10 22:09 - 00000000 ____D C:\Program Files (x86)\Winsta
2015-07-10 22:09 - 2015-07-10 22:09 - 00000000 ____D C:\Program Files (x86)\Convertor
2015-07-10 22:01 - 2015-07-10 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-07-10 21:59 - 2015-07-10 23:55 - 00002110 _____ C:\Users\Jon\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-07-10 21:54 - 2015-07-11 16:46 - 00000352 ____H C:\Windows\Tasks\KCTPPXQUAIUXXORP.job
2015-07-10 21:54 - 2015-07-11 16:46 - 00000340 _____ C:\Windows\Tasks\WXAOQPACW1.job
2015-07-10 21:54 - 2015-07-11 12:04 - 00000000 ____D C:\ProgramData\Service7609
2015-07-10 21:54 - 2015-07-10 21:54 - 00003356 _____ C:\Windows\System32\Tasks\KCTPPXQUAIUXXORP
2015-07-10 21:54 - 2015-07-10 21:54 - 00002854 _____ C:\Windows\System32\Tasks\WXAOQPACW1
2015-07-10 21:51 - 2015-07-10 21:53 - 00000000 ____D C:\Users\Jon\AppData\Local\Ninja Loader
2015-07-10 21:51 - 2015-07-10 21:51 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-07-10 21:51 - 2015-07-10 21:51 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-07-10 21:50 - 2015-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\Ninja Loader
2015-07-10 21:50 - 2013-08-22 06:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-10 20:35 - 2015-07-11 12:06 - 00000112 _____ C:\ProgramData\nI0cCK6dn.dat
2015-07-10 20:15 - 2015-07-10 20:16 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Ebon
2015-07-10 20:15 - 2015-07-10 20:16 - 00000000 ____D C:\Users\Jon\AppData\Local\Ebon
2015-07-10 19:37 - 2015-07-11 16:44 - 00000696 _____ C:\Windows\setupact.log
2015-07-10 19:37 - 2015-07-10 19:37 - 00000000 _____ C:\Windows\setuperr.log
2015-07-10 19:36 - 2015-07-11 16:44 - 00091754 _____ C:\Windows\PFRO.log
2015-07-10 18:20 - 2015-07-10 19:43 - 00003458 _____ C:\Windows\System32\Tasks\Croureis
2015-07-10 18:16 - 2015-07-10 18:16 - 00000000 ____D C:\ProgramData\Ebon
2015-07-10 18:15 - 2015-07-10 21:48 - 00000000 ____D C:\Program Files (x86)\Ebon
2015-07-10 18:14 - 2015-07-11 00:16 - 00000000 ____D C:\Program Files\WebBar
2015-07-10 18:14 - 2015-07-10 23:13 - 00000000 ____D C:\ProgramData\LpIFDKNYQ
2015-07-10 18:14 - 2015-07-10 18:16 - 00000000 ____D C:\ProgramData\Ebonmedia
2015-07-10 18:13 - 2015-07-11 12:10 - 00000000 ____D C:\Program Files\015
2015-07-10 18:13 - 2015-07-11 12:04 - 00000000 ____D C:\Program Files\13
2015-07-10 18:11 - 2015-07-10 18:12 - 00910255 _____ C:\Users\Jon\Downloads\File_Downloader.jse
2015-07-09 19:04 - 2015-07-09 19:04 - 00032821 _____ C:\Users\Jon\Downloads\[kat.cr]falling.skies.s05e02.hdtv.x264.asap.ettv.torrent
2015-07-09 19:04 - 2015-07-09 19:04 - 00032821 _____ C:\Users\Jon\Downloads\[kat.cr]falling.skies.s05e02.hdtv.x264.asap.ettv (1).torrent
2015-07-09 19:03 - 2015-07-09 19:03 - 00028280 _____ C:\Users\Jon\Downloads\[kat.cr]falling.skies.s05e01.hdtv.x264.killers.ettv.torrent
2015-07-09 18:17 - 2015-07-09 18:17 - 00019684 _____ C:\Users\Jon\Downloads\Falling+Skies+Season+4+Complete.torrent
2015-07-09 18:15 - 2015-07-09 18:15 - 00022407 _____ C:\Users\Jon\Downloads\Falling+Skies%3A+Season+1%2C+2%2C+3+x264+THADOGG.torrent
2015-07-09 18:14 - 2015-07-09 18:14 - 00018621 _____ C:\Users\Jon\Downloads\[kat.cr]the.last.ship.season.1.complete.torrent
2015-07-09 00:20 - 2015-07-11 17:21 - 00853240 _____ C:\Windows\WindowsUpdate.log
2015-07-08 22:53 - 2015-07-08 22:53 - 00120196 _____ C:\Users\Jon\Downloads\[kat.cr]patrick.swayze.movie.pack.torrent.torrent
2015-07-08 22:51 - 2015-07-08 22:51 - 00102394 _____ C:\Users\Jon\Downloads\[kat.cr]one.last.dance.patrick.swayze.2003.by.anarky69.torrent
2015-07-08 22:50 - 2015-07-08 22:50 - 00024624 _____ C:\Users\Jon\Downloads\Next.of.Kin.1989.BDrip.720p.Avi-OmiTube+%5BPatrick+Swayze%5D.torrent
2015-07-08 22:47 - 2015-07-08 22:47 - 00000952 _____ C:\Users\Jon\Downloads\[kat.cr]jim.harrison.legends.of.the.fall.pdf.torrent
2015-07-08 22:43 - 2015-07-08 22:43 - 00015266 _____ C:\Users\Jon\Downloads\[kat.cr]legends.of.the.fall.1994.dvdrip.xvid.ar.torrent
2015-07-08 22:27 - 2015-07-08 22:27 - 00013989 _____ C:\Users\Jon\Downloads\[kat.cr]one.last.dance.dvd.rip.torrent
2015-07-08 22:24 - 2015-07-08 22:24 - 00023155 _____ C:\Users\Jon\Downloads\[kat.cr]one.last.dance.2003.720p.bluray.x264.ifpd.torrent
2015-07-08 19:43 - 2015-07-08 19:43 - 00008924 _____ C:\Users\Jon\Downloads\Road+House+%281989%29+720p+BrRip+x264+-+YIFY.torrent
2015-07-08 19:07 - 2015-07-08 19:07 - 00008924 _____ C:\Users\Jon\Downloads\[kat.cr]road.house.1989.720p.brrip.x264.yify.torrent
2015-07-07 16:48 - 2015-07-07 16:54 - 00000000 ____D C:\Users\Jon\AppData\Local\Mozilla
2015-07-07 16:48 - 2015-07-07 16:48 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-07 16:48 - 2015-07-07 16:48 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-07 16:48 - 2015-07-07 16:48 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Mozilla
2015-07-07 16:48 - 2015-07-07 16:48 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-07 16:48 - 2015-07-07 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-07 16:48 - 2015-07-07 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-07 16:39 - 2015-07-07 16:40 - 00242712 _____ C:\Users\Jon\Downloads\Firefox Setup Stub 39.0.exe
2015-07-06 23:09 - 2015-07-10 00:35 - 00047143 _____ C:\Users\Jon\Desktop\Fireworks 2015 Sign In-Sign Out.xlsx
2015-07-06 19:07 - 2015-07-06 19:07 - 00020688 _____ C:\Users\Jon\Downloads\Blackhat+%282015%29+1080p+BrRip+x264+-+YIFY.torrent
2015-07-06 18:57 - 2015-07-06 18:57 - 00114271 _____ C:\Users\Jon\Downloads\Mortdecai.2015.HDRip.XViD.AC3-ETRG.torrent
2015-07-06 18:54 - 2015-07-06 18:54 - 00017576 _____ C:\Users\Jon\Downloads\Last+Knights+%282015%29+1080p+BrRip+x264+-+YIFY.torrent
2015-07-06 12:33 - 2015-07-06 12:34 - 00000000 ____D C:\Users\Jon\Desktop\Net making
2015-07-05 21:48 - 2015-07-05 21:48 - 00046542 _____ C:\Users\Jon\Downloads\C3F22287588EFFB6DE8C6FCDFC642D22A9E92A78.torrent
2015-07-05 20:51 - 2015-07-05 20:51 - 00024448 _____ C:\Users\Jon\Downloads\[kat.cr]spartacus.war.of.the.damned.season.3.720p.bluray.x264.shaanig.torrent
2015-07-05 20:50 - 2015-07-05 20:50 - 00017957 _____ C:\Users\Jon\Downloads\[kat.cr]spartacus.season.2.gods.of.the.arena.torrent
2015-07-05 20:10 - 2015-07-05 20:11 - 70533120 _____ C:\Users\Jon\Downloads\calibre-64bit-2.31.0.msi
2015-07-05 20:03 - 2015-07-05 20:04 - 00051732 _____ C:\Users\Jon\Downloads\[kat.cr]learn.in.your.car.german.complete.95.lessons.torrent
2015-07-05 20:00 - 2015-07-05 20:00 - 00019779 _____ C:\Users\Jon\Downloads\[kat.cr]world.of.gypsies.vol1.2.3.torrent
2015-07-05 19:44 - 2015-07-05 19:44 - 00015974 _____ C:\Users\Jon\Downloads\[kat.cr]covert.affairs.season.2.torrent
2015-07-05 19:42 - 2015-07-05 19:42 - 00015335 _____ C:\Users\Jon\Downloads\[kat.cr]game.of.thrones.season.5.complete.1080p.khatake2.torrent
2015-07-05 19:36 - 2015-07-05 19:36 - 00016132 _____ C:\Users\Jon\Downloads\[kat.cr]olympus.s01e13.hdtv.x264.asap.ettv.torrent
2015-07-05 19:35 - 2015-07-05 19:35 - 00020422 _____ C:\Users\Jon\Downloads\[kat.cr]olympus.s01e12.hdtv.x264.killers.ettv.torrent
2015-07-05 19:34 - 2015-07-05 19:34 - 00019282 _____ C:\Users\Jon\Downloads\[kat.cr]olympus.s01e10.hdtv.x264.killers.ettv.torrent
2015-07-05 19:34 - 2015-07-05 19:34 - 00017694 _____ C:\Users\Jon\Downloads\[kat.cr]olympus.s01e11.hdtv.x264.killers.ettv.torrent
2015-07-05 19:33 - 2015-07-05 19:33 - 00017953 _____ C:\Users\Jon\Downloads\[kat.cr]olympus.s01e09.hdtv.x264.killers.ettv.torrent
2015-07-05 19:32 - 2015-07-05 19:32 - 00021063 _____ C:\Users\Jon\Downloads\[kat.cr]olympus.s01e08.hdtv.x264.killers.ettv.torrent
2015-07-05 19:26 - 2015-07-05 19:26 - 00012791 _____ C:\Users\Jon\Downloads\[kat.cr]the.originals.season.2.complete.480p.torrent
2015-07-05 19:22 - 2015-07-05 19:22 - 00056207 _____ C:\Users\Jon\Downloads\[kat.cr]pretty.little.liars.season.5.complete.torrent
2015-07-05 19:21 - 2015-07-05 19:21 - 00017127 _____ C:\Users\Jon\Downloads\[kat.cr]pretty.little.liars.complete.season.4.torrent
2015-07-05 19:19 - 2015-07-05 19:19 - 00048170 _____ C:\Users\Jon\Downloads\[kat.cr]star.trek.voyager.season.7.torrent
2015-07-05 19:17 - 2015-07-05 19:17 - 00048472 _____ C:\Users\Jon\Downloads\[kat.cr]star.trek.voyager.season.6.torrent
2015-07-05 17:11 - 2015-07-05 17:11 - 00001840 _____ C:\Users\Jon\Downloads\2EBD0FCFC5147B00DEC14A298DBC606345434EE8.torrent
2015-07-05 17:06 - 2015-07-05 17:06 - 00001840 _____ C:\Users\Jon\Downloads\[kat.cr]guardian.trilogy.torrent
2015-07-05 16:59 - 2015-07-05 16:59 - 00002255 _____ C:\Users\Jon\Downloads\[kat.cr]residue.series.by.laury.falter.books.1.4.epub.torrent
2015-07-05 16:55 - 2015-07-05 16:55 - 00001628 _____ C:\Users\Jon\Downloads\[kat.cr]world.after.susan.ee.epub (1).torrent
2015-07-05 16:53 - 2015-07-05 16:53 - 00001630 _____ C:\Users\Jon\Downloads\[kat.cr]world.after.susan.ee.epub.torrent
2015-07-05 16:52 - 2015-07-05 16:52 - 00001701 _____ C:\Users\Jon\Downloads\[kat.cr]angelfall.by.susan.ee.epub.mobi.torrent
2015-07-05 16:39 - 2015-07-05 16:39 - 00002643 _____ C:\Users\Jon\Downloads\[kat.cr]they.who.fell.they.who.fell.1.kevin.kneupper.epub.mobi.azw3.nm.torrent
2015-06-27 19:25 - 2015-06-27 19:25 - 00057554 _____ C:\Users\Jon\Downloads\Mad.Max.Fury.Road.2015.HDRip.XViD-ETRG.torrent
2015-06-26 23:52 - 2015-06-26 23:52 - 00020107 _____ C:\Users\Jon\Downloads\[kat.cr]step.by.step.macrame.pdf.torrent
2015-06-26 23:50 - 2015-06-26 23:50 - 00020461 _____ C:\Users\Jon\Downloads\[kat.cr]macrame.books.torrent
2015-06-26 21:21 - 2015-06-26 21:21 - 00008995 _____ C:\Users\Jon\Downloads\[kat.cr]run.all.night.2015.720p.brrip.x264.yify.torrent
2015-06-24 16:29 - 2015-06-24 16:30 - 00000000 ____D C:\Users\Jon\Documents\Fax
2015-06-24 16:28 - 2015-06-24 16:28 - 16966176 _____ C:\Users\Jon\Downloads\Coopers birthday.7z
2015-06-24 16:23 - 2015-03-03 06:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-24 13:37 - 2015-06-24 13:37 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-24 13:36 - 2015-06-24 13:36 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-24 01:25 - 2015-06-24 01:25 - 00016382 _____ C:\Users\Jon\Downloads\Remember+Me+%282010%29+720p+BrRip+x264-+750+MB+-+YIFY.torrent
2015-06-21 10:14 - 2015-06-21 10:14 - 00266519 _____ C:\Users\Jon\Desktop\Pandora Internet Radio - Listen to Free Music You'll Love.html
2015-06-21 10:14 - 2015-06-21 10:14 - 00000000 ____D C:\Users\Jon\Desktop\Pandora Internet Radio - Listen to Free Music You'll Love_files
2015-06-19 18:34 - 2015-06-19 18:34 - 00077056 _____ C:\Users\Jon\Downloads\parks.zip
2015-06-18 00:32 - 2015-06-18 00:32 - 00158602 _____ C:\Users\Jon\Downloads\[RI-RAw]+Fullmetal+Alchemist+Brotherhood+1-64+[END]+(x264[1920x1080+24]+aac[LC192]).torrent
2015-06-17 21:31 - 2015-06-17 21:31 - 00038493 _____ C:\Users\Jon\Downloads\Twilight+Saga+Audio+Books+FIXED.torrent
2015-06-17 21:22 - 2015-06-17 21:22 - 00101273 _____ C:\Users\Jon\Downloads\Stephenie+Meyer+%283782405%29 (1).torrent
2015-06-16 00:30 - 2015-06-16 00:30 - 00026121 _____ C:\Users\Jon\Downloads\Full+Metal+Alchemist+Brotherhood+English+Dub%281-64%29.torrent
2015-06-16 00:25 - 2015-06-16 00:25 - 00020840 _____ C:\Users\Jon\Downloads\Black+Butler+1-24+Complete+720p+%5BDual-Audio%5D+%5BEnglish+Subbed%5D+Neroextreme_NTRG.torrent
2015-06-15 15:28 - 2015-06-15 15:28 - 00057728 _____ (Word Surfer) C:\Windows\system32\Drivers\wsafd_1_10_0_19.sys
2015-06-15 00:49 - 2015-06-15 00:49 - 00097891 _____ C:\Users\Jon\Downloads\Fullmetal+Alchemist+Brotherhood+Full+Hd+Tri-Audio+English+Dubbed%2C+Português+Dublado%2CSpanish.torrent
2015-06-15 00:49 - 2015-06-15 00:49 - 00097891 _____ C:\Users\Jon\Downloads\Fullmetal+Alchemist+Brotherhood+Full+Hd+Tri-Audio+English+Dubbed%2C+Português+Dublado%2CSpanish (1).torrent
2015-06-15 00:46 - 2015-06-15 00:47 - 00185030 _____ C:\Users\Jon\Downloads\Fullmetal+Alchemist+Brotherhood+%5B720p.BRrip.x264.Dual-Audio%5D%5BxRed%5D.torrent
2015-06-13 20:18 - 2015-06-13 20:22 - 70250496 _____ C:\Users\Jon\Downloads\calibre-64bit-2.30.0.msi
2015-06-13 19:34 - 2015-06-13 19:34 - 00042597 _____ C:\Users\Jon\Downloads\Harry+Potter+Audio+Books+%283721572%29.torrent
2015-06-13 19:32 - 2015-06-13 19:32 - 00101273 _____ C:\Users\Jon\Downloads\Stephenie+Meyer+%283782405%29.torrent
2015-06-13 19:28 - 2015-06-13 19:28 - 00011602 _____ C:\Users\Jon\Downloads\[kat.cr]hendee.barb.noble.dead.1.11.mobi.torrent
2015-06-13 19:24 - 2015-06-13 19:24 - 00011878 _____ C:\Users\Jon\Downloads\Patricia+Briggs+-+Mercy+Thompson+Book+8+Night+Broken.torrent
2015-06-13 19:24 - 2015-06-13 19:24 - 00011739 _____ C:\Users\Jon\Downloads\Patricia+Briggs+-+Mercy+Thompson+Book+7+Frost+Burned+Unabridged.torrent
2015-06-13 19:22 - 2015-06-13 19:22 - 00030502 _____ C:\Users\Jon\Downloads\Patricia+Briggs+Audiobook+Collection+-+Mercy+Thompson+and+more.torrent
2015-06-13 19:16 - 2015-06-13 19:16 - 00107042 _____ C:\Users\Jon\Downloads\Kim+Harrison+-+Hollows+1-13+plus+2+other+series+and+Into+the+Woo.torrent
2015-06-13 19:14 - 2015-06-13 19:14 - 00014714 _____ C:\Users\Jon\Downloads\Cassandra+Clare+Audiobooks.torrent
2015-06-13 18:59 - 2015-06-13 18:59 - 00020613 _____ C:\Users\Jon\Downloads\[kat.cr]kingsman.the.secret.service.2014.1080p.brrip.x264.yify.torrent
2015-06-13 18:58 - 2015-06-13 18:58 - 00012883 _____ C:\Users\Jon\Downloads\[kat.cr]kingsman.the.secret.service.2015.720p.hdts.dual.audio.english.hindi.pc.exclsuive.torrent
2015-06-13 18:57 - 2015-06-13 18:57 - 00012883 _____ C:\Users\Jon\Downloads\Kingsman+The+Secret+Service+2015+720p+HDTS%5BDual+Audio%5D%5B+English-+Hindi+%5D-%5BPC%5DExclsuive.torrent
2015-06-11 11:04 - 2015-07-06 14:24 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 11:04 - 2015-07-06 14:24 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 17:32 - 2015-02-12 00:28 - 00000000 ____D C:\Users\Jon\AppData\Roaming\uTorrent
2015-07-11 17:27 - 2015-02-11 17:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3105412986-3712989239-1590487086-1002
2015-07-11 17:03 - 2015-02-15 11:49 - 00004958 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KRAKEN-Jon Kraken
2015-07-11 17:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-11 16:57 - 2015-02-11 17:13 - 00000000 ____D C:\Users\Jon\Documents\Youcam
2015-07-11 16:49 - 2015-02-11 17:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-11 16:47 - 2015-02-11 17:16 - 00000000 ___DO C:\Users\Jon\OneDrive
2015-07-11 16:46 - 2015-02-11 17:27 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-11 16:45 - 2015-02-11 17:10 - 00000000 ____D C:\Users\Jon
2015-07-11 16:44 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 16:37 - 2014-12-18 15:41 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-07-11 15:57 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-11 15:37 - 2015-02-11 17:27 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 12:12 - 2014-12-18 15:49 - 02089422 _____ C:\Windows\SysWOW64\rootpa.e2e
2015-07-11 12:10 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-07-11 12:05 - 2015-02-12 00:28 - 00000000 ____D C:\ProgramData\APN
2015-07-11 11:13 - 2015-03-15 09:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-10 19:42 - 2014-12-18 15:39 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-10 19:37 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-10 13:16 - 2015-02-11 17:26 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BFB52E6D-0F59-4821-B8C8-BA8D2A88DD12}
2015-07-09 19:20 - 2015-04-04 18:43 - 00000000 ____D C:\utorrent
2015-07-08 23:34 - 2015-04-13 20:30 - 00000000 ____D C:\Users\Jon\Desktop\Carla
2015-07-08 22:58 - 2015-05-20 00:09 - 00000000 ____D C:\Windows\Minidump
2015-07-08 12:37 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 00:46 - 2015-04-22 15:48 - 00000000 ____D C:\Users\Jon\Documents\Outlook Files
2015-07-07 23:10 - 2014-03-18 02:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 16:38 - 2015-02-11 17:27 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 16:36 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-06 13:22 - 2015-03-10 14:33 - 00000000 ____D C:\Users\Jon\AppData\Local\Spotify
2015-07-06 13:22 - 2015-03-10 14:32 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Spotify
2015-06-28 16:40 - 2015-03-15 09:08 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-27 09:15 - 2015-04-27 20:28 - 00023691 _____ C:\Users\Jon\Desktop\Las Vegas Recreators Inc. Business Accounts.xlsx
2015-06-24 13:37 - 2015-03-15 09:08 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-24 13:37 - 2015-03-15 09:08 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-24 13:37 - 2015-03-15 09:08 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-24 13:37 - 2015-03-15 09:08 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-24 13:37 - 2015-03-15 09:08 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-24 13:37 - 2015-03-15 09:08 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-24 13:34 - 2015-03-15 09:08 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-24 11:51 - 2015-02-15 11:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-22 13:29 - 2014-12-18 11:27 - 00000000 ____D C:\Users\Jon\Desktop\Chris
2015-06-17 11:57 - 2015-02-24 19:36 - 00000000 __SHD C:\Users\Jon\AppData\Local\EmieBrowserModeList
2015-06-17 11:57 - 2015-02-11 17:26 - 00000000 __SHD C:\Users\Jon\AppData\Local\EmieUserList
2015-06-17 11:57 - 2015-02-11 17:26 - 00000000 __SHD C:\Users\Jon\AppData\Local\EmieSiteList
2015-06-16 22:39 - 2015-02-11 17:11 - 00000000 ____D C:\Users\Jon\AppData\Local\Packages
2015-06-11 11:52 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-06-11 11:03 - 2013-08-22 07:44 - 05105056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 10:58 - 2015-02-14 03:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 10:58 - 2015-02-14 03:25 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 10:58 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-11 10:58 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
 
==================== Files in the root of some directories =======
 
2015-03-01 23:37 - 2015-03-01 23:37 - 0000132 _____ () C:\Users\Jon\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-07-11 00:41 - 2015-07-11 10:01 - 0034354 _____ () C:\ProgramData\I2qi58ro.dat
2015-07-10 20:35 - 2015-07-11 12:06 - 0000112 _____ () C:\ProgramData\nI0cCK6dn.dat
 
Files to move or delete:
====================
C:\ProgramData\I2qi58ro.dat
C:\ProgramData\nI0cCK6dn.dat
 
 
Some files in TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\restartinstance0.exe
C:\Users\Jon\AppData\Local\Temp\Uninstall.exe
C:\Users\Jon\AppData\Local\Temp\UninstallModule.exe
C:\Users\Jon\AppData\Local\Temp\uninstalloffer0.exe
C:\Users\Jon\AppData\Local\Temp\uninstalloffer1.exe
C:\Users\Jon\AppData\Local\Temp\uninstalloffer3.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-07 15:30
 
==================== End of log ============================

  • 0

Advertisements

#2
Essexboy
Posted 12 July 2015 - 05:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the additions.txt as well please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Run: [GoogleChromeAutoLaunch_1476D5075BFDEEA31B57A901BC660F86] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-06] (Google Inc.)
AppInit_DLLs: C:\ProgramData\LolliScan\LolliScan64.dll => C:\ProgramData\LolliScan\LolliScan64.dll File not found
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=M57B03A8F-928F-4362-AE67-176B61E66F90&SearchSource=55&CUI=&UM=8&UP=SP914EEEB9-B805-4B01-A2CD-F3DE8FA6FFF5&D=071115&SSPV=SP30339TB_sp_ff
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-06-24] (Ninja Soft Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-15] (Word Surfer)
2015-07-11 00:56 - 2015-07-11 00:56 - 00004180 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-07-11 00:56 - 2015-07-11 00:56 - 00004170 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-07-11 00:41 - 2015-07-11 10:01 - 00034354 _____ C:\ProgramData\I2qi58ro.dat
2015-07-10 22:43 - 2015-07-10 22:43 - 00000000 ____D C:\ProgramData\50661bab000019bd
2015-07-10 22:37 - 2015-07-11 09:30 - 00000005 _____ C:\END
2015-07-10 22:11 - 2015-07-10 22:11 - 00000000 ____D C:\Program Files (x86)\predm
2015-07-10 22:09 - 2015-07-10 22:09 - 00003740 _____ C:\Windows\System32\Tasks\Convertor
2015-07-10 22:09 - 2015-07-10 22:09 - 00000000 ____D C:\Program Files (x86)\Winsta
2015-07-10 22:09 - 2015-07-10 22:09 - 00000000 ____D C:\Program Files (x86)\Convertor
2015-07-10 22:01 - 2015-07-10 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-07-10 21:59 - 2015-07-10 23:55 - 00002110 _____ C:\Users\Jon\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-07-10 21:54 - 2015-07-11 16:46 - 00000352 ____H C:\Windows\Tasks\KCTPPXQUAIUXXORP.job
2015-07-10 21:54 - 2015-07-11 16:46 - 00000340 _____ C:\Windows\Tasks\WXAOQPACW1.job
2015-07-10 21:54 - 2015-07-11 12:04 - 00000000 ____D C:\ProgramData\Service7609
2015-07-10 21:54 - 2015-07-10 21:54 - 00003356 _____ C:\Windows\System32\Tasks\KCTPPXQUAIUXXORP
2015-07-10 21:54 - 2015-07-10 21:54 - 00002854 _____ C:\Windows\System32\Tasks\WXAOQPACW1
2015-07-10 21:51 - 2015-07-10 21:53 - 00000000 ____D C:\Users\Jon\AppData\Local\Ninja Loader
2015-07-10 21:51 - 2015-07-10 21:51 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-07-10 21:51 - 2015-07-10 21:51 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-07-10 21:50 - 2015-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\Ninja Loader
2015-07-10 20:35 - 2015-07-11 12:06 - 00000112 _____ C:\ProgramData\nI0cCK6dn.dat
2015-07-10 20:15 - 2015-07-10 20:16 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Ebon
2015-07-10 20:15 - 2015-07-10 20:16 - 00000000 ____D C:\Users\Jon\AppData\Local\Ebon
2015-07-10 18:20 - 2015-07-10 19:43 - 00003458 _____ C:\Windows\System32\Tasks\Croureis
2015-07-10 18:16 - 2015-07-10 18:16 - 00000000 ____D C:\ProgramData\Ebon
2015-07-10 18:15 - 2015-07-10 21:48 - 00000000 ____D C:\Program Files (x86)\Ebon
2015-07-10 18:14 - 2015-07-11 00:16 - 00000000 ____D C:\Program Files\WebBar
2015-07-10 18:14 - 2015-07-10 23:13 - 00000000 ____D C:\ProgramData\LpIFDKNYQ
2015-07-10 18:14 - 2015-07-10 18:16 - 00000000 ____D C:\ProgramData\Ebonmedia
2015-07-10 18:13 - 2015-07-11 12:10 - 00000000 ____D C:\Program Files\015
2015-07-10 18:13 - 2015-07-11 12:04 - 00000000 ____D C:\Program Files\13
2015-07-10 18:11 - 2015-07-10 18:12 - 00910255 _____ C:\Users\Jon\Downloads\File_Downloader.jse
C:\Users\Jon\AppData\Local\Ninja Loader
C:\Program Files (x86)\Ninja Loader
C:\ProgramData\LolliScan
C:\Program Files (x86)\Babylon
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
skandranon1971
Posted 12 July 2015 - 10:57 AM

skandranon1971

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Sorry, I forgot the additions.txt.  Here it is:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Jon at 2015-07-11 17:34:39
Running from C:\Users\Jon\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3105412986-3712989239-1590487086-500 - Administrator - Disabled)
Guest (S-1-5-21-3105412986-3712989239-1590487086-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3105412986-3712989239-1590487086-1004 - Limited - Enabled)
Jon (S-1-5-21-3105412986-3712989239-1590487086-1002 - Administrator - Enabled) => C:\Users\Jon
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
calibre 64bit (HKLM\...\{2342B0FF-6738-4AD5-9BD2-563C55ED9D63}) (Version: 2.28.0 - Kovid Goyal)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DocToPDFConverter (HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\DocToPDFConverter) (Version: 01.00.00.00 - VolatoTech)
Dropbox (HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MasterCook Deluxe 9 (HKLM-x32\...\InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}) (Version: 9.0.000 - ValuSoft)
MasterCook Deluxe 9 (x32 Version: 9.0.000 - ValuSoft) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ninja Loader (HKLM-x32\...\Ninja Loader) (Version: 184.0.0.625 - CLICK YES BELOW LP)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.1.11 - Intuit)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Spotify (HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.10 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> No File path
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
24-06-2015 13:32:04 avast! antivirus system restore point
01-07-2015 15:41:46 Scheduled Checkpoint
05-07-2015 20:13:18 Installed calibre 64bit
10-07-2015 19:41:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09D305BE-4792-4731-9F1D-9A0D3F041DBA} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {0B72ACDE-80AD-477A-9689-3A28E2A94CB7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
Task: {133FEFC8-7758-454F-9176-A86C20EFAE97} - System32\Tasks\KCTPPXQUAIUXXORP => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: {190B656F-621B-4239-A96F-3810630BD54B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KRAKEN-Jon Kraken => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation)
Task: {1B6801B9-CCF6-4D3C-9F37-48A8CADF081B} - \WinKit No Task File <==== ATTENTION
Task: {31C39732-B22F-4216-AE19-B71E650B9652} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {332E27EE-211A-43F1-91BF-9E48F64FA5FB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3105412986-3712989239-1590487086-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {3508F23B-C080-4EBF-A992-CDAFDCD0A7E0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-24] (Avast Software s.r.o.)
Task: {38648350-507E-42EC-8EE5-4692BDC00C9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {468C81C0-46A2-4022-A892-82BA74233F92} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {528EA2A7-E0F5-4537-8C77-F2C8FF53AA43} - \Winsta Update No Task File <==== ATTENTION
Task: {72BB5732-212B-4358-B374-23931E33B8F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {7AE42B6A-B3EE-438A-AA6A-5A17940D679E} - System32\Tasks\Croureis => C:\ProgramData\Croureis\1.0.4.1\ouhirlat.exe
Task: {7EC31002-6B00-4183-92EB-06F5F2C9D12E} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe
Task: {A76D1F38-721F-49A2-9114-BF12E3A37DB0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {AA0E86C3-C702-4AD9-8E7A-888B705EF9E5} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe
Task: {AC5EE239-4457-44B0-81FF-99ED6968A83B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {BF1CE8F9-8400-4F66-A4ED-22F7C416254E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {BF7E41C7-7838-4122-935B-4D6639C3BCF3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {C058B08F-699F-470F-B2C6-F9665951813B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {C74EC957-0E77-4E0B-9E87-B5751DEC1602} - System32\Tasks\Convertor => C:\Program Files (x86)\Convertor\Convertor.exe [2014-11-25] ()
Task: {CB5DC25C-BDDA-4A6C-9F10-597D0ACCD274} - System32\Tasks\WXAOQPACW1 => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
Task: {D049B90C-A52B-47E1-BBFB-7DA15B8FB569} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-12] (Synaptics Incorporated)
Task: {D68CEF0E-E7A9-4517-8CD2-0BA8F67C906A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {D9BA5766-5D5C-48B8-84C2-C42D05AE8C35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {DAE6D20F-4BDF-4F90-B28B-73279A45EDC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-11] (Google Inc.)
Task: {F3B52039-48EF-491C-AAC2-6D0FAAEC3644} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-11] (Google Inc.)
Task: {F722D35D-16F5-4850-ADD0-21D2FE31AEE0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\KCTPPXQUAIUXXORP.job => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: C:\Windows\Tasks\WXAOQPACW1.job => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-04-17 16:38 - 2014-04-17 16:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 16:37 - 2014-04-17 16:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-15 11:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-13 14:32 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-07-02 21:37 - 2015-07-02 21:37 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-03-02 15:01 - 2015-03-02 15:01 - 00127488 _____ () C:\Users\Jon\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook.Ba70e54e13#\8823bdb58000ba3c428e18bc54c37f8d\Facebook.BackgroundTasks.ni.dll
2015-03-02 15:00 - 2015-03-02 15:00 - 01782272 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\f1407bb1d381cf5dee299c4e5f0fdf9d\Windows.ApplicationModel.ni.dll
2015-03-02 15:01 - 2015-03-02 15:01 - 01134592 _____ () C:\Users\Jon\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Win8-Base\a57e2bbb2149b11b1840208efc036f21\Facebook-Win8-Base.ni.dll
2015-03-02 15:01 - 2015-03-02 15:01 - 00619520 _____ () C:\Users\Jon\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Base\b9acb2231bcf37635da949da7727727b\Facebook-Base.ni.dll
2015-06-24 13:36 - 2015-06-24 13:36 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-24 13:35 - 2015-06-24 13:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-11 09:31 - 2015-07-11 09:31 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071101\algo.dll
2015-06-24 22:47 - 2015-06-24 22:47 - 00109160 _____ () C:\Program Files (x86)\Ninja Loader\Modules\Core.dll
2015-06-24 22:47 - 2015-06-24 22:47 - 00058984 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BdUdr.dll
2015-06-24 22:48 - 2015-06-24 22:48 - 00041576 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WInIn.dll
2015-06-24 22:47 - 2015-06-24 22:47 - 00039528 _____ () C:\Program Files (x86)\Ninja Loader\Modules\ArSp.dll
2015-06-24 22:47 - 2015-06-24 22:47 - 00118376 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BrSp.dll
2015-06-24 22:47 - 2015-06-24 22:47 - 00092776 _____ () C:\Program Files (x86)\Ninja Loader\Modules\CdPrc.dll
2015-06-24 22:48 - 2015-06-24 22:48 - 00096872 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WbSt.dll
2015-06-24 22:48 - 2015-06-24 22:48 - 00056424 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WdCtl.dll
2014-12-18 15:59 - 2013-08-05 00:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-15 11:40 - 2015-02-24 11:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-07-07 16:38 - 2015-07-06 20:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 16:38 - 2015-07-06 20:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-03-15 09:08 - 2015-03-15 09:08 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-10 21:53 - 2015-03-26 07:13 - 01091584 _____ () C:\Users\Jon\AppData\Local\Ninja Loader\Discover\libglesv2.dll
2015-07-10 21:53 - 2015-03-26 07:13 - 00167936 _____ () C:\Users\Jon\AppData\Local\Ninja Loader\Discover\libEGL.dll
2015-07-10 21:53 - 2015-03-26 07:39 - 08569856 _____ () C:\Users\Jon\AppData\Local\Ninja Loader\Discover\pdf.dll
2015-07-10 21:53 - 2015-03-26 07:18 - 00324608 _____ () C:\Users\Jon\AppData\Local\Ninja Loader\Discover\ppGoogleNaClPluginChrome.dll
2015-07-10 21:53 - 2015-03-26 07:14 - 00880128 _____ () C:\Users\Jon\AppData\Local\Ninja Loader\Discover\ffmpegsumo.dll
2015-07-10 21:53 - 2014-09-22 21:07 - 14891848 _____ () C:\Users\Jon\AppData\Local\Ninja Loader\Discover\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Jon\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 68.105.28.12 - 68.105.29.12
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F26E318E-F8E6-4304-8528-D9472D025A41}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A03BDEAE-2D1C-4F97-9654-E8089BFB5FE0}] => (Allow) LPort=2869
FirewallRules: [{F349FAC7-A5F1-4A58-AD60-D778018A4144}] => (Allow) LPort=1900
FirewallRules: [{EEB67E36-F536-4275-B56B-31138E6A5707}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59AE4ACA-E402-4FF3-BF30-7F813E854B40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4C26D77-A3FE-4554-8E4F-90D66D019FA6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D1D8E13-C220-42BB-BB15-8621D7F723E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5CE354C7-3610-4F9D-8DF9-74CDFCF2D43B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F39118C7-EF43-41B6-83F5-270CB0976404}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FEB3BB0C-B70E-4FA9-8C95-10625F668E31}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0B5D028D-8A78-4050-A1A8-C4E18266819C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{2EF0770A-74B8-4752-90C6-B98CB5FD3D89}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{0ECE08FA-6B5F-468F-8557-AA2F1FA6E03C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{E9DDEF72-15C8-4650-93B7-FD1118F66EA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB401012-3AC7-4124-8E14-1783FC6D9578}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD408DC7-F835-45CA-9C0E-E7B091FD4D41}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F2B43702-24AF-4FCB-8C03-8EAFFE6522E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6F1E2DD7-944C-4BBC-ADBA-2F51C2BEF7FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{24F63439-10C4-4D60-81E6-6E5353D5596C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{AAB9CBAF-15BF-42E3-80D5-E4FFF06FA5F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{7CBF2F9D-029F-41FB-95F9-2E177696909F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{84AA0463-A13B-440F-B981-5DD920B4916B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{5892AC9A-7DD9-4649-9F55-F02FD3A96828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{C60A5E51-F207-4A15-A0A6-94F3D0ED9B2E}] => (Allow) C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A87467DB-177B-45EB-8913-F46FA987361E}] => (Allow) C:\Users\Jon\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{33F9155B-FC75-4674-8BAB-8B488E28B5E2}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{EE83B064-951F-417F-A4DB-0B3D230E9EA2}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1976A906-FBE2-42DD-B9D3-9FD16A2D86F2}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{05993709-C928-47DB-8ACB-33569B1FE972}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{D029409C-B468-4D08-8029-2F941FD3E029}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{80E2D27B-36A2-4761-8D39-73DD4DB045B9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1AE87FBC-81CC-4D6D-871E-33FDBCE214C9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{87DEBC21-3ECC-4380-9049-165B75D8BD6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{004B13B9-9DBE-4A06-A765-03E0E3524C0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B0A8D49-318D-436C-941C-7E86936CA291}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{217150C1-C4DD-4096-B1B6-1393E65BC179}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/11/2015 05:34:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 28cc
 
Start Time: 01d0bc39d8bdbfd0
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: cdb7a1d4-282d-11e5-82a0-1458d0c06312
 
Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (07/11/2015 04:51:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 764
 
Start Time: 01d0bc33c7404488
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: bdee34b3-2827-11e5-82a0-1458d0c06312
 
Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (07/11/2015 04:51:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1454
 
Start Time: 01d0bc33c749cdfc
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: bdea640c-2827-11e5-82a0-1458d0c06312
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/11/2015 03:37:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 81c
 
Start Time: 01d0bc296baa7910
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 5ff69cb9-281d-11e5-829f-1458d0c06312
 
Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (07/11/2015 03:37:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1858
 
Start Time: 01d0bc296babb19b
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 5fcec8da-281d-11e5-829f-1458d0c06312
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/11/2015 12:05:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b7fc
 
Start Time: 01d0bc0b7d2666ea
 
Termination Time: 4294967295
 
Application Path: C:\Windows\syswow64\wwahost.exe
 
Report Id: cae8e255-27ff-11e5-829e-1458d0c06312
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (07/11/2015 12:03:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cd78
 
Start Time: 01d0bc0b7d0808fe
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 71850e05-27ff-11e5-829e-1458d0c06312
 
Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (07/11/2015 11:50:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c76c
 
Start Time: 01d0bc0965114832
 
Termination Time: 4294967295
 
Application Path: C:\Windows\syswow64\wwahost.exe
 
Report Id: b1a19a1f-27fd-11e5-829e-1458d0c06312
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (07/11/2015 11:48:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c760
 
Start Time: 01d0bc0965100fa6
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 5957edbb-27fd-11e5-829e-1458d0c06312
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/11/2015 11:48:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c6b0
 
Start Time: 01d0bc096437117e
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 5965a99e-27fd-11e5-829e-1458d0c06312
 
Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (07/11/2015 04:45:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%2
 
Error: (07/11/2015 04:44:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GSafe service failed to start due to the following error: 
%%3
 
Error: (07/11/2015 03:35:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (07/11/2015 12:11:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%2
 
Error: (07/11/2015 12:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GSafe service failed to start due to the following error: 
%%3
 
Error: (07/11/2015 12:09:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.
 
Error: (07/11/2015 12:09:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the tbaseprovisioning service.
 
Error: (07/11/2015 12:09:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
Error: (07/11/2015 12:09:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfevtp service.
 
Error: (07/11/2015 12:07:46 PM) (Source: DCOM) (EventID: 10010) (User: KRAKEN)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
 
Microsoft Office:
=========================
Error: (07/11/2015 05:34:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741528cc01d0bc39d8bdbfd04294967295C:\Windows\system32\backgroundTaskHost.execdb7a1d4-282d-11e5-82a0-1458d0c06312Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp
 
Error: (07/11/2015 04:51:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741576401d0bc33c74044884294967295C:\Windows\system32\backgroundTaskHost.exebdee34b3-2827-11e5-82a0-1458d0c06312Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp
 
Error: (07/11/2015 04:51:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911145401d0bc33c749cdfc4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exebdea640c-2827-11e5-82a0-1458d0c06312microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/11/2015 03:37:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741581c01d0bc296baa79104294967295C:\Windows\system32\backgroundTaskHost.exe5ff69cb9-281d-11e5-829f-1458d0c06312Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp
 
Error: (07/11/2015 03:37:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911185801d0bc296babb19b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe5fcec8da-281d-11e5-829f-1458d0c06312microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/11/2015 12:05:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415b7fc01d0bc0b7d2666ea4294967295C:\Windows\syswow64\wwahost.execae8e255-27ff-11e5-829e-1458d0c06312Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp
 
Error: (07/11/2015 12:03:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415cd7801d0bc0b7d0808fe4294967295C:\Windows\system32\backgroundTaskHost.exe71850e05-27ff-11e5-829e-1458d0c06312Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp
 
Error: (07/11/2015 11:50:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415c76c01d0bc09651148324294967295C:\Windows\syswow64\wwahost.exeb1a19a1f-27fd-11e5-829e-1458d0c06312Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp
 
Error: (07/11/2015 11:48:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911c76001d0bc0965100fa64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe5957edbb-27fd-11e5-829e-1458d0c06312microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/11/2015 11:48:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415c6b001d0bc096437117e4294967295C:\Windows\system32\backgroundTaskHost.exe5965a99e-27fd-11e5-829e-1458d0c06312Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-11 01:12:12.073
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-07-10 18:17:11.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 18:17:10.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 18:17:10.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 18:17:10.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 18:17:10.126
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 18:17:09.860
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 18:17:09.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 75%
Total physical RAM: 3528.98 MB
Available physical RAM: 848.8 MB
Total Virtual: 7112.98 MB
Available Virtual: 3214.22 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.2 GB) (Free:123.2 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.54 GB) (Free:1.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (MasterCook 9) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 50891092)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 
And here is the fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Jon at 2015-07-12 09:14:26 Run:1
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\...\Run: [GoogleChromeAutoLaunch_1476D5075BFDEEA31B57A901BC660F86] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-06] (Google Inc.)
AppInit_DLLs: C:\ProgramData\LolliScan\LolliScan64.dll => C:\ProgramData\LolliScan\LolliScan64.dll File not found
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=M57B03A8F-928F-4362-AE67-176B61E66F90&SearchSource=55&CUI=&UM=8&UP=SP914EEEB9-B805-4B01-A2CD-F3DE8FA6FFF5&D=071115&SSPV=SP30339TB_sp_ff
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-06-24] (Ninja Soft Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-15] (Word Surfer)
2015-07-11 00:56 - 2015-07-11 00:56 - 00004180 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-07-11 00:56 - 2015-07-11 00:56 - 00004170 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-07-11 00:41 - 2015-07-11 10:01 - 00034354 _____ C:\ProgramData\I2qi58ro.dat
2015-07-10 22:43 - 2015-07-10 22:43 - 00000000 ____D C:\ProgramData\50661bab000019bd
2015-07-10 22:37 - 2015-07-11 09:30 - 00000005 _____ C:\END
2015-07-10 22:11 - 2015-07-10 22:11 - 00000000 ____D C:\Program Files (x86)\predm
2015-07-10 22:09 - 2015-07-10 22:09 - 00003740 _____ C:\Windows\System32\Tasks\Convertor
2015-07-10 22:09 - 2015-07-10 22:09 - 00000000 ____D C:\Program Files (x86)\Winsta
2015-07-10 22:09 - 2015-07-10 22:09 - 00000000 ____D C:\Program Files (x86)\Convertor
2015-07-10 22:01 - 2015-07-10 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-07-10 21:59 - 2015-07-10 23:55 - 00002110 _____ C:\Users\Jon\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-07-10 21:54 - 2015-07-11 16:46 - 00000352 ____H C:\Windows\Tasks\KCTPPXQUAIUXXORP.job
2015-07-10 21:54 - 2015-07-11 16:46 - 00000340 _____ C:\Windows\Tasks\WXAOQPACW1.job
2015-07-10 21:54 - 2015-07-11 12:04 - 00000000 ____D C:\ProgramData\Service7609
2015-07-10 21:54 - 2015-07-10 21:54 - 00003356 _____ C:\Windows\System32\Tasks\KCTPPXQUAIUXXORP
2015-07-10 21:54 - 2015-07-10 21:54 - 00002854 _____ C:\Windows\System32\Tasks\WXAOQPACW1
2015-07-10 21:51 - 2015-07-10 21:53 - 00000000 ____D C:\Users\Jon\AppData\Local\Ninja Loader
2015-07-10 21:51 - 2015-07-10 21:51 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-07-10 21:51 - 2015-07-10 21:51 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-07-10 21:50 - 2015-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\Ninja Loader
2015-07-10 20:35 - 2015-07-11 12:06 - 00000112 _____ C:\ProgramData\nI0cCK6dn.dat
2015-07-10 20:15 - 2015-07-10 20:16 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Ebon
2015-07-10 20:15 - 2015-07-10 20:16 - 00000000 ____D C:\Users\Jon\AppData\Local\Ebon
2015-07-10 18:20 - 2015-07-10 19:43 - 00003458 _____ C:\Windows\System32\Tasks\Croureis
2015-07-10 18:16 - 2015-07-10 18:16 - 00000000 ____D C:\ProgramData\Ebon
2015-07-10 18:15 - 2015-07-10 21:48 - 00000000 ____D C:\Program Files (x86)\Ebon
2015-07-10 18:14 - 2015-07-11 00:16 - 00000000 ____D C:\Program Files\WebBar
2015-07-10 18:14 - 2015-07-10 23:13 - 00000000 ____D C:\ProgramData\LpIFDKNYQ
2015-07-10 18:14 - 2015-07-10 18:16 - 00000000 ____D C:\ProgramData\Ebonmedia
2015-07-10 18:13 - 2015-07-11 12:10 - 00000000 ____D C:\Program Files\015
2015-07-10 18:13 - 2015-07-11 12:04 - 00000000 ____D C:\Program Files\13
2015-07-10 18:11 - 2015-07-10 18:12 - 00910255 _____ C:\Users\Jon\Downloads\File_Downloader.jse
C:\Users\Jon\AppData\Local\Ninja Loader
C:\Program Files (x86)\Ninja Loader
C:\ProgramData\LolliScan
C:\Program Files (x86)\Babylon
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mcpltui_exe => value removed successfully
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_1476D5075BFDEEA31B57A901BC660F86 => value removed successfully
"C:\ProgramData\LolliScan\LolliScan64.dll" => value data removed successfully.
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => key removed successfully
"HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-mfe-ipt => key not found. 
"HKCR\Wow6432Node\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}" => key removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox homepage removed successfully
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
"FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] () not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
HomeNetSvc => Unable to stop service.
HomeNetSvc => Service removed successfully
McAPExe => Unable to stop service.
McAPExe => Service could not remove
McAWFwk => Service removed successfully
mccspsvc => Unable to stop service.
mccspsvc => Service could not remove
McMPFSvc => Unable to stop service.
McMPFSvc => Service could not remove
McNaiAnn => Unable to stop service.
McNaiAnn => Service could not remove
McODS => Service could not remove
McOobeSv2 => Service removed successfully
mcpltsvc => Unable to stop service.
mcpltsvc => Service could not remove
McProxy => Unable to stop service.
McProxy => Service could not remove
mfecore => Unable to stop service.
mfecore => Service could not remove
mfefire => Unable to stop service.
mfefire => Service could not remove
mfevtp => Unable to stop service.
mfevtp => Service could not remove
MSK80Service => Unable to stop service.
MSK80Service => Service could not remove
NinjaLoaderService => Unable to stop service.
NinjaLoaderService => Service removed successfully
cfwids => Unable to stop service.
cfwids => Service could not remove
HipShieldK => Service could not remove
mfeapfk => Unable to stop service.
mfeapfk => Service could not remove
mfeavfk => Unable to stop service.
mfeavfk => Service could not remove
mfeelamk => Service could not remove
mfefirek => Unable to stop service.
mfefirek => Service could not remove
mfehidk => Unable to stop service.
mfehidk => Service could not remove
mfencbdc => Unable to stop service.
mfencbdc => Service could not remove
mfencrk => Service could not remove
mfewfpk => Unable to stop service.
mfewfpk => Service could not remove
wsafd_1_10_0_19 => Unable to stop service.
wsafd_1_10_0_19 => Service removed successfully
C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => moved successfully.
C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => moved successfully.
C:\ProgramData\I2qi58ro.dat => moved successfully.
C:\ProgramData\50661bab000019bd => moved successfully.
C:\END => moved successfully.
C:\Program Files (x86)\predm => moved successfully.
C:\Windows\System32\Tasks\Convertor => moved successfully.
C:\Program Files (x86)\Winsta => moved successfully.
C:\Program Files (x86)\Convertor => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip => moved successfully.
C:\Users\Jon\Desktop\Continue GamesDesktop Uninstaller.lnk => moved successfully.
C:\Windows\Tasks\KCTPPXQUAIUXXORP.job => moved successfully.
C:\Windows\Tasks\WXAOQPACW1.job => moved successfully.
C:\ProgramData\Service7609 => moved successfully.
C:\Windows\System32\Tasks\KCTPPXQUAIUXXORP => moved successfully.
C:\Windows\System32\Tasks\WXAOQPACW1 => moved successfully.
 
"C:\Users\Jon\AppData\Local\Ninja Loader" folder move:
 
Could not move "C:\Users\Jon\AppData\Local\Ninja Loader" folder => Scheduled to move on reboot.
 
C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader => moved successfully.
C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 => moved successfully.
C:\Program Files (x86)\Ninja Loader => moved successfully.
C:\ProgramData\nI0cCK6dn.dat => moved successfully.
C:\Users\Jon\AppData\Roaming\Ebon => moved successfully.
C:\Users\Jon\AppData\Local\Ebon => moved successfully.
C:\Windows\System32\Tasks\Croureis => moved successfully.
C:\ProgramData\Ebon => moved successfully.
C:\Program Files (x86)\Ebon => moved successfully.
C:\Program Files\WebBar => moved successfully.
C:\ProgramData\LpIFDKNYQ => moved successfully.
C:\ProgramData\Ebonmedia => moved successfully.
C:\Program Files\015 => moved successfully.
C:\Program Files\13 => moved successfully.
C:\Users\Jon\Downloads\File_Downloader.jse => moved successfully.
 
"C:\Users\Jon\AppData\Local\Ninja Loader" folder move:
 
Could not move "C:\Users\Jon\AppData\Local\Ninja Loader" folder => Scheduled to move on reboot.
 
"C:\Program Files (x86)\Ninja Loader" => File/Folder not found.
"C:\ProgramData\LolliScan" => File/Folder not found.
"C:\Program Files (x86)\Babylon" => File/Folder not found.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::8d44:79de:1b62:544e%3
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::8d44:79de:1b62:544e%3
   IPv4 Address. . . . . . . . . . . : 192.168.0.16
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3105412986-3712989239-1590487086-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {BC5DAE3A-3619-4A37-909B-FD2239522622}.
Unable to cancel {ED563B2E-EEE8-4275-8EC9-EC04A5EA8EBC}.
Unable to cancel {BD6EBC20-07D4-4EC4-8EFE-A610D592A512}.
{3EB3F0D5-0C3F-4C88-8269-0DAF800AEB53} canceled.
{925034DA-B530-44E7-9F2E-01C4C6B71363} canceled.
{7B0C2C7A-86E8-4363-8898-1A0106C8F1B7} canceled.
{E6BDDA5C-00F4-4E1B-93D7-D1ECE5A1799A} canceled.
{4D2D8BFE-C585-4D07-909E-36BE6C220DB3} canceled.
{1B383549-33E2-4032-ABDF-7EB1E69C0BAA} canceled.
{0903A69D-15B5-4EB2-82B9-6E57783D9642} canceled.
{9701FD0A-28D5-41EB-84CA-D0D329988099} canceled.
{A7F06365-C32A-4386-8DD3-7D5AB60AE36C} canceled.
{A9D0B883-D738-4DDB-A400-5FDAE4408546} canceled.
{8B13282B-20CA-4080-ABE9-51BF46A662AA} canceled.
{23FB93CA-4308-4C03-89B6-810E7145A854} canceled.
{1112C6EE-6C82-4606-AB7D-084A7DBFFF69} canceled.
{0DBCA96B-0CFE-48F6-935F-E242492A3923} canceled.
{05AF304A-2147-4037-9341-EAD8BB9E85CE} canceled.
{7787E892-63CA-4F32-A15B-16DDC81889CE} canceled.
{AD8EC6BE-2E29-4361-901E-0A88E868DEBF} canceled.
{2ED1F814-9CDA-4F57-957E-342551381F3B} canceled.
{B0671E5A-D7CB-4B9B-80DC-F6E760525B3A} canceled.
{0041C297-BF2C-4147-98CC-5F0D160E54F9} canceled.
{3D3B9CB4-452A-432F-861F-0F5A9658AD7C} canceled.
{0C4CA2D1-9AE4-4B25-B296-7E5B8118E85A} canceled.
{931412B5-ED42-4211-AAD9-D65874EDC677} canceled.
{D8E4E8E9-A18B-469E-832B-1514D3580C7C} canceled.
{ADD0F598-34B5-403A-92B6-F146A728BC8D} canceled.
{0254DF60-E7C4-4344-8DF8-D891E92AC766} canceled.
{B34B8C80-59F5-4ED5-8F79-38C49C6D5BAE} canceled.
{1A5F70AE-DBCB-4663-A7FD-B534C12F11AC} canceled.
{FB919FBD-A4E7-4DFB-B963-448593FDB0C7} canceled.
{770A52CB-7F23-48F7-8C46-238FE652AE76} canceled.
{3AF2C928-5DD2-46DD-9201-591847DB049E} canceled.
{FBF648D9-0A17-4AE0-AB0D-10B0F1DA987B} canceled.
{0D0253D1-3ED8-4B4C-8E11-96711BA24C62} canceled.
{9241A544-4235-46F7-A7D4-D3BEC96E6584} canceled.
{3D3CA714-A61D-440D-96E3-2C434B8C11CF} canceled.
{75165A97-7EB5-454D-88FF-97FF9468B99F} canceled.
{FA47F10D-BAD3-4DCA-8EDC-7DE91A061867} canceled.
{3BA2A64A-2555-48A3-BEA0-79991F076EEF} canceled.
{F0C72D56-FF55-47CC-9BAD-E87F3FDFD8C5} canceled.
{66D6F0AE-88E8-4866-9A8F-D64138C77730} canceled.
{EDA892F1-ACE7-4BB1-B073-28C7ECCE97C3} canceled.
{D69245EC-F121-4038-8313-6C9DC521E8EF} canceled.
{A856B495-F094-4744-A387-4798BB9497F3} canceled.
{4659C8D0-B520-43CD-9284-F434657C96DD} canceled.
{FF3FD2A6-D2B4-44E0-83A9-150F13B7EF02} canceled.
{AB459823-2958-474D-8AAB-D5FE0ED64485} canceled.
{3C3B5A3B-BFEE-4783-A8EE-D6E82B1B517B} canceled.
{F2173D7E-530A-493E-8635-00EFCF6EF75D} canceled.
{7CE82DD7-01ED-4BDB-BB1F-DB43AD61B09E} canceled.
{8C289EBC-FF6C-49E4-9955-4837992845E3} canceled.
{EDA36AAD-0147-4B6C-B0FF-E9E963756200} canceled.
{169070DF-DCC7-4D56-A4B6-A2E24E902314} canceled.
{5328D872-2EE5-4896-A54A-7AC864169801} canceled.
{DE73AD13-FE08-4BDF-B94F-3364157A80E5} canceled.
{541F8D46-6538-4413-BFAE-C60687AC1AD1} canceled.
{6137DC72-370E-471B-934D-9650891725A8} canceled.
{9F1BDAA4-1DB8-4264-B152-086302A70599} canceled.
{FB1EC3DC-7933-41BA-AD4D-0409FEBDFC1E} canceled.
{C8996035-35C1-4725-9AA1-33084E7B2F16} canceled.
{7DBE1EFC-6C36-4E24-A81A-B68AB6CF69BE} canceled.
60 out of 63 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 831.2 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-12 09:49:06)<=
 
C:\Users\Jon\AppData\Local\Ninja Loader => Is moved successfully
C:\Users\Jon\AppData\Local\Ninja Loader => Is moved successfully
 
==== End of Fixlog 09:49:06 ====

 


  • 0

#4
Essexboy
Posted 12 July 2015 - 11:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once you have run AdwCleaner then please do the following :

Download and run the McAfee removal tool from here http://us.mcafee.com...s/mcpr/mcpr.asp

Once that has completed then :

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> No File path
Task: {133FEFC8-7758-454F-9176-A86C20EFAE97} - System32\Tasks\KCTPPXQUAIUXXORP => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: {1B6801B9-CCF6-4D3C-9F37-48A8CADF081B} - \WinKit No Task File <==== ATTENTION
Task: {528EA2A7-E0F5-4537-8C77-F2C8FF53AA43} - \Winsta Update No Task File <==== ATTENTION
Task: {7AE42B6A-B3EE-438A-AA6A-5A17940D679E} - System32\Tasks\Croureis => C:\ProgramData\Croureis\1.0.4.1\ouhirlat.exe
Task: {7EC31002-6B00-4183-92EB-06F5F2C9D12E} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe
Task: {AA0E86C3-C702-4AD9-8E7A-888B705EF9E5} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe
Task: {C74EC957-0E77-4E0B-9E87-B5751DEC1602} - System32\Tasks\Convertor => C:\Program Files (x86)\Convertor\Convertor.exe [2014-11-25] ()
Task: {CB5DC25C-BDDA-4A6C-9F10-597D0ACCD274} - System32\Tasks\WXAOQPACW1 => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
Task: C:\Windows\Tasks\KCTPPXQUAIUXXORP.job => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: C:\Windows\Tasks\WXAOQPACW1.job => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
C:\ProgramData\Service7609
C:\ProgramData\Croureis
C:\Program Files (x86)\WordSurfer_1.10.0.19
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

How is the computer now behaving
  • 0

#5
skandranon1971
Posted 14 July 2015 - 07:38 PM

skandranon1971

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Is part of the fix instructions missing?  They seem to be missing some before the adwcleaner line.  I just want t make sure I run it in order.


  • 0

#6
Essexboy
Posted 15 July 2015 - 07:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The second fix I posted was based on analysis of the additions log and is just other bits that will tidy the system up.. Has the ninja gone now ?
  • 0

#7
skandranon1971
Posted 16 July 2015 - 01:49 PM

skandranon1971

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Yes, Ninja Loader is still showing in the Programs and Features.  here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Jon at 2015-07-15 16:06:13 Run:2
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> No File path
Task: {133FEFC8-7758-454F-9176-A86C20EFAE97} - System32\Tasks\KCTPPXQUAIUXXORP => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: {1B6801B9-CCF6-4D3C-9F37-48A8CADF081B} - \WinKit No Task File <==== ATTENTION
Task: {528EA2A7-E0F5-4537-8C77-F2C8FF53AA43} - \Winsta Update No Task File <==== ATTENTION
Task: {7AE42B6A-B3EE-438A-AA6A-5A17940D679E} - System32\Tasks\Croureis => C:\ProgramData\Croureis\1.0.4.1\ouhirlat.exe
Task: {7EC31002-6B00-4183-92EB-06F5F2C9D12E} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe
Task: {AA0E86C3-C702-4AD9-8E7A-888B705EF9E5} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe
Task: {C74EC957-0E77-4E0B-9E87-B5751DEC1602} - System32\Tasks\Convertor => C:\Program Files (x86)\Convertor\Convertor.exe [2014-11-25] ()
Task: {CB5DC25C-BDDA-4A6C-9F10-597D0ACCD274} - System32\Tasks\WXAOQPACW1 => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
Task: C:\Windows\Tasks\KCTPPXQUAIUXXORP.job => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: C:\Windows\Tasks\WXAOQPACW1.job => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
C:\ProgramData\Service7609
C:\ProgramData\Croureis
C:\Program Files (x86)\WordSurfer_1.10.0.19
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
"HKU\S-1-5-21-3105412986-3712989239-1590487086-1002_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{133FEFC8-7758-454F-9176-A86C20EFAE97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{133FEFC8-7758-454F-9176-A86C20EFAE97}" => key removed successfully
C:\Windows\System32\Tasks\KCTPPXQUAIUXXORP not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KCTPPXQUAIUXXORP" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B6801B9-CCF6-4D3C-9F37-48A8CADF081B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinKit => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{528EA2A7-E0F5-4537-8C77-F2C8FF53AA43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{528EA2A7-E0F5-4537-8C77-F2C8FF53AA43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winsta Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7AE42B6A-B3EE-438A-AA6A-5A17940D679E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AE42B6A-B3EE-438A-AA6A-5A17940D679E}" => key removed successfully
C:\Windows\System32\Tasks\Croureis not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Croureis" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7EC31002-6B00-4183-92EB-06F5F2C9D12E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EC31002-6B00-4183-92EB-06F5F2C9D12E}" => key removed successfully
C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA0E86C3-C702-4AD9-8E7A-888B705EF9E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA0E86C3-C702-4AD9-8E7A-888B705EF9E5}" => key removed successfully
C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C74EC957-0E77-4E0B-9E87-B5751DEC1602} => key not found. 
C:\Windows\System32\Tasks\Convertor not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Convertor => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB5DC25C-BDDA-4A6C-9F10-597D0ACCD274}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB5DC25C-BDDA-4A6C-9F10-597D0ACCD274}" => key removed successfully
C:\Windows\System32\Tasks\WXAOQPACW1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WXAOQPACW1" => key removed successfully
C:\Windows\Tasks\KCTPPXQUAIUXXORP.job not found.
C:\Windows\Tasks\WXAOQPACW1.job not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefire => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp => key not found. 
"C:\ProgramData\Service7609" => File/Folder not found.
"C:\ProgramData\Croureis" => File/Folder not found.
"C:\Program Files (x86)\WordSurfer_1.10.0.19" => File/Folder not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 384.6 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 16:07:52 ====
 
# AdwCleaner v4.208 - Logfile created 15/07/2015 at 15:08:50
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Jon - KRAKEN
# Running from : C:\Users\Jon\Desktop\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\ORBTR
Folder Deleted : C:\Program Files (x86)\GSafe
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\Jon\AppData\Local\PackageAware
Folder Deleted : C:\Users\Jon\AppData\LocalLow\SmartWeb
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Convertor
Task Deleted : WinKit
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SOFTWARE\37f00aa1-83e4-9a34-a333-ba2ed646fd2e
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Deleted : [x64] HKLM\SOFTWARE\WebBar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v39.0 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":8192,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13075837664670203","lastpingday":"13075801216430039","location":6,"manifest":{"background":{"scripts":["apnAPI.js","settings/assets.js","settings/redirect.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp
[C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 3F90E311714F0D104EF857208A0970DC9014FC9801CF5A6EF1B250EA8EFB1A40"},"software_reporter":{"prompt_reason":"B26C229DF54C0877C8B9CE8F008B005A5F6A83A770FB348951DE81DB44E072A4","prompt_seed":"92B650A3B47140FF7F25D54FEF2104741911BD9C0555A5A565E4D2F144EC1ED7","prompt_version":"853A5BDCF7C94D9FB4B31BBCBAC80269C7394568FB728E524E7BD092423F93D0"},"sync":{"remaining_rollback_tries":"61AFA654846A6D03870ACCB3056961B48C7C41D7FBC1979AA636EF8DA7D2652E"}},"super_mac":"8D6371DEC69BFCFBB08E1A9C0A5B392248DDDB29B0A54724FA4A944ABCEDF07B"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://search.conduit.com/?ctid=CT3321898&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPDB001513-0FCA-4820-9231-78A69831D397&SSPV=SP30339TB_sp_ch&ISID=
 
*************************
 
AdwCleaner[R0].txt - [4174 bytes] - [15/07/2015 15:06:36]
AdwCleaner[S0].txt - [3896 bytes] - [15/07/2015 15:08:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3955  bytes] ##########
 

  • 0

#8
Essexboy
Posted 16 July 2015 - 01:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
From programmes and features select ninja to uninstall, windows should now offer to remove the entry


How is the computer behaving now ?
  • 0

#9
skandranon1971
Posted 18 July 2015 - 11:22 AM

skandranon1971

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Yes, it let me remove it from the Programs and features.  The computer is doing much better.


  • 0

#10
Essexboy
Posted 18 July 2015 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#11
Essexboy
Posted 21 July 2015 - 07:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP