Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help removing "Ads by Jabuticata" [Solved]

Malware?

  • This topic is locked This topic is locked

#1
Johnde2000

Johnde2000

    Member

  • Member
  • PipPip
  • 44 posts

Been a couple of days trying to remove this. When I think I've finally got it, it pops back in. I get a full page ad, redirects and a small banner at bottom right stating "Ads by Jabuticata". I've tried free versions of AVG, Ccleaner, SuperAntiSpyware, Malwarebytes, SpyHunter and Rouge Killer. Nothing seems to work. I have uninstalled and reinstalled Firefox. Any help would be greatly appreciated.


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by John (administrator) on JOHN-PC-1 (29-07-2015 14:17:34)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-18] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E9C7566B-7793-4DBE-9A0F-520B2635A5DF}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E9C7566B-7793-4DBE-9A0F-520B2635A5DF}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ds0wymt4.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-26] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4074055908-3935984809-2394099874-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-4074055908-3935984809-2394099874-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ds0wymt4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-02]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-06-02] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2013-11-04] (Andrea Electronics Corporation)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-08] ()
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-04] ()
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 cpuz134; \??\C:\Users\John\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 14:17 - 2015-07-29 14:18 - 00013224 _____ C:\Users\John\Downloads\FRST.txt
2015-07-29 14:14 - 2015-07-29 14:17 - 00000000 ___DC C:\FRST
2015-07-29 14:13 - 2015-07-29 14:14 - 02169856 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-07-29 14:04 - 2015-07-29 14:05 - 00009418 _____ C:\Windows\PFRO.log
2015-07-29 11:00 - 2015-07-29 11:00 - 00000062 _____ C:\Windows\wininit.ini
2015-07-28 11:51 - 2015-07-29 14:09 - 00007163 _____ C:\Windows\WindowsUpdate.log
2015-07-28 11:47 - 2015-07-29 14:05 - 00001018 _____ C:\Windows\setupact.log
2015-07-28 11:47 - 2015-07-28 11:47 - 00000000 _____ C:\Windows\setuperr.log
2015-07-27 12:09 - 2015-07-27 23:10 - 00000000 ____D C:\ProgramData\Avg_Update_0615pi
2015-07-27 12:07 - 2015-07-29 10:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-27 12:06 - 2015-07-27 12:06 - 00000000 ____D C:\Users\John\AppData\Roaming\TuneUp Software
2015-07-27 12:03 - 2015-07-29 14:05 - 00000000 ____D C:\ProgramData\MFAData
2015-07-27 12:03 - 2015-07-27 12:03 - 00000000 ____D C:\Users\John\AppData\Local\MFAData
2015-07-27 10:40 - 2015-07-27 10:43 - 00000000 ___DC C:\AdwCleaner
2015-07-27 09:20 - 2015-07-27 09:20 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-27 09:20 - 2015-07-27 09:20 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-27 09:20 - 2015-07-27 09:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-26 21:52 - 2015-07-26 21:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-26 18:48 - 2015-07-26 20:05 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-26 18:00 - 2015-07-26 18:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-26 17:21 - 2015-07-26 17:21 - 00003246 _____ C:\Windows\System32\Tasks\Trojan Killer
2015-07-26 17:21 - 2015-07-26 17:21 - 00000000 ____D C:\ProgramData\GridinSoft
2015-07-25 21:22 - 2015-07-25 22:22 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-25 21:21 - 2015-07-25 21:21 - 00000000 ____D C:\Users\John\AppData\Local\PopupID1
2015-07-25 21:20 - 2015-07-25 22:04 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-07-25 21:19 - 2015-07-25 21:19 - 00000000 ____D C:\Users\John\AppData\Roaming\JV Update
2015-07-25 21:19 - 2015-07-25 21:19 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-07-25 20:49 - 2015-07-25 20:49 - 00000000 ____D C:\Users\John\AppData\Roaming\Open Download Manager
2015-07-25 20:48 - 2015-07-25 20:48 - 00000000 ____D C:\Program Files (x86)\TestXp
2015-07-25 20:48 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-14 08:52 - 2015-07-14 08:52 - 00063628 _____ C:\Users\John\Documents\ts3_clientui-win32-1407159763-2015-07-14 08_52_06.043339.dmp
2015-07-11 16:46 - 2015-07-11 16:46 - 00000000 ____D C:\Users\John\AppData\Local\WpfApplication1
2015-07-09 19:42 - 2015-07-09 19:42 - 00000000 ____D C:\Users\John\AppData\Local\Sony Online Entertainment

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 14:14 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 14:14 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 14:12 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-29 14:05 - 2013-11-08 00:51 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-07-29 14:05 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-29 11:04 - 2013-11-08 19:39 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-07-29 11:01 - 2015-04-22 10:44 - 00000000 ____D C:\Program Files (x86)\Piranha Games
2015-07-29 11:01 - 2014-01-07 20:01 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-29 11:00 - 2015-01-23 23:08 - 00000000 ____D C:\Program Files (x86)\gravitysensation.com
2015-07-29 10:59 - 2015-05-08 07:00 - 00000000 ____D C:\Users\John\AppData\Local\Steam
2015-07-28 22:50 - 2013-11-08 04:00 - 00000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2015-07-28 19:15 - 2014-04-24 20:01 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2015-07-28 18:31 - 2015-02-06 11:15 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-27 14:11 - 2013-11-27 19:00 - 00000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2015-07-27 09:20 - 2015-06-02 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-27 08:58 - 2013-11-27 19:00 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-26 21:56 - 2013-11-27 19:00 - 00000000 ____D C:\ProgramData\Oracle
2015-07-26 21:52 - 2014-12-23 18:21 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-26 21:52 - 2014-08-09 11:47 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-07-26 21:52 - 2013-11-09 16:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-26 21:50 - 2013-11-27 19:00 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-26 18:19 - 2014-12-12 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-26 17:14 - 2014-12-12 15:34 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-26 17:14 - 2013-11-08 14:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-26 17:14 - 2013-11-08 14:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-25 23:15 - 2013-11-11 13:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 22:16 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-25 22:15 - 2013-11-11 13:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 22:15 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-25 22:14 - 2013-11-04 21:22 - 00001417 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-25 21:25 - 2013-11-10 10:34 - 00000000 ____D C:\Windows\Minidump
2015-07-25 21:22 - 2013-11-04 21:49 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-07-25 21:22 - 2013-11-04 21:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-07-25 21:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spp
2015-07-21 15:01 - 2015-06-18 17:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-18 23:05 - 2013-12-12 16:17 - 00032768 ___SH C:\Users\John\Documents\Thumbs.db
2015-07-18 18:00 - 2014-04-24 20:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-18 17:59 - 2014-04-24 20:01 - 00000000 ____D C:\ProgramData\Skype
2015-07-15 10:35 - 2014-07-25 01:01 - 00000000 ____D C:\Users\John\AppData\Local\Windows Live
2015-07-12 15:39 - 2015-05-08 08:54 - 00000000 ____D C:\ProgramData\WinZip
2015-07-12 15:38 - 2013-11-08 05:15 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-07-11 07:31 - 2014-11-30 00:48 - 00007608 _____ C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-07-07 07:31 - 2009-07-14 00:45 - 05102600 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2014-05-10 22:05 - 2014-05-10 22:05 - 0000084 _____ () C:\Users\John\AppData\Local\DVDPATH.TXT
2014-11-30 00:48 - 2015-07-11 07:31 - 0007608 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2013-11-08 11:51 - 2014-01-06 15:49 - 0005614 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\dllnt_dump.dll
C:\Users\John\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 01:25

==================== End of log ============================


  • 0

#4
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by John (2015-07-29 14:18:19)
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4074055908-3935984809-2394099874-500 - Administrator - Disabled)
Guest (S-1-5-21-4074055908-3935984809-2394099874-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4074055908-3935984809-2394099874-1003 - Limited - Enabled)
John (S-1-5-21-4074055908-3935984809-2394099874-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{853A112F-241F-E344-4636-103C25D3751E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Bookworm Adventures (HKLM-x32\...\111940693) (Version:  - Oberon Media)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\113832110) (Version:  - Oberon Media)
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2013 - en-us (HKLM\...\WordRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PlanetSide 2 (HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Pokémon Trading Card Game Online (HKLM-x32\...\{0D9304CD-1C83-4703-AFEF-0C46D1DB21F2}) (Version: 2.27.0 - The Pokémon Company International)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
SpyHunter (HKLM\...\{72AAF455-1E54-475B-B0AB-5413C78D0E63}) (Version: 4.16.5.4290 - Enigma Software Group USA, LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version:  - Sakar)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-07-2015 00:00:01 Scheduled Checkpoint
26-07-2015 17:51:56 Revo Uninstaller's restore point - Trojan Killer
27-07-2015 08:54:28 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.1.8.1057
27-07-2015 08:58:03 Revo Uninstaller's restore point - Java 8 Update 45
27-07-2015 08:58:15 Removed Java 8 Update 45
27-07-2015 08:59:56 Revo Uninstaller's restore point - Mozilla Firefox 39.0 (x86 en-US)
27-07-2015 12:05:07 Installed AVG 2015
27-07-2015 12:05:46 Installed AVG 2015
29-07-2015 10:52:42 Removed AVG 2015
29-07-2015 10:53:57 Removed AVG 2015
29-07-2015 10:56:16 Removed Google Earth
29-07-2015 10:56:54 Revo Uninstaller's restore point - Steam
29-07-2015 10:59:54 Revo Uninstaller's restore point - Sumotori Dreams
29-07-2015 11:00:44 Revo Uninstaller's restore point - MechWarrior Online
29-07-2015 11:00:56 MechWarrior Online
29-07-2015 11:01:59 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.1.8.1057
29-07-2015 11:02:50 Revo Uninstaller's restore point - Yahoo! Messenger

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-28 18:33 - 00000768 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C665E3-DD18-4A14-8168-426AA221F64B} - System32\Tasks\{BFAAC155-0BA6-454C-85E9-9B2FCF5477D3} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {0379614F-0F6D-41B2-A401-212494B0C2DF} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-5 No Task File <==== ATTENTION
Task: {03EDC389-F075-4BEB-B373-73498A390B9E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {126914CC-5FA8-4825-ADBD-498DF6B318FE} - \DAHCX1 No Task File <==== ATTENTION
Task: {12DBB90F-4CF4-4EE6-9792-A942FE928750} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {1A80B419-CB7D-4B15-A54D-75570CE224A2} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-1-6 No Task File <==== ATTENTION
Task: {21D7BFED-A5D1-48D1-B06A-048802FFD219} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-06-18] (Microsoft Corporation)
Task: {23B6A9A6-AE69-401F-AD33-B23C55ED4C8C} - \Papuir No Task File <==== ATTENTION
Task: {29AA740D-ED40-4F4B-BDC8-B163E96202B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {2B15A1D8-7BDD-459C-AFF5-C77846F1FC5B} - \TunePro360 Updater No Task File <==== ATTENTION
Task: {32BEB192-7753-4AD3-AE4C-3A53AAA95EA9} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
Task: {3411E4F9-942A-4DA3-9BC1-C7B6D4F05CB0} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {357588E7-9BC4-4591-B375-711D5A9FCA77} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-02-13] (IObit)
Task: {376209A2-CF4C-4082-AA3A-9F1F7BB5FF39} - \System Cleaner Pro Auto Start No Task File <==== ATTENTION
Task: {38B0002C-700B-4B08-8804-F4ED757204DB} - System32\Tasks\{A7AF326D-2524-4C1D-B535-681370A53758} => pcalua.exe -a "C:\Users\John\Desktop\Microsoft Works\Microsoft Works\Setup.exe" -d "C:\Users\John\Desktop\Microsoft Works\Microsoft Works"
Task: {3C796899-2BDC-455F-9ACE-9E17B8DF9145} - System32\Tasks\{68695F58-F77F-4A46-A96B-545C4F08B26F} => C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\MarvelHeroesLauncher.exe [2015-07-07] (Gazillion Entertainment)
Task: {3F7D82D9-ED1D-4D7F-AD5C-D73E578AE074} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {40881F86-B83D-48FC-AD79-A002271D69E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-06-18] (Microsoft Corporation)
Task: {40FCBED7-9381-47F1-BE6B-A72CD30464A7} - System32\Tasks\{D163DBE0-5816-4CF2-815B-B05811740DF1} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office\Setup\AcmeWord.exe" -c /w Word97.stf
Task: {4369908D-0854-4AFC-9D0E-B9AE8A852DB6} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-10_user No Task File <==== ATTENTION
Task: {442AF4B6-786A-4B06-B865-27AE97596C42} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-4 No Task File <==== ATTENTION
Task: {4454F7C5-DA7C-41B3-A2DF-5B0C24EE8115} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4C07F0C2-179C-4E1C-B808-A0E17EB50C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {4E06C56D-32B0-4D74-B962-D14DE5F64B8D} - \KVWYILMWARTFEIXQ No Task File <==== ATTENTION
Task: {541C7A3F-792F-40DB-A22D-E2C244FCC7D7} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {5D07F4CF-02F9-47BB-99EE-CE627416556E} - \WordSurfer Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: {684A985A-29BA-4C10-B335-7C0BEEF6E0A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {7649E343-6EB4-431D-A571-DE7FB464E9CB} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {78A2337D-62C3-48F0-ACDF-FB127189CFC1} - \4a752bbc-e718-4ff5-8948-5413ae8b7094 No Task File <==== ATTENTION
Task: {7AC9AA55-5D41-4A87-AEB9-B2B628D7F4B7} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {7C31D8B0-3484-4A6B-8B7E-1FB103D04163} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-1-7 No Task File <==== ATTENTION
Task: {7E4FAAB6-08BE-4C1A-BD5E-E6F712A3C149} - \Notify Helper No Task File <==== ATTENTION
Task: {7F29301E-003D-4962-B88F-3484FB083F05} - \avabvexvac No Task File <==== ATTENTION
Task: {836D69FE-BCD5-4553-A78D-0CEB51CB6292} - \LY89uSJwVcS0HZf4UmSXIHJhl No Task File <==== ATTENTION
Task: {847FF937-EB22-4CA7-9735-5ABE6C3E772D} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-5_user No Task File <==== ATTENTION
Task: {86411529-1D38-41BA-B160-9B49C466E36D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {9816C372-3ADA-444E-BC83-0DA66E25024E} - \One System CarePeriod No Task File <==== ATTENTION
Task: {A7CE5BA7-44B6-4D87-9ABD-B78F71A50E2F} - \One System Care Run Delay No Task File <==== ATTENTION
Task: {B272792D-5A8E-4D88-A8F4-76DE9F675739} - \CIMT_S-1-5-21-4074055908-3935984809-2394099874-1000 No Task File <==== ATTENTION
Task: {B7E183A5-AAA3-4B14-967C-776CE0A0F489} - \Crossbrowse No Task File <==== ATTENTION
Task: {BB0F88AF-7CCC-48A1-90CA-4D9A0EBF1F05} - \CIMT_daily_S-1-5-21-4074055908-3935984809-2394099874-1000 No Task File <==== ATTENTION
Task: {C2B2FFB5-643B-41C7-892B-4A1D07CB7C93} - \833cc6d2-8ea1-410b-81e6-688ff4f32372 No Task File <==== ATTENTION
Task: {C5BA8E36-EFAE-434A-88C8-EFFE18E5114D} - System32\Tasks\{812EFF4B-8F83-4790-9CB1-8BFF5BE8B1BA} => Firefox.exe http://ui.skype.com/...all?page=tsMain
Task: {C7D97DD8-FD79-4E0E-8D17-CEBA7660B84D} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {D6C2695C-3FC8-4881-930D-A06C3B253931} - \One System Care Monitor No Task File <==== ATTENTION
Task: {DC65E2CE-B50C-49A6-A803-DBCC74C9FB5E} - System32\Tasks\{A66C56A0-07EA-42FA-B5E0-BC25144CC273} => pcalua.exe -a "C:\Program Files (x86)\CTB\Online Assessment\Online Assessment.exe" -d "C:\Program Files (x86)\CTB\Online Assessment\"
Task: {EC24CB4B-291C-4F9E-87C2-AE62E206361C} - \WordSurfer Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
Task: {ED49157A-5366-4941-9CBB-6B8DB9A8DC2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-26] (Adobe Systems Incorporated)
Task: {F7C4BB60-BAA9-4878-9EF0-1696F1F98B2D} - System32\Tasks\{3E72F2D1-D4B1-45C0-8F1B-30A901A8C5EE} => pcalua.exe -a "C:\Users\John\Downloads\Smart Technology 7_0_27_13 64Bit.exe" -d C:\Users\John\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-18 17:47 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-18 17:48 - 2015-06-18 17:48 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:91EA783C
AlternateDataStreams: C:\ProgramData\TEMP:94213A87
AlternateDataStreams: C:\ProgramData\TEMP:F6C0CA66

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rofdhowal => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AED32FAC-FE03-4259-967A-C7CAFDF49903}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F23D464-C283-4856-A31C-A9E5450FF4D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F55931D-7F34-4E3F-B837-6A2E00856F82}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{A3FF0694-9AE1-4B0B-A328-9A7D6C8BC79E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{FAC2BD98-FD41-4279-B38A-80097910F528}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{65ABA60C-E7A3-4E67-927F-15340BF9A2E0}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{52368CF8-51E4-44B7-AC9F-51CE760373B2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E199BE72-84E3-4130-858B-A1F841905847}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D79D6399-8C10-43B9-AC94-A1D219C1E5A8}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{586287A5-11A7-4226-B30B-39B080675734}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2015 02:06:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2015 11:02:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (07/29/2015 11:02:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (07/29/2015 11:00:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (07/29/2015 11:00:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (07/29/2015 10:59:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (07/29/2015 10:56:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (07/29/2015 10:56:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (07/29/2015 10:53:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (07/28/2015 11:50:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/29/2015 05:28:35 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.

Error: (07/29/2015 01:50:52 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.

Error: (07/28/2015 04:11:29 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.

Error: (07/28/2015 03:55:10 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.

Error: (07/28/2015 02:29:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/28/2015 02:29:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/28/2015 02:07:10 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.

Error: (07/28/2015 01:46:46 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.

Error: (07/28/2015 11:51:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/28/2015 11:51:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.


Microsoft Office:
=========================
Error: (07/29/2015 02:06:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2015 11:02:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (07/29/2015 11:02:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (07/29/2015 11:00:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (07/29/2015 11:00:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (07/29/2015 10:59:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (07/29/2015 10:56:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (07/29/2015 10:56:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (07/29/2015 10:53:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (07/28/2015 11:50:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


==================== Memory info ===========================

Processor: Intel® Core™2 Extreme CPU X9650 @ 3.00GHz
Percentage of memory in use: 17%
Total physical RAM: 8191.12 MB
Available physical RAM: 6724.89 MB
Total Virtual: 16380.44 MB
Available Virtual: 14779.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:372.61 GB) (Free:231.9 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=372.6 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#5
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

I hope you can help. I do appreciate your time and effort.


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I hope you can help. I do appreciate your time and effort.


You're quite welcome. :) Let's get started showing your unwelcome guests the door. :thumbsup:


Step 1: No Anti-Virus Installed

You currently have no anti-virus program installed on the machine. This must be taken care of immediately when we finish cleaning your machine. This is an absolute must these days to protect your machine.


Step 2: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\John\Downloads to your Desktop or the fix will not work.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin HKU\S-1-5-21-4074055908-3935984809-2394099874-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-06-02] <==== ATTENTION
S3 cpuz134; \??\C:\Users\John\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
Task: {0379614F-0F6D-41B2-A401-212494B0C2DF} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-5 No Task File <==== ATTENTION
Task: {126914CC-5FA8-4825-ADBD-498DF6B318FE} - \DAHCX1 No Task File <==== ATTENTION
Task: {1A80B419-CB7D-4B15-A54D-75570CE224A2} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-1-6 No Task File <==== ATTENTION
Task: {23B6A9A6-AE69-401F-AD33-B23C55ED4C8C} - \Papuir No Task File <==== ATTENTION
Task: {2B15A1D8-7BDD-459C-AFF5-C77846F1FC5B} - \TunePro360 Updater No Task File <==== ATTENTION
Task: {32BEB192-7753-4AD3-AE4C-3A53AAA95EA9} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
Task: {3411E4F9-942A-4DA3-9BC1-C7B6D4F05CB0} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {376209A2-CF4C-4082-AA3A-9F1F7BB5FF39} - \System Cleaner Pro Auto Start No Task File <==== ATTENTION
Task: {3F7D82D9-ED1D-4D7F-AD5C-D73E578AE074} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {4369908D-0854-4AFC-9D0E-B9AE8A852DB6} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-10_user No Task File <==== ATTENTION
Task: {442AF4B6-786A-4B06-B865-27AE97596C42} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-4 No Task File <==== ATTENTION
Task: {4454F7C5-DA7C-41B3-A2DF-5B0C24EE8115} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4E06C56D-32B0-4D74-B962-D14DE5F64B8D} - \KVWYILMWARTFEIXQ No Task File <==== ATTENTION
Task: {541C7A3F-792F-40DB-A22D-E2C244FCC7D7} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {5D07F4CF-02F9-47BB-99EE-CE627416556E} - \WordSurfer Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: {7649E343-6EB4-431D-A571-DE7FB464E9CB} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {78A2337D-62C3-48F0-ACDF-FB127189CFC1} - \4a752bbc-e718-4ff5-8948-5413ae8b7094 No Task File <==== ATTENTION
Task: {7AC9AA55-5D41-4A87-AEB9-B2B628D7F4B7} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {7C31D8B0-3484-4A6B-8B7E-1FB103D04163} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-1-7 No Task File <==== ATTENTION
Task: {7E4FAAB6-08BE-4C1A-BD5E-E6F712A3C149} - \Notify Helper No Task File <==== ATTENTION
Task: {7F29301E-003D-4962-B88F-3484FB083F05} - \avabvexvac No Task File <==== ATTENTION
Task: {836D69FE-BCD5-4553-A78D-0CEB51CB6292} - \LY89uSJwVcS0HZf4UmSXIHJhl No Task File <==== ATTENTION
Task: {847FF937-EB22-4CA7-9735-5ABE6C3E772D} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-5_user No Task File <==== ATTENTION
Task: {9816C372-3ADA-444E-BC83-0DA66E25024E} - \One System CarePeriod No Task File <==== ATTENTION
Task: {A7CE5BA7-44B6-4D87-9ABD-B78F71A50E2F} - \One System Care Run Delay No Task File <==== ATTENTION
Task: {B272792D-5A8E-4D88-A8F4-76DE9F675739} - \CIMT_S-1-5-21-4074055908-3935984809-2394099874-1000 No Task File <==== ATTENTION
Task: {B7E183A5-AAA3-4B14-967C-776CE0A0F489} - \Crossbrowse No Task File <==== ATTENTION
Task: {BB0F88AF-7CCC-48A1-90CA-4D9A0EBF1F05} - \CIMT_daily_S-1-5-21-4074055908-3935984809-2394099874-1000 No Task File <==== ATTENTION
Task: {C2B2FFB5-643B-41C7-892B-4A1D07CB7C93} - \833cc6d2-8ea1-410b-81e6-688ff4f32372 No Task File <==== ATTENTION
Task: {C7D97DD8-FD79-4E0E-8D17-CEBA7660B84D} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {D6C2695C-3FC8-4881-930D-A06C3B253931} - \One System Care Monitor No Task File <==== ATTENTION
Task: {EC24CB4B-291C-4F9E-87C2-AE62E206361C} - \WordSurfer Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:91EA783C
AlternateDataStreams: C:\ProgramData\TEMP:94213A87
AlternateDataStreams: C:\ProgramData\TEMP:F6C0CA66
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
RemoveProxy:
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#7
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Ok I've got to get this to you before it does what it's doing again.

1. FRST64 was already on my desktop

2. copied the file to notepad and saved it to desktop also named it fixlist.txt

3. opened FRST64 and clicked "FIX" this is where it gets weird. It froze up when it got to appdata/local/moxilla/firefox/profiles

I tried to run it three times amongst 30 some odd pop ups and redirects. I can go to any pages with no problem but clicking a link in that page redirects me. All the links you sent me redirected me to other sites in another tab. Had to close them.  The last time I ran it, FRST64, it froze up but it rebooted my computer without me doing anything and when it came back the file FIXLOG was on my desktop. posting contents below. OMG this is so frustrating, I don’t know how you deal with this stuff. Anyway all you asked me to do got done and all is posted below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by John (2015-07-29 21:44:15) Run:5
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin HKU\S-1-5-21-4074055908-3935984809-2394099874-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-06-02] <==== ATTENTION
S3 cpuz134; \??\C:\Users\John\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
Task: {0379614F-0F6D-41B2-A401-212494B0C2DF} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-5 No Task File <==== ATTENTION
Task: {126914CC-5FA8-4825-ADBD-498DF6B318FE} - \DAHCX1 No Task File <==== ATTENTION
Task: {1A80B419-CB7D-4B15-A54D-75570CE224A2} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-1-6 No Task File <==== ATTENTION
Task: {23B6A9A6-AE69-401F-AD33-B23C55ED4C8C} - \Papuir No Task File <==== ATTENTION
Task: {2B15A1D8-7BDD-459C-AFF5-C77846F1FC5B} - \TunePro360 Updater No Task File <==== ATTENTION
Task: {32BEB192-7753-4AD3-AE4C-3A53AAA95EA9} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
Task: {3411E4F9-942A-4DA3-9BC1-C7B6D4F05CB0} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {376209A2-CF4C-4082-AA3A-9F1F7BB5FF39} - \System Cleaner Pro Auto Start No Task File <==== ATTENTION
Task: {3F7D82D9-ED1D-4D7F-AD5C-D73E578AE074} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {4369908D-0854-4AFC-9D0E-B9AE8A852DB6} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-10_user No Task File <==== ATTENTION
Task: {442AF4B6-786A-4B06-B865-27AE97596C42} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-4 No Task File <==== ATTENTION
Task: {4454F7C5-DA7C-41B3-A2DF-5B0C24EE8115} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4E06C56D-32B0-4D74-B962-D14DE5F64B8D} - \KVWYILMWARTFEIXQ No Task File <==== ATTENTION
Task: {541C7A3F-792F-40DB-A22D-E2C244FCC7D7} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {5D07F4CF-02F9-47BB-99EE-CE627416556E} - \WordSurfer Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: {7649E343-6EB4-431D-A571-DE7FB464E9CB} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {78A2337D-62C3-48F0-ACDF-FB127189CFC1} - \4a752bbc-e718-4ff5-8948-5413ae8b7094 No Task File <==== ATTENTION
Task: {7AC9AA55-5D41-4A87-AEB9-B2B628D7F4B7} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {7C31D8B0-3484-4A6B-8B7E-1FB103D04163} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-1-7 No Task File <==== ATTENTION
Task: {7E4FAAB6-08BE-4C1A-BD5E-E6F712A3C149} - \Notify Helper No Task File <==== ATTENTION
Task: {7F29301E-003D-4962-B88F-3484FB083F05} - \avabvexvac No Task File <==== ATTENTION
Task: {836D69FE-BCD5-4553-A78D-0CEB51CB6292} - \LY89uSJwVcS0HZf4UmSXIHJhl No Task File <==== ATTENTION
Task: {847FF937-EB22-4CA7-9735-5ABE6C3E772D} - \2de6606b-47d6-492d-a0cf-90d8603ebca4-5_user No Task File <==== ATTENTION
Task: {9816C372-3ADA-444E-BC83-0DA66E25024E} - \One System CarePeriod No Task File <==== ATTENTION
Task: {A7CE5BA7-44B6-4D87-9ABD-B78F71A50E2F} - \One System Care Run Delay No Task File <==== ATTENTION
Task: {B272792D-5A8E-4D88-A8F4-76DE9F675739} - \CIMT_S-1-5-21-4074055908-3935984809-2394099874-1000 No Task File <==== ATTENTION
Task: {B7E183A5-AAA3-4B14-967C-776CE0A0F489} - \Crossbrowse No Task File <==== ATTENTION
Task: {BB0F88AF-7CCC-48A1-90CA-4D9A0EBF1F05} - \CIMT_daily_S-1-5-21-4074055908-3935984809-2394099874-1000 No Task File <==== ATTENTION
Task: {C2B2FFB5-643B-41C7-892B-4A1D07CB7C93} - \833cc6d2-8ea1-410b-81e6-688ff4f32372 No Task File <==== ATTENTION
Task: {C7D97DD8-FD79-4E0E-8D17-CEBA7660B84D} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {D6C2695C-3FC8-4881-930D-A06C3B253931} - \One System Care Monitor No Task File <==== ATTENTION
Task: {EC24CB4B-291C-4F9E-87C2-AE62E206361C} - \WordSurfer Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:91EA783C
AlternateDataStreams: C:\ProgramData\TEMP:94213A87
AlternateDataStreams: C:\ProgramData\TEMP:F6C0CA66
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
RemoveProxy:
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.2 => key not found.
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1 => key not found.
C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
"C:\Program Files (x86)\mozilla firefox\firefox.cfg" => not found.
cpuz134 => service not found.
nvlddmkm => service not found.
nvvad_WaveExtensible => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0379614F-0F6D-41B2-A401-212494B0C2DF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2de6606b-47d6-492d-a0cf-90d8603ebca4-5 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{126914CC-5FA8-4825-ADBD-498DF6B318FE} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DAHCX1 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A80B419-CB7D-4B15-A54D-75570CE224A2} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2de6606b-47d6-492d-a0cf-90d8603ebca4-1-6 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23B6A9A6-AE69-401F-AD33-B23C55ED4C8C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Papuir => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B15A1D8-7BDD-459C-AFF5-C77846F1FC5B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TunePro360 Updater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32BEB192-7753-4AD3-AE4C-3A53AAA95EA9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[8da6] => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3411E4F9-942A-4DA3-9BC1-C7B6D4F05CB0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{376209A2-CF4C-4082-AA3A-9F1F7BB5FF39} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Cleaner Pro Auto Start => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F7D82D9-ED1D-4D7F-AD5C-D73E578AE074} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4369908D-0854-4AFC-9D0E-B9AE8A852DB6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2de6606b-47d6-492d-a0cf-90d8603ebca4-10_user => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{442AF4B6-786A-4B06-B865-27AE97596C42} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2de6606b-47d6-492d-a0cf-90d8603ebca4-4 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4454F7C5-DA7C-41B3-A2DF-5B0C24EE8115} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E06C56D-32B0-4D74-B962-D14DE5F64B8D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KVWYILMWARTFEIXQ => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{541C7A3F-792F-40DB-A22D-E2C244FCC7D7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D07F4CF-02F9-47BB-99EE-CE627416556E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7649E343-6EB4-431D-A571-DE7FB464E9CB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78A2337D-62C3-48F0-ACDF-FB127189CFC1} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4a752bbc-e718-4ff5-8948-5413ae8b7094 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AC9AA55-5D41-4A87-AEB9-B2B628D7F4B7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C31D8B0-3484-4A6B-8B7E-1FB103D04163} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2de6606b-47d6-492d-a0cf-90d8603ebca4-1-7 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E4FAAB6-08BE-4C1A-BD5E-E6F712A3C149} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Notify Helper => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F29301E-003D-4962-B88F-3484FB083F05} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvexvac => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{836D69FE-BCD5-4553-A78D-0CEB51CB6292} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LY89uSJwVcS0HZf4UmSXIHJhl => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{847FF937-EB22-4CA7-9735-5ABE6C3E772D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2de6606b-47d6-492d-a0cf-90d8603ebca4-5_user => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9816C372-3ADA-444E-BC83-0DA66E25024E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7CE5BA7-44B6-4D87-9ABD-B78F71A50E2F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B272792D-5A8E-4D88-A8F4-76DE9F675739} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-4074055908-3935984809-2394099874-1000 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7E183A5-AAA3-4B14-967C-776CE0A0F489} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB0F88AF-7CCC-48A1-90CA-4D9A0EBF1F05} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-4074055908-3935984809-2394099874-1000 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2B2FFB5-643B-41C7-892B-4A1D07CB7C93} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\833cc6d2-8ea1-410b-81e6-688ff4f32372 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7D97DD8-FD79-4E0E-8D17-CEBA7660B84D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6C2695C-3FC8-4881-930D-A06C3B253931} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC24CB4B-291C-4F9E-87C2-AE62E206361C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core => key not found.
"C:\ProgramData\TEMP" => ":2CB9631F" ADS not found.
"C:\ProgramData\TEMP" => ":4D066AD2" ADS not found.
"C:\ProgramData\TEMP" => ":91EA783C" ADS not found.
"C:\ProgramData\TEMP" => ":94213A87" ADS not found.
"C:\ProgramData\TEMP" => ":F6C0CA66" ADS not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 735 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:44:43 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.5.4 (07.27.2015:1)

OS: Windows 7 Home Premium x64

Ran by John on Wed 07/29/2015 at 22:04:05.37

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\Users\John\Documents\add-in express

Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin

Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 07/29/2015 at 22:07:57.99

End of JRT log

 

 

# AdwCleaner v4.208 - Logfile created 29/07/2015 at 22:14:04

# Updated 09/07/2015 by Xplode

# Database : 2015-07-26.2 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : John - JOHN-PC-1

# Running from : C:\Users\John\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v10.0.9200.17356

 

 

-\\ Mozilla Firefox v39.0 (x86 en-US)

 

 

*************************

 

AdwCleaner[R0].txt - [2819 bytes] - [27/07/2015 10:40:58]

AdwCleaner[R1].txt - [921 bytes] - [29/07/2015 22:12:03]

AdwCleaner[S0].txt - [2595 bytes] - [27/07/2015 10:43:02]

AdwCleaner[S1].txt - [849 bytes] - [29/07/2015 22:14:04]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [907  bytes] ##########


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

1. FRST64 was already on my desktop

2. copied the file to notepad and saved it to desktop also named it fixlist.txt

3. opened FRST64 and clicked "FIX" this is where it gets weird. It froze up when it got to appdata/local/moxilla/firefox/profiles

I tried to run it three times amongst 30 some odd pop ups and redirects. I can go to any pages with no problem but clicking a link in that page redirects me. All the links you sent me redirected me to other sites in another tab. Had to close them. The last time I ran it, FRST64, it froze up but it rebooted my computer without me doing anything and when it came back the file FIXLOG was on my desktop. posting contents below. OMG this is so frustrating, I dont know how you deal with this stuff. Anyway all you asked me to do got done and all is posted below.


Hi :)

How long did you let it run before trying it again? Sometimes, when there's a lot to remove, FRST will sometimes look as though it's frozen, but is merely working on somthing. All the links I send you will open in another tab and will only take you to the site to download a specific tool. The fixlog shows that FRST did it's job in removing the items. Hang in there, I know it's frustrating, but we'll get them. :thumbsup: :)

I'd like to get a fresh scan with FRST and run a scan for rootkits. How is the machine running, any improvement?


Step 1: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Step 2: Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit to your Desktop
  • Double-click the icon to start the tool.
  • It will ask you where to extract it. Extracting to the Desktop will be fine. Then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next".
  • In the next window, make sure that Drivers, Sectors, and System are checked. Then click "Scan".
  • If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
  • Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.
  • The Clean up procedure will be Scheduled for process.
  • When complete, the pop-up window will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
  • Open the MBAR folder, which is located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST.txt Log

MBAR Logs

  • 0

#9
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

I let it sit there until it said it was "not responding". But seems it did take the last time and rebooted by itself. 

No, its still redirecting me. Your links are fine. My comp is redirecting me when I click "anything" on a web page. I'm no longer seeing Crackle.com or Ads by Jabuticati but the redirects are for Spyhunter 4, PC repairs, Adobe and similar sites. Here is the Fresh FRST scan. Downloading MBAR after I close this and will send MBAR log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by John (administrator) on JOHN-PC-1 (29-07-2015 22:51:31)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-18] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E9C7566B-7793-4DBE-9A0F-520B2635A5DF}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E9C7566B-7793-4DBE-9A0F-520B2635A5DF}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7od82dfo.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4074055908-3935984809-2394099874-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2013-11-04] (Andrea Electronics Corporation)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-08] ()
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-04] ()
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 22:11 - 2015-07-29 22:11 - 02248704 _____ C:\Users\John\Desktop\AdwCleaner.exe
2015-07-29 22:07 - 2015-07-29 22:07 - 00000831 _____ C:\Users\John\Desktop\JRT.txt
2015-07-29 22:02 - 2015-07-29 22:03 - 01798176 _____ (Malwarebytes Corporation) C:\Users\John\Desktop\JRT.exe
2015-07-29 21:56 - 2015-07-29 21:56 - 00004967 _____ C:\Users\John\Desktop\Fixlist.txt
2015-07-29 21:15 - 2015-07-29 21:38 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2015-07-29 19:39 - 2015-07-29 19:39 - 00001134 _____ C:\Users\John\Desktop\TeamSpeak 3 Client.lnk
2015-07-29 14:17 - 2015-07-29 22:51 - 00012144 _____ C:\Users\John\Desktop\FRST.txt
2015-07-29 14:14 - 2015-07-29 22:51 - 00000000 ___DC C:\FRST
2015-07-29 14:13 - 2015-07-29 14:14 - 02169856 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-07-29 14:04 - 2015-07-29 22:15 - 00020364 _____ C:\Windows\PFRO.log
2015-07-29 11:00 - 2015-07-29 11:00 - 00000062 _____ C:\Windows\wininit.ini
2015-07-28 11:51 - 2015-07-29 22:20 - 00014487 _____ C:\Windows\WindowsUpdate.log
2015-07-28 11:47 - 2015-07-29 22:16 - 00001926 _____ C:\Windows\setupact.log
2015-07-28 11:47 - 2015-07-28 11:47 - 00000000 _____ C:\Windows\setuperr.log
2015-07-27 12:09 - 2015-07-27 23:10 - 00000000 ____D C:\ProgramData\Avg_Update_0615pi
2015-07-27 12:07 - 2015-07-29 10:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-27 12:06 - 2015-07-27 12:06 - 00000000 ____D C:\Users\John\AppData\Roaming\TuneUp Software
2015-07-27 12:03 - 2015-07-29 14:05 - 00000000 ____D C:\ProgramData\MFAData
2015-07-27 12:03 - 2015-07-27 12:03 - 00000000 ____D C:\Users\John\AppData\Local\MFAData
2015-07-27 10:40 - 2015-07-29 22:14 - 00000000 ___DC C:\AdwCleaner
2015-07-27 09:20 - 2015-07-27 09:20 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-27 09:20 - 2015-07-27 09:20 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-27 09:20 - 2015-07-27 09:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-26 21:52 - 2015-07-26 21:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-26 18:48 - 2015-07-26 20:05 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-26 18:00 - 2015-07-26 18:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-26 17:21 - 2015-07-26 17:21 - 00003246 _____ C:\Windows\System32\Tasks\Trojan Killer
2015-07-26 17:21 - 2015-07-26 17:21 - 00000000 ____D C:\ProgramData\GridinSoft
2015-07-25 21:22 - 2015-07-25 22:22 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-25 21:21 - 2015-07-25 21:21 - 00000000 ____D C:\Users\John\AppData\Local\PopupID1
2015-07-25 21:20 - 2015-07-25 22:04 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-07-25 21:19 - 2015-07-25 21:19 - 00000000 ____D C:\Users\John\AppData\Roaming\JV Update
2015-07-25 20:49 - 2015-07-25 20:49 - 00000000 ____D C:\Users\John\AppData\Roaming\Open Download Manager
2015-07-25 20:48 - 2015-07-25 20:48 - 00000000 ____D C:\Program Files (x86)\TestXp
2015-07-25 20:48 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-14 08:52 - 2015-07-14 08:52 - 00063628 _____ C:\Users\John\Documents\ts3_clientui-win32-1407159763-2015-07-14 08_52_06.043339.dmp
2015-07-11 16:46 - 2015-07-11 16:46 - 00000000 ____D C:\Users\John\AppData\Local\WpfApplication1
2015-07-09 19:42 - 2015-07-09 19:42 - 00000000 ____D C:\Users\John\AppData\Local\Sony Online Entertainment

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 22:25 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 22:25 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 22:21 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-29 22:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-29 22:15 - 2013-11-08 00:51 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-07-29 21:15 - 2015-06-02 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-29 21:06 - 2013-11-08 04:00 - 00000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2015-07-29 19:10 - 2014-04-24 20:01 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2015-07-29 18:00 - 2014-09-25 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-29 11:04 - 2013-11-08 19:39 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-07-29 11:01 - 2015-04-22 10:44 - 00000000 ____D C:\Program Files (x86)\Piranha Games
2015-07-29 11:01 - 2014-01-07 20:01 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-29 11:00 - 2015-01-23 23:08 - 00000000 ____D C:\Program Files (x86)\gravitysensation.com
2015-07-29 10:59 - 2015-05-08 07:00 - 00000000 ____D C:\Users\John\AppData\Local\Steam
2015-07-28 18:31 - 2015-02-06 11:15 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-27 14:11 - 2013-11-27 19:00 - 00000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2015-07-27 08:58 - 2013-11-27 19:00 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-26 21:56 - 2013-11-27 19:00 - 00000000 ____D C:\ProgramData\Oracle
2015-07-26 21:52 - 2014-12-23 18:21 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-26 21:52 - 2014-08-09 11:47 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-07-26 21:52 - 2013-11-09 16:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-26 21:50 - 2013-11-27 19:00 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-26 18:19 - 2014-12-12 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-26 17:14 - 2014-12-12 15:34 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-26 17:14 - 2013-11-08 14:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-26 17:14 - 2013-11-08 14:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-25 23:15 - 2013-11-11 13:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 22:16 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-25 22:15 - 2013-11-11 13:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 22:15 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-25 22:14 - 2013-11-04 21:22 - 00001417 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-25 21:25 - 2013-11-10 10:34 - 00000000 ____D C:\Windows\Minidump
2015-07-25 21:22 - 2013-11-04 21:49 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-07-25 21:22 - 2013-11-04 21:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-07-25 21:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spp
2015-07-21 15:01 - 2015-06-18 17:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-18 23:05 - 2013-12-12 16:17 - 00032768 ___SH C:\Users\John\Documents\Thumbs.db
2015-07-18 18:00 - 2014-04-24 20:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-18 17:59 - 2014-04-24 20:01 - 00000000 ____D C:\ProgramData\Skype
2015-07-15 10:35 - 2014-07-25 01:01 - 00000000 ____D C:\Users\John\AppData\Local\Windows Live
2015-07-12 15:39 - 2015-05-08 08:54 - 00000000 ____D C:\ProgramData\WinZip
2015-07-12 15:38 - 2013-11-08 05:15 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-07-11 07:31 - 2014-11-30 00:48 - 00007608 _____ C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-07-07 07:31 - 2009-07-14 00:45 - 05102600 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2014-05-10 22:05 - 2014-05-10 22:05 - 0000084 _____ () C:\Users\John\AppData\Local\DVDPATH.TXT
2014-11-30 00:48 - 2015-07-11 07:31 - 0007608 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2013-11-08 11:51 - 2014-01-06 15:49 - 0005614 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 01:25

==================== End of log ============================


  • 0

#10
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

MBAR say "No Malware Found" thought I'd show you whats happening (see below). Still getting pop ups and now not only "ads by Jabuticaba" but pop us "Powered by Jabuticaba"

 

 

cW9jdad.jpg

 

qNB8YAk.jpg


Edited by Johnde2000, 30 July 2015 - 03:31 AM.

  • 0

Advertisements


#11
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

SYSTEM LOG

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17357

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.005000 GHz
Memory total: 8589008896, free: 7086243840

Downloaded database version: v2015.07.29.07
Downloaded database version: v2015.07.29.02
Downloaded database version: v2015.07.28.01
=======================================
Initializing...
------------ Kernel report ------------
     07/29/2015 23:02:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\rzendpt.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\rzudd.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.07.29.07
  rootkit: v2015.07.29.02

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007a82060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a82b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a82060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007895520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800788e060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 781417726
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 400088457216 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-437C4DAB04B75DFE3CC92CDDC5858E9E9F7D2A02.bin.VF" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-437C4DAB04B75DFE3CC92CDDC5858E9E9F7D2A02.bin.VE1" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

-------------------------------------------------------------------------------------------

MBAR LOG 2015-7-29  (23-02-55)

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.29.07
  rootkit: v2015.07.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.17357
John :: JOHN-PC-1 [administrator]

7/29/2015 11:02:55 PM
mbar-log-2015-07-29 (23-02-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 376298
Time elapsed: 17 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


 


Edited by Johnde2000, 30 July 2015 - 03:31 AM.

  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I let it sit there until it said it was "not responding". But seems it did take the last time and rebooted by itself.

No, its still redirecting me. Your links are fine. My comp is redirecting me when I click "anything" on a web page. I'm no longer seeing Crackle.com or Ads by Jabuticati but the redirects are for Spyhunter 4, PC repairs, Adobe and similar sites. Here is the Fresh FRST scan. Downloading MBAR after I close this and will send MBAR log


Hello :)

It does sometimes say "Not Responding" while it's working through the fix. But, it's ok, as the fixlog showed that everything targeted was taken out. I'm starting to think the redirects are site ads, as I see nothing in your log that would be responsible to redirects. However, let's run some further scans. :thumbsup:

Let's run a sweep with Malwarebytes and also run a scan with ESET Online scanner. Please note, the ESET scan can take hours to complete.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please start Malwarebytes Anti-Malware and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#13
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

MBAM.txt

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/30/2015
Scan Time: 7:43 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.30.02
Rootkit Database: v2015.07.29.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376619
Time Elapsed: 18 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#14
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7bac30ce62b9344f9198ca0245407c34
# end=init
# utc_time=2015-07-30 12:08:45
# local_time=2015-07-30 08:08:45 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25046
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7bac30ce62b9344f9198ca0245407c34
# end=updated
# utc_time=2015-07-30 12:12:56
# local_time=2015-07-30 08:12:56 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7bac30ce62b9344f9198ca0245407c34
# engine=25046
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-30 01:44:00
# local_time=2015-07-30 09:44:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 189807290 0 0
# scanned=151861
# found=5
# cleaned=5
# scan_time=5464
sh=56E1E32DA74189D66D8CAB25C22EE8AC2AC12844 ft=0 fh=0000000000000000 vn="a variant of Java/Obfus.CC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\11d9a754-3e8658fd"
sh=56E1E32DA74189D66D8CAB25C22EE8AC2AC12844 ft=0 fh=0000000000000000 vn="a variant of Java/Obfus.CC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\11d9a754-5ce64ca2"
sh=36733B0B89A4B4110EB6687AFCA6A317B5D4F7D9 ft=0 fh=0000000000000000 vn="a variant of Java/Obfus.CB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\17dc89a5-2f377a73"
sh=6FFC66706F78050DB0567156AA076464B3301D65 ft=0 fh=0000000000000000 vn="a variant of Java/Obfus.CC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1d9016f-6590bbcf"
sh=5DB4DEAAE6A2A63F5C32DA792A8E6B35337210DF ft=0 fh=0000000000000000 vn="a variant of Java/Obfus.CB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\3e7de578-314cc0ad"
 


  • 0

#15
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

 Results of screen317's Security Check version 1.006  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 51  
 Adobe Flash Player 18.0.0.209  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````
 


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP