Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop running very slowly, possible infection

Started by smwifey , Sep 04 2015 04:12 PM

  • Please log in to reply

#1
smwifey
Posted 04 September 2015 - 04:12 PM

smwifey

    Member

  • Member
  • PipPip
  • 85 posts

My daughter's laptop is running very slowly.  I have already ran Malwarebytes and it found many items which I deleted.  I also completed a Windows Update last night but it didn't seem to help very much.  I am thinking it is possibly infected with something but not sure what.  Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Owner (administrator) on OWNER-PC (03-09-2015 18:09:38)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Telstra Corporation Ltd.) C:\Program Files\Windstream Support Center\9.0.0.209\ma\bin\pcTrayApp.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Windstream_McciTrayApp] => C:\Program Files\Windstream Support Center\9.0.0.209\ma\bin\pcTrayApp.exe [2905088 2014-09-11] (Telstra Corporation Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-08-01] (Spotify Ltd)
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [7574584 2015-08-01] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-02-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9AEBB47D-6569-4D3D-8CF5-D627DE8FBA87}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9AEBB47D-6569-4D3D-8CF5-D627DE8FBA87}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{F6A2F3C7-CB7D-471E-9EE9-56E9D4CF6D1C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F6A2F3C7-CB7D-471E-9EE9-56E9D4CF6D1C}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {9EF03CEF-F29F-465B-A9F6-011D090CCD33} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9EF03CEF-F29F-465B-A9F6-011D090CCD33} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {1E826E46-051F-4515-ABBA-DB07B3BB5707} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {1E826E46-051F-4515-ABBA-DB07B3BB5707} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {1E826E46-051F-4515-ABBA-DB07B3BB5707} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {28373670-7A6B-4348-8E4A-375ACECEBDA4} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {6C93D6B2-AB48-442F-BA92-43DF24926F9B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^HP&apn_dtid=^YYYYYY^YY^US&apn_uid=14890bea-1149-42cd-9cae-db7cbe9aa7b7&apn_sauid=14DEB616-9A83-456A-A3BF-28C8303FE964
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {9EF03CEF-F29F-465B-A9F6-011D090CCD33} URL = 
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {B0CE95EF-9B26-4C97-A4BA-7EF249DCCA67} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc9
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {E6A19AC9-2E68-4171-9F0D-F530EBBCA633} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\npMotive.dll [2014-09-11] (Windstream)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-28]
FF HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Windstream MAHostService; C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\MAHostService.exe [321024 2014-09-11] (Alcatel-Lucent) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
U0 nhqpjly; C:\Windows\System32\drivers\nfugvj.sys [79064 2015-09-03] (Malwarebytes Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 18:09 - 2015-09-03 18:10 - 00015712 _____ C:\Users\Owner\Desktop\FRST.txt
2015-09-03 18:09 - 2015-09-03 18:09 - 00000000 ____D C:\FRST
2015-09-03 18:07 - 2015-09-03 18:08 - 02188800 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-09-03 18:05 - 2015-09-03 18:05 - 02188800 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2015-09-03 17:53 - 2015-09-03 17:53 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\nfugvj.sys
2015-09-03 16:23 - 2015-09-03 16:23 - 00003070 _____ C:\windows\System32\Tasks\{8E54EEF6-8A15-49CB-AE84-A3540640CCE5}
2015-09-03 15:47 - 2015-09-03 15:50 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 15:43 - 2015-09-03 15:43 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-03 15:43 - 2015-09-03 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-03 15:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-09-03 15:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-09-03 15:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-09-03 15:41 - 2015-09-03 15:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-03 15:41 - 2015-09-03 15:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-03 15:06 - 2015-09-03 15:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-13 19:44 - 2015-08-13 19:44 - 06420480 _____ C:\Program Files (x86)\GUTBB44.tmp
2015-08-13 19:44 - 2015-08-13 19:44 - 00000000 ____D C:\Program Files (x86)\GUMBB43.tmp
2015-08-13 19:09 - 2015-08-13 19:09 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 18:09 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 18:09 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 17:55 - 2013-11-26 17:32 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-03 17:53 - 2013-11-26 17:36 - 00000000 ____D C:\temp
2015-09-03 17:53 - 2013-06-26 00:27 - 00000000 ____D C:\ProgramData\APN
2015-09-03 17:53 - 2009-07-13 23:20 - 00000000 ____D C:\windows\Resources
2015-09-03 17:47 - 2012-04-27 23:53 - 01763920 _____ C:\windows\WindowsUpdate.log
2015-09-03 17:42 - 2012-06-27 23:02 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-09-03 17:23 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2015-09-03 16:11 - 2013-11-26 17:33 - 00002113 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-03 15:56 - 2015-04-03 17:35 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-03 15:52 - 2012-09-21 20:35 - 00000000 ____D C:\ProgramData\Yahoo!
2015-09-03 15:52 - 2012-09-21 20:35 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-09-03 15:50 - 2015-08-01 09:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2015-09-03 15:50 - 2015-04-03 17:35 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-03 15:50 - 2013-11-26 17:32 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-03 15:49 - 2015-04-09 15:56 - 00000000 ____D C:\Program Files\Reimage
2015-09-03 15:16 - 2015-04-09 15:54 - 00000156 _____ C:\windows\Reimage.ini
2015-08-15 13:06 - 2013-05-14 15:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-13 19:50 - 2015-08-01 09:53 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
2015-08-13 19:50 - 2015-04-08 18:13 - 00001210 _____ C:\windows\setupact.log
2015-08-13 19:50 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-13 19:30 - 2013-11-26 17:32 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-13 19:30 - 2009-11-12 23:08 - 00268636 _____ C:\windows\PFRO.log
2015-08-13 19:21 - 2013-04-12 19:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2015-08-13 19:00 - 2012-06-27 23:02 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 19:00 - 2012-06-27 23:02 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-13 19:00 - 2012-06-27 23:02 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Files in the root of some directories =======
 
2014-04-27 18:22 - 2014-04-27 18:22 - 6000640 _____ () C:\Program Files (x86)\GUT204D.tmp
2014-11-14 20:45 - 2014-11-14 20:45 - 6000640 _____ () C:\Program Files (x86)\GUT7F9B.tmp
2015-08-13 19:44 - 2015-08-13 19:44 - 6420480 _____ () C:\Program Files (x86)\GUTBB44.tmp
2014-05-30 22:24 - 2014-05-30 22:24 - 6103040 _____ () C:\Program Files (x86)\GUTD8E1.tmp
2015-04-03 16:31 - 2015-04-03 16:31 - 6103040 _____ () C:\Program Files (x86)\GUTFB30.tmp
2012-05-02 09:07 - 2015-04-20 20:42 - 0000106 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2014-09-28 01:02 - 2014-09-28 01:02 - 0000000 _____ () C:\Users\Owner\AppData\Local\{2F5E4761-ABD4-40F9-B571-31A28B308B7F}
2014-08-20 20:10 - 2014-08-20 20:10 - 0000000 _____ () C:\Users\Owner\AppData\Local\{97196EA8-44C7-4C9A-BA7E-7BA79CD02F04}
2014-10-21 17:12 - 2014-10-21 17:12 - 0000000 _____ () C:\Users\Owner\AppData\Local\{A54D49E1-9649-423D-A2C1-87CB26C070F0}
2012-11-10 23:12 - 2014-10-10 18:36 - 0006818 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\Owner\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Owner\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Owner\AppData\Local\Temp\SpotifyUninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-03 16:55
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Owner (2015-09-03 18:10:55)
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3531739367-1159155354-2930781424-500 - Administrator - Disabled)
Guest (S-1-5-21-3531739367-1159155354-2930781424-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3531739367-1159155354-2930781424-1002 - Limited - Enabled)
Owner (S-1-5-21-3531739367-1159155354-2930781424-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{A0880F03-8480-482E-1606-BC91669B0882}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windstream Support Center (HKLM-x32\...\Windstream-Windstream Support Center) (Version: 9.0.0.209 - Windstream Corporation.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
13-04-2015 21:04:02 Windows Update
19-04-2015 22:01:33 Windows Update
20-04-2015 15:47:45 Windows Update
21-04-2015 18:37:40 Windows Update
16-05-2015 09:01:59 Windows Update
21-05-2015 20:58:43 Windows Update
27-05-2015 22:01:15 Windows Update
31-05-2015 19:55:04 Windows Update
13-08-2015 19:03:07 Installed HP Support Solutions Framework
13-08-2015 19:43:57 Windows Update
03-09-2015 14:56:27 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C189B91-730E-4073-BB4A-92797FBF3C42} - System32\Tasks\{8E54EEF6-8A15-49CB-AE84-A3540640CCE5} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {7379B71D-9FA0-4CC7-8849-B326552AC644} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {BBFD68A0-105B-4575-BA6E-7950D7D39DA0} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: {D11F653B-A411-4B01-BD8F-74DE39D6B6B9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3531739367-1159155354-2930781424-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D7D997C0-5CB0-4CB5-975E-6A6B4AF633A3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {D7FA45C2-D50A-4617-AB6C-30DD711CC561} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3531739367-1159155354-2930781424-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DA3E0C5D-888E-49B5-9707-014BB6E417E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {EEAB8607-0E69-4CE3-919C-5A1945E415AF} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-05-04 13:45 - 2009-05-04 13:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-04-27 20:11 - 2012-04-27 20:11 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-09-03 16:09 - 2015-08-27 20:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-03 16:09 - 2015-08-27 20:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D6A680DC-CD7F-4F65-A2B5-1D77EE1B4630}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{04DE2063-CDF9-46D0-A2B6-57FF03B9C51F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BA7D41C0-7F2C-4B1E-9E17-B24D900AF785}] => (Allow) svchost.exe
FirewallRules: [{360A97C1-7022-4AF2-8830-B32EB56D7910}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{9D753CD6-DEDB-4F46-8C13-9DD2477E930E}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{DC71C4C0-871A-4316-9EB0-D396B256B714}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{36A1CAAA-8F4B-4A0C-BC0F-F0D5F2715E0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E6BE5B59-C9C6-4F00-B37E-0CB0830AC3C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5A78B2A7-FCBE-40AC-82BA-35F4E7F27CB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{9DA16C43-D665-4824-AC08-4B586B766A3A}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{3F48F319-1157-4870-8F27-A8A2DF220CDA}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [{7AEAF37E-3B44-4EB7-B30C-112EAEA1C919}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{23A745CB-24EF-41F0-A9FB-2725EFFEC86A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{733E6E3C-FCAC-4D09-9E1D-C03682A0DE18}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{57B1C3FB-DCDB-4CFC-AE9C-A920ACA49766}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{F286F14F-21C8-46C8-BFC9-64207D1E5F1A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DA846535-1EED-4AAF-8D55-FBFFA58A9628}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{198E0069-01E0-4FD2-8253-7FA25EE4D006}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{F0A03DA2-078E-4CC5-8E22-75F6D737C220}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{49DF5AA2-9CA8-4755-B2D0-0A344A2865DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{49B9E6D5-A11B-4D5E-AB39-4A1E186A4EB2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{A567C946-2CEB-4042-93CD-EE53D8F84C12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8F130F15-0B77-4EA8-A116-9F676AB75D7F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{66AEAD92-EF3B-4E4F-BEC8-AFAB74805850}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{95DFE8A0-11B9-43E4-8B82-872BE4C40B61}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{13CCD1F6-87F5-466E-9278-0013ED2A1E88}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{AC651BF0-807D-4E7A-85E5-0D4B38B253BB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui40.exe
FirewallRules: [TCP Query User{749CD600-454E-4085-8349-AA9BCF0B55B0}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{52411CB2-13F6-4263-BA14-BC5520B8C14F}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B586D895-B911-4646-9E70-D1CBFAD51B38}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/03/2015 04:59:53 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/13/2015 07:53:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: Owner-PC)
Description: Product: Adobe Reader XI (11.0.11) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011012}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (08/13/2015 06:59:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
Faulting module name: vc32.dll_unloaded, version: 0.0.0.0, time stamp: 0x55b496fe
Exception code: 0xc0000005
Fault offset: 0x6bed0ff6
Faulting process id: 0x1ca4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/13/2015 06:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
Faulting module name: vc32.dll_unloaded, version: 0.0.0.0, time stamp: 0x55b496fe
Exception code: 0xc0000005
Fault offset: 0x6bed0ff6
Faulting process id: 0x1ca4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (06/03/2015 01:52:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17801 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 127c
 
Start Time: 01d09e25824f3c5d
 
Termination Time: 94
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (06/03/2015 01:49:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ReiScanner.exe, version: 2.0.0.7, time stamp: 0x54bf60b8
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000374
Fault offset: 0x00000000000bf922
Faulting process id: 0xd04
Faulting application start time: 0xReiScanner.exe0
Faulting application path: ReiScanner.exe1
Faulting module path: ReiScanner.exe2
Report Id: ReiScanner.exe3
 
Error: (05/28/2015 08:35:34 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80.
 
Error: (05/28/2015 08:29:24 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped.  Verify that you have sufficient privileges to stop system services.
 
Error: (05/28/2015 08:24:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: iertutil.dll, version: 11.0.9600.17728, time stamp: 0x550257ef
Exception code: 0xc0000005
Fault offset: 0x001015ff
Faulting process id: 0x15f0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (05/28/2015 08:23:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cc0
 
Start Time: 01d095ce393c5bb1
 
Termination Time: 2356
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
 
System errors:
=============
Error: (09/03/2015 05:06:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service.
 
Error: (09/03/2015 04:55:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service.
 
Error: (09/03/2015 03:26:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/03/2015 03:01:23 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.254.2 with the system
having network hardware address 54-26-96-A1-D9-B7. Network operations on this system may
be disrupted as a result.
 
Error: (09/03/2015 02:59:34 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 115.6.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/03/2015 02:59:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.203.2099.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/03/2015 02:59:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.203.2099.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/03/2015 02:54:27 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (08/15/2015 01:09:01 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%834
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%838
 
Error: (08/15/2015 01:08:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ II Dual-Core Mobile M500
Percentage of memory in use: 75%
Total physical RAM: 1788.17 MB
Available physical RAM: 446.91 MB
Total Virtual: 3917.97 MB
Available Virtual: 1780.95 MB
 
==================== Drives ================================
 
Drive c: (TI105736W0B) (Fixed) (Total:287.61 GB) (Free:240.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: DEE3CEC5)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements

#2
zep516
Posted 04 September 2015 - 04:27 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

I'll be with you as soon as possible.

Could you post the Malwaerbytes log.

open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.[/list]

  • 0

#3
smwifey
Posted 04 September 2015 - 04:49 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/3/2015
Scan Time: 4:24 PM
Logfile: mbam9415.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.03.07
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363024
Time Elapsed: 1 hr, 9 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 17
PUP.Optional.DynConIE, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [6023c269a9e2a78fe413a82fe71bec14], 
PUP.Optional.DynConIE, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [6023c269a9e2a78fe413a82fe71bec14], 
PUP.Optional.DynConIE, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [6023c269a9e2a78fe413a82fe71bec14], 
PUP.Optional.AdPeak, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [ee9588a3612af93d9b4cf0e55aa8b947], 
PUP.Optional.AdPeak, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [ee9588a3612af93d9b4cf0e55aa8b947], 
PUP.Optional.AdPeak, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [ee9588a3612af93d9b4cf0e55aa8b947], 
PUP.Optional.AdPeak, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [ee9588a3612af93d9b4cf0e55aa8b947], 
PUP.Optional.SearchProtect, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [285bbc6fccbf9e98b447f3e9ea189f61], 
PUP.Optional.AdPeak, HKLM\SOFTWARE\LevelQualityWatcher, Quarantined, [c1c28f9c6c1fd85ee1c24f28d430cc34], 
PUP.Optional.ScorpionSaver, HKLM\SOFTWARE\Scorpion Saver, Quarantined, [96edf53694f75bdbb5e01d3cf80ccf31], 
PUP.Optional.SpeedTestAnalysis, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kckgnnipheglejoddfhekdjpbdbinhmb, Quarantined, [354e17140d7ebe78c6fe1d92e51f57a9], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111271159}, Quarantined, [a7dc82a98ffc1521229a5c2aee1623dd], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [196a58d37813e84ef5fac2e8b4500cf4], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM, Quarantined, [1e65b87324678baba24e7f2b21e352ae], 
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [c7bc4cdf86058ea893bfad9dde26f010], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b8cb6cbff299c96def7d7c09e3211ae6], 
PUP.Optional.AdPeak, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, Quarantined, [1370ad7eccbfd1659712adc7689ca45c], 
 
Registry Values: 11
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [ceb55ecde7a490a6c515d35d1be8f40c]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111271159}|AppName, Lucky Savings-bg.exe, Quarantined, [a7dc82a98ffc1521229a5c2aee1623dd]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [c7bc51dadcaf45f117c367c94db6a25e]
PUP.Optional.SpeedTestAnalysis, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected], Quarantined, [127143e8dbb03cfa8243e8c714f0966a]
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [196a58d37813e84ef5fac2e8b4500cf4]
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM|TS, 2, Quarantined, [1e65b87324678baba24e7f2b21e352ae]
PUP.Optional.Conduit, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://search.condui...chTerms}&SSPV=,Quarantined, [e79cf734bdceea4cb845e69b39cb619f]
PUP.Optional.Conduit, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.searc...={searchTerms},Quarantined, [abd8dd4e1378aa8c03fadfa20ef6db25]
PUP.Optional.Trovi, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi search, Quarantined, [265d220932593006df79298c907432ce]
PUP.Optional.SpeedTestAnalysis, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected], Quarantined, [fe85a784bccfbc7a82415956c3410cf4]
PUP.Optional.SocialPrivacy, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\Social Privacy\FF\, Quarantined, [d6ad3eedbccf71c558e6441ee321b54b]
 
Registry Data: 2
PUP.Optional.Conduit, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.condui...29A13CEFD&SSPV=, Good: (www.google.com), Bad: (http://search.conduit.com/?ctid=CT3323128&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP47B970E9-F886-4AFE-B8F1-3BB29A13CEFD&SSPV=),Replaced,[ff84f734f5961521900f550c699ca65a]
PUM.Hijack.StartMenu, HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),Replaced,[0380e34890fbb482c20738240ef7738d]
 
Folders: 45
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\Logs, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\SearchProtect, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Roaming\SpeedTestAnalysis, Quarantined, [721163c843484de9318ed6d9c83c966a], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [671cef3c4c3f330355b17a7cee14936d], 
PUP.Optional.AdPeak, C:\Program Files\Level Quality Watcher, Quarantined, [790aaa81fb90d660e7338f6853af26da], 
PUP.Optional.AdPeak, C:\Program Files\Level Quality Watcher\v1.01, Quarantined, [790aaa81fb90d660e7338f6853af26da], 
PUP.Optional.IBUpdater, C:\ProgramData\IBUpdaterService, Quarantined, [483b2b0082092c0a084560ac1fe4f709], 
PUP.Optional.InternetUpdater, C:\ProgramData\InternetUpdater, Quarantined, [e79caf7c7813bc7a9c554bc1d0336b95], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\Logs, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\Logs, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\UI, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\UI\rep, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect, Quarantined, [2a59111a8dfe3ef82e24a078b05348b8], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\Logs, Quarantined, [2a59111a8dfe3ef82e24a078b05348b8], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, Quarantined, [2a59111a8dfe3ef82e24a078b05348b8], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [2a59111a8dfe3ef82e24a078b05348b8], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected], Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\mz, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\skin, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\mz, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
 
Files: 173
PUP.Optional.InternetUpdaterService, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, Quarantined, [ccb7dd4e226966d0f0ceefcf0100f30d], 
PUP.Optional.AdPeak, C:\temp\ScorpionSaver.msi, Quarantined, [394ac7642566ca6c0ea00c3d80857090], 
PUP.Optional.AdPeak, C:\temp\t.msi, Quarantined, [9ae91417434803337439a7a273926d93], 
PUP.Optional.Conduit, C:\Windows\Temp\nsa8441.exe, Quarantined, [94ef67c4a3e86bcb5ca4f8c4af5223dd], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsbDE9F.exe, Quarantined, [f68d2704fe8d072f4d8e1aa6c73a26da], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsc9B59.exe, Quarantined, [602369c24f3c70c65d7e635d0001e11f], 
PUP.Optional.Conduit, C:\Windows\Temp\nsd1172.exe, Quarantined, [2c574fdc8dfe3ef8ff01407c50b12fd1], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsd53B0.exe, Quarantined, [533081aa7219b383bc1fa21edc250ef2], 
PUP.Optional.Conduit, C:\Windows\Temp\nsf56FA.exe, Quarantined, [2b589a916a21ff37e9177f3daa57af51], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsf9E25.exe, Quarantined, [5c2747e45338ca6c9d3ebb05996839c7], 
PUP.Optional.Conduit, C:\Windows\Temp\nsfCEC7.exe, Quarantined, [5c275ad118730c2ac33d1ca091709e62], 
PUP.Optional.Conduit, C:\Windows\Temp\nsi2D0C.exe, Quarantined, [c6bd1d0e2b604aecc040289448b943bd], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsiC95B.exe, Quarantined, [cab950db79121d193e9d5e621de4e41c], 
PUP.Optional.Conduit, C:\Windows\Temp\nstD3E5.exe, Quarantined, [97ec60cb5a31fa3c42be3488d32eb947], 
PUP.Optional.Conduit, C:\Windows\Temp\nsv7D1.exe, Quarantined, [e79c1d0e117a0a2cd32dd3e9fb0611ef], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsvC0A4.exe, Quarantined, [9ee562c99eeda4924398318f5da48779], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsw12E9.exe, Quarantined, [0d7622097516f54121ba6060a45d5ca4], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsx5267.exe, Quarantined, [067d2704464595a14794dae6e021ab55], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsx5564.exe, Quarantined, [e0a30b2095f6d26409d23e8261a03fc1], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsx56AB.exe, Quarantined, [c7bc4be08902f93d1ebd3c8441c09070], 
PUP.Optional.Conduit, C:\Windows\Temp\nszB56E.exe, Quarantined, [89fad556e0abfc3a60a0d2ea1de4c33d], 
PUP.Optional.Conduit, C:\Windows\Temp\nsj91D7.exe, Quarantined, [d1b2d853f4971323c23eb10b06fba759], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsk9E44.exe, Quarantined, [a9daee3dbfcca492508be5db4ab75ca4], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsn5B2E.exe, Quarantined, [691a0d1e9fec67cf2ab14f71ab56ee12], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsnC7B5.exe, Quarantined, [a6dd002bc3c8ee486576813f9f625ba5], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsqC0D3.exe, Quarantined, [dba89a91553655e1edeed2ee0cf557a9], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nssBA6D.exe, Quarantined, [552e46e542497fb746950db331d0d22e], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nssC786.exe, Quarantined, [018263c804875ed8c813576951b0db25], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nssE092.exe, Quarantined, [1e6570bb4a4146f05982c7f919e8d42c], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsiE498.exe, Quarantined, [e69d9992583337ff95468739b94833cd], 
PUP.Optional.Conduit, C:\Windows\Temp\nszF4DE.exe, Quarantined, [f98a56d5078448eede22516b34cd06fa], 
PUP.Optional.SearchProtect, C:\Windows\Temp\4F34.tmp\bvxvbvef.exe, Quarantined, [483bf437adde1c1a830d6de3c63b59a7], 
PUP.Optional.SearchProtect, C:\Windows\Temp\4F34.tmp\pbqrmvbub, Quarantined, [f390d457b7d40f27f6e69c2425dc31cf], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsv8D79.tmp\SPTool.dll, Quarantined, [7e05171427644fe7424e70e042bf0cf4], 
PUP.Optional.SearchProtect, C:\Windows\Temp\nsxC247.tmp\SPTool.dll, Quarantined, [a3e0a289b4d7dd590888a1af936e30d0], 
PUP.Optional.AirInstaller, C:\Users\Owner\Downloads\setup (1).exe, Quarantined, [156e4edd9cef94a271b79b510df304fc], 
PUP.Optional.AirInstaller, C:\Users\Owner\Downloads\setup.exe, Quarantined, [493a73b82566e84e111700ecf10faa56], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\CRASH_REPORT_P1448_T3940_D2015_04_25_T19_53_34.txt, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\CRASH_REPORT_P3832_T3592_D2015_04_10_T15_19_15.txt, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391452651593, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391452651796, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1428962005005, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1432313937374, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1438437153763, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1439506705692, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [750e0922523982b493448723e2226799], 
PUP.Optional.ShoppingGate, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [354e80abd3b8de58c554793407fdaf51], 
PUP.Optional.ShoppingGate, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [3a49fe2d3c4f0b2b7c9d842907fdbb45], 
PUP.Optional.SpeedAnalysis2, C:\Users\Owner\AppData\Roaming\speedanalysis.ico, Quarantined, [dba88d9e2c5f53e3246e05aa30d4916f], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx, Quarantined, [721163c843484de9318ed6d9c83c966a], 
PUP.Optional.IBUpdater, C:\ProgramData\IBUpdaterService\repository.xml, Quarantined, [483b2b0082092c0a084560ac1fe4f709], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Users\Owner\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [156e5ecd1873c3733e0e44d4e81b847c], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [2a59111a8dfe3ef82e24a078b05348b8], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome.manifest, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\install.rdf, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\background.html, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\bg.js, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\button.xml, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\config.js, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\content.js, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\framework.js, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\framework.xul, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\icon128.png, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\icon16.png, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\icon24.ico, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\icon24.png, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\icon32.ico, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\icon32.png, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\icon48.png, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\jquery-1.6.2.min.js, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\options.xul, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\settings.json, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\mz\background.js, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\mz\content.js, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedAnalysis, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\skin\framework.css, Quarantined, [ed9684a7cac13006ad5a0a1156ad4fb1], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\background.html, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\bg.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\ci.bg.pack.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\ci.browser.helper.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\ci.content.pack.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\content.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\icon128.png, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\icon16.png, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\icon24.ico, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\icon24.png, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\icon32.ico, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\icon32.png, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\icon48.png, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\jquery-1.6.2.min.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\jquery.uuid.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\manifest.json, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\popup.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\settings.json, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\mz\background.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
PUP.Optional.SpeedTestAnalysis, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\mz\content.js, Quarantined, [d5ae6ebd96f51c1a4be07aa1f60d18e8], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#4
zep516
Posted 04 September 2015 - 05:00 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Looks like a daughters Laptop :)

We need to do a fix using FRST, and run two additional adware scans, adwCleaner and jrt. Instructions to follow:

A few items to fix using FRST;

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {9EF03CEF-F29F-465B-A9F6-011D090CCD33} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9EF03CEF-F29F-465B-A9F6-011D090CCD33} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {1E826E46-051F-4515-ABBA-DB07B3BB5707} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {1E826E46-051F-4515-ABBA-DB07B3BB5707} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {1E826E46-051F-4515-ABBA-DB07B3BB5707} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {6C93D6B2-AB48-442F-BA92-43DF24926F9B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^HP&apn_dtid=^YYYYYY^YY^US&apn_uid=14890bea-1149-42cd-9cae-db7cbe9aa7b7&apn_sauid=14DEB616-9A83-456A-A3BF-28C8303FE964
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2015-08-13 19:44 - 2015-08-13 19:44 - 06420480 _____ C:\Program Files (x86)\GUTBB44.tmp
2015-08-13 19:44 - 2015-08-13 19:44 - 00000000 ____D C:\Program Files (x86)\GUMBB43.tmp
2015-09-03 17:53 - 2013-06-26 00:27 - 00000000 ____D C:\ProgramData\APN
2015-09-03 15:49 - 2015-04-09 15:56 - 00000000 ____D C:\Program Files\Reimage
2015-09-03 15:16 - 2015-04-09 15:54 - 00000156 _____ C:\windows\Reimage.ini
2014-04-27 18:22 - 2014-04-27 18:22 - 6000640 _____ () C:\Program Files (x86)\GUT204D.tmp
2014-11-14 20:45 - 2014-11-14 20:45 - 6000640 _____ () C:\Program Files (x86)\GUT7F9B.tmp
2015-08-13 19:44 - 2015-08-13 19:44 - 6420480 _____ () C:\Program Files (x86)\GUTBB44.tmp
2014-05-30 22:24 - 2014-05-30 22:24 - 6103040 _____ () C:\Program Files (x86)\GUTD8E1.tmp
2015-04-03 16:31 - 2015-04-03 16:31 - 6103040 _____ () C:\Program Files (x86)\GUTFB30.tmp
Task: {BBFD68A0-105B-4575-BA6E-7950D7D39DA0} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at "C"

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#5
smwifey
Posted 04 September 2015 - 06:37 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Owner (2015-09-04 19:14:25) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {9EF03CEF-F29F-465B-A9F6-011D090CCD33} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9EF03CEF-F29F-465B-A9F6-011D090CCD33} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {1E826E46-051F-4515-ABBA-DB07B3BB5707} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {1E826E46-051F-4515-ABBA-DB07B3BB5707} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {1E826E46-051F-4515-ABBA-DB07B3BB5707} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> {6C93D6B2-AB48-442F-BA92-43DF24926F9B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^HP&apn_dtid=^YYYYYY^YY^US&apn_uid=14890bea-1149-42cd-9cae-db7cbe9aa7b7&apn_sauid=14DEB616-9A83-456A-A3BF-28C8303FE964
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3531739367-1159155354-2930781424-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2015-08-13 19:44 - 2015-08-13 19:44 - 06420480 _____ C:\Program Files (x86)\GUTBB44.tmp
2015-08-13 19:44 - 2015-08-13 19:44 - 00000000 ____D C:\Program Files (x86)\GUMBB43.tmp
2015-09-03 17:53 - 2013-06-26 00:27 - 00000000 ____D C:\ProgramData\APN
2015-09-03 15:49 - 2015-04-09 15:56 - 00000000 ____D C:\Program Files\Reimage
2015-09-03 15:16 - 2015-04-09 15:54 - 00000156 _____ C:\windows\Reimage.ini
2014-04-27 18:22 - 2014-04-27 18:22 - 6000640 _____ () C:\Program Files (x86)\GUT204D.tmp
2014-11-14 20:45 - 2014-11-14 20:45 - 6000640 _____ () C:\Program Files (x86)\GUT7F9B.tmp
2015-08-13 19:44 - 2015-08-13 19:44 - 6420480 _____ () C:\Program Files (x86)\GUTBB44.tmp
2014-05-30 22:24 - 2014-05-30 22:24 - 6103040 _____ () C:\Program Files (x86)\GUTD8E1.tmp
2015-04-03 16:31 - 2015-04-03 16:31 - 6103040 _____ () C:\Program Files (x86)\GUTFB30.tmp
Task: {BBFD68A0-105B-4575-BA6E-7950D7D39DA0} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9EF03CEF-F29F-465B-A9F6-011D090CCD33}" => key removed successfully
HKCR\CLSID\{9EF03CEF-F29F-465B-A9F6-011D090CCD33} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1E826E46-051F-4515-ABBA-DB07B3BB5707}" => key removed successfully
HKCR\Wow6432Node\CLSID\{1E826E46-051F-4515-ABBA-DB07B3BB5707} => key not found. 
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E826E46-051F-4515-ABBA-DB07B3BB5707}" => key removed successfully
HKCR\CLSID\{1E826E46-051F-4515-ABBA-DB07B3BB5707} => key not found. 
"HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C93D6B2-AB48-442F-BA92-43DF24926F9B}" => key removed successfully
HKCR\CLSID\{6C93D6B2-AB48-442F-BA92-43DF24926F9B} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
MREMP50 => service removed successfully
MREMP50a64 => service removed successfully
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
MRESP50 => service removed successfully
MRESP50a64 => service removed successfully
RtsUIR => service removed successfully
USBCCID => service removed successfully
C:\Program Files (x86)\GUTBB44.tmp => moved successfully
C:\Program Files (x86)\GUMBB43.tmp => moved successfully
C:\ProgramData\APN => moved successfully
"C:\Program Files\Reimage" => File/Folder not found.
C:\windows\Reimage.ini => moved successfully
C:\Program Files (x86)\GUT204D.tmp => moved successfully
C:\Program Files (x86)\GUT7F9B.tmp => moved successfully
"C:\Program Files (x86)\GUTBB44.tmp" => File/Folder not found.
C:\Program Files (x86)\GUTD8E1.tmp => moved successfully
C:\Program Files (x86)\GUTFB30.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBFD68A0-105B-4575-BA6E-7950D7D39DA0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBFD68A0-105B-4575-BA6E-7950D7D39DA0}" => key removed successfully
C:\windows\System32\Tasks\Reimage Reminder => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder" => key removed successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {B9627FAB-3E8E-4AE9-A885-20434E239064}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3531739367-1159155354-2930781424-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.4 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 19:17:25 ====
 
# AdwCleaner v5.005 - Logfile created 04/09/2015 at 20:02:14
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_5.005.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\HiDefMedia
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
[-] Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Owner\AppData\LocalLow\visi_coupon
[-] Folder Deleted : C:\Users\Owner\AppData\LocalLow\YahooCouponAddOn
[-] Folder Deleted : C:\Users\Owner\Documents\reimage repair
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Public\Desktop\HiDef Media Player.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Cr_Installer
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\reimagerepair
[-] Key Deleted : HKLM\SOFTWARE\InfoAtoms
[-] Key Deleted : HKLM\SOFTWARE\PIP
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\Cr_Installer
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\Reimage
[!] Key Not Deleted : [x64] HKCU\Software\reimagerepair
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5059 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Fri 09/04/2015 at 20:23:40.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271159}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271159}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/04/2015 at 20:28:55.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#6
zep516
Posted 04 September 2015 - 06:41 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

What issues are still present and in what browser do they occur in ?

Feel free to use the computer for a while and get back to me.

Thanks
Joe :)
  • 0

#7
smwifey
Posted 04 September 2015 - 07:08 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

Will do.  Thanks so much for all your help.


  • 0

#8
zep516
Posted 06 September 2015 - 11:41 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
How are things doing now ?

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP