Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware on Windows 7 PC [Solved]


  • This topic is locked This topic is locked

#1
scewter

scewter

    Member

  • Member
  • PipPipPip
  • 149 posts

I'm not sure what I've got but it's preventing me from using the internet and most of my programs. It occurred during an attempted download of an appliance instruction manual.

 

I ran a scan of Malwarebytes Anti-Malware and noticed it detected hundreds of threats (800+), but I was unable to access the program to delete them. Could only see the results. In running Task Manager I'm seeing an additional 40+ processes operating than were there previously. I've also run CCleaner to clean it up some more.

 

I am sending this from my laptop as I cannot control access on my browser and as such am unable to log-in on this site. I am able to start and run the computer in the Safe-Mode, but have no internet access as such.

 

That's as far as I have gotten, so I've decided to turn to the experts on this forum for guidance. Here are the two FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Scott (administrator) on SCOTT-PC (07-01-2016 16:07:48)
Running from Y:\Scotty\Desktop
Loaded Profiles: Scott (Available Profiles: Scott & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Scott\AppData\Local\TheBrowser\Application\TheBrowser.exe" -- "%1")
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-01-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-01-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ospd_us_014010200] => [X]
HKLM-x32\...\Run: [gmsd_us_005010200] => C:\Program Files (x86)\gmsd_us_005010200\gmsd_us_005010200.exe [3972784 2016-01-07] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.11772\ioproduct_service.bat [164 2016-01-07] ()
HKLM-x32\...\RunOnce: [upgmsd_us_005010200.exe] => C:\Users\Scott\AppData\Local\gmsd_us_005010200\upgmsd_us_005010200.exe [3262640 2016-01-07] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381952 2015-10-11] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [DeskBar] => C:\Users\Scott\AppData\Local\DeskBar\dblaunch.exe [243200 2015-10-29] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: {91b984ca-2f84-11e4-b2ba-180373b1ac40} - I:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\ProgramData\FlashBeat\THIHPQ64.dll => C:\ProgramData\FlashBeat\THIHPQ64.dll [1096704 2016-01-06] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\THIHPQ32.dll => C:\ProgramData\FlashBeat\THIHPQ32.dll [855552 2016-01-06] (FlashBeat)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk [2016-01-07]
ShortcutTarget: AllPCoptimizer.exe.lnk -> C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2013-12-21]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk [2016-01-07]
ShortcutTarget: PlutoTV.lnk -> C:\Program Files (x86)\Pluto TV\PlutoTV.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SearchTooKnowDesktopSearch.lnk [2016-01-07]
ShortcutTarget: SearchTooKnowDesktopSearch.lnk -> C:\ProgramData\Search Too Know\SearchTooKnowDesktopSearch.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-667926241-938725764-3588881007-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-667926241-938725764-3588881007-1000] => http=127.0.0.1:8800
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33953347-52EE-4DE5-8083-A08942394243}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3F1DA497-3454-43C5-85F2-5F449B44E28B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggacwoIUlsVEhgSeA0BTA0VGQ0OeQ9ZAxQXQg0QclsJA19BRQAFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlElTlpoLlZP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggacwoIUlsVEhgSeA0BTA0VGQ0OeQ9ZAxQXQg0QclsJA19BRQAFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlElTlpoLlZP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> {4E6D4C86-0930-4323-98A4-1F372305E93C} URL = hxxp://www-mysearch.com/s.ashx?prd=opensearch&q={searchTerms}&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> {B9FC1626-B751-4C59-9FB3-99C00CF86539} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggacwoIUlsVEhgSeA0BTA0VGQ0OeQ9ZAxQXQg0QclsJA19BRQAFIk0FA18DB0VXfV9eFElXTwhwJVhKAlElTlpoLlZP
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAwQcwkLA11CDAQbdAAVVV1JGRgadlhaTF8SGQYRIghaBwkVFBNBNARaB0tXUUEeJl9NER8fHGZGIUtbCW0eTn5NL04=
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTR0cFME0FB18EURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
FF SelectedSearchEngine: Default
FF DefaultSearchEngine: Default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\user.js [2016-01-07]
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\searchplugins\search-simple.xml [2016-01-07]
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\searchplugins\smod.xml [2016-01-07]
FF Extension: Search Too Know - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\Extensions\{926a21b7-3759-4709-b3b4-19e3d3e49b40}.xpi [2016-01-07] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-08] <==== ATTENTION

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-07] () [File not signed]
S2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
S2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S2 dTqFXWThya; C:\ProgramData\JwDgdEtp\dTqFXWThya.exe [3002336 2016-01-07] (Ratio Applications)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 Service Mgr SearchTooKnow; C:\ProgramData\457082ba-095e-4f86-8a98-c078f3146538\plugincontainer.exe [783584 2016-01-07] () <==== ATTENTION
S2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-10-11] () [File not signed]
S2 swsesrvc_1.10.0.25; C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe [301648 2015-09-22] (SS)
S2 TheScreenSnapshotService; C:\Program Files (x86)\ScreenSnapshotTool\1.1.0.11130\ScreenShotServ.exe [153248 2015-12-07] ()
S2 Update Mgr SearchTooKnow; C:\Program Files (x86)\Common Files\457082ba-095e-4f86-8a98-c078f3146538\updater.exe [646368 2016-01-07] () <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wucotusy; C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\hnskBC18.tmp [416256 2016-01-07] () [File not signed]
S2 zigipyro; C:\Users\Scott\AppData\Local\4C4C4544-1452174645-3310-8048-B7C04F305231\qnshB57B.tmp [158720 2015-12-26] () [File not signed]
S3 ZuneWlanCfgSvc; C:\Windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation)
S2 zutuzuni; C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\jnskA710.tmp [307712 2016-01-07] () [File not signed]
S2 lufolegozbt; C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\knsz91C5.tmpfs [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 swsedrvr_vt_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys [61304 2015-09-22] (SS)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-07 16:05 - 2016-01-07 16:07 - 00175914 _____ C:\Windows\ntbtlog.txt
2016-01-07 16:00 - 2016-01-07 16:07 - 00000000 ____D C:\FRST
2016-01-07 14:23 - 2016-01-07 14:23 - 00000000 ____D C:\Users\Scott\AppData\Local\ElevatedDiagnostics
2016-01-07 14:12 - 2016-01-07 14:12 - 00000000 ____D C:\Users\Scott\AppData\Local\TVTime
2016-01-07 14:10 - 2016-01-07 14:15 - 00000362 _____ C:\Windows\Tasks\AmiUpdXp.job
2016-01-07 14:10 - 2016-01-07 14:10 - 00003400 _____ C:\Windows\System32\Tasks\AmiUpdXp
2016-01-07 14:10 - 2016-01-07 14:10 - 00000000 ____D C:\Users\Scott\AppData\Local\3473
2016-01-07 13:57 - 2016-01-07 14:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ScreenSnapshotTool
2016-01-07 13:57 - 2016-01-07 13:57 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-01-07 13:57 - 2016-01-07 13:57 - 00000000 ____D C:\Program Files (x86)\ScreenSnapshotTool
2016-01-07 13:56 - 2016-01-07 14:15 - 00000292 _____ C:\Windows\Tasks\PC-Mechanic Startup.job
2016-01-07 13:56 - 2016-01-07 14:15 - 00000000 ____D C:\Users\Scott\AppData\Local\PlutoTV
2016-01-07 13:56 - 2016-01-07 14:14 - 00000278 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job
2016-01-07 13:56 - 2016-01-07 13:56 - 00003216 _____ C:\Windows\System32\Tasks\PC-Mechanic Maintenance
2016-01-07 13:56 - 2016-01-07 13:56 - 00002584 _____ C:\Windows\System32\Tasks\PC-Mechanic Startup
2016-01-07 13:56 - 2016-01-07 13:56 - 00001172 _____ C:\Users\Public\Desktop\PC Mechanic.lnk
2016-01-07 13:56 - 2016-01-07 13:56 - 00001093 _____ C:\Users\Public\Desktop\PlutoTV.lnk
2016-01-07 13:56 - 2016-01-07 13:56 - 00000013 _____ C:\Users\Scott\.pluto.tv
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Uniblue
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pluto TV
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\Program Files (x86)\Uniblue
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2016-01-07 13:55 - 2016-01-07 14:14 - 00000000 ____D C:\Program Files (x86)\Search Too Know
2016-01-07 13:55 - 2016-01-07 13:56 - 00000000 ____D C:\ProgramData\457082ba-095e-4f86-8a98-c078f3146538
2016-01-07 13:55 - 2016-01-07 13:55 - 00000000 ____D C:\Users\Scott\AppData\Roaming\OpenCandy
2016-01-07 13:55 - 2016-01-07 13:55 - 00000000 ____D C:\ProgramData\Search Too Know
2016-01-07 13:55 - 2016-01-07 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search Too Know
2016-01-07 13:54 - 2016-01-07 13:54 - 00003428 _____ C:\Windows\System32\Tasks\Eotnuaivg
2016-01-07 13:54 - 2016-01-07 13:54 - 00000000 ____D C:\ProgramData\Eotnuaivg
2016-01-07 13:52 - 2016-01-07 14:17 - 00000000 ____D C:\Users\Scott\AppData\Local\gmsd_us_005010200
2016-01-07 13:52 - 2016-01-07 13:52 - 00003442 _____ C:\Windows\System32\Tasks\IBUpd
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBrowser
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\Users\Scott\AppData\Local\TheBrowser
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010200
2016-01-07 13:51 - 2016-01-07 13:51 - 00001077 _____ C:\Users\Public\Desktop\KNCTR.lnk
2016-01-07 13:51 - 2016-01-07 13:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Itibiti
2016-01-07 13:51 - 2016-01-07 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2016-01-07 13:51 - 2016-01-07 13:51 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-01-07 13:50 - 2016-01-07 14:17 - 00003734 _____ C:\Windows\System32\Tasks\SecurityApps2
2016-01-07 13:50 - 2016-01-07 13:50 - 00000000 ____D C:\Users\Scott\AppData\Local\SecurityApps
2016-01-07 13:50 - 2016-01-07 13:50 - 00000000 ____D C:\Users\Scott\AppData\Local\4C4C4544-1452174645-3310-8048-B7C04F305231
2016-01-07 13:50 - 2016-01-07 13:50 - 00000000 ____D C:\Program Files (x86)\PC Optimizer
2016-01-07 13:49 - 2016-01-07 14:11 - 00000000 ____D C:\ProgramData\JwDgdEtp
2016-01-07 13:49 - 2016-01-07 13:51 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.11772
2016-01-07 13:49 - 2016-01-07 13:50 - 00000000 ____D C:\ProgramData\DataFile
2016-01-07 13:49 - 2016-01-07 13:49 - 00002615 _____ C:\Users\Public\Desktop\AllPCOptimizer.exe.lnk
2016-01-07 13:49 - 2016-01-07 13:49 - 00000008 _____ C:\END
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\ProgramData\TVTime
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All PC Optimizer
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Program Files (x86)\AllPCOptimizer
2016-01-07 13:48 - 2016-01-07 14:14 - 00000342 ____H C:\Windows\Tasks\IKRNRNFTJUKUGYYE.job
2016-01-07 13:48 - 2016-01-07 14:14 - 00000330 _____ C:\Windows\Tasks\AKAJBNYC1.job
2016-01-07 13:48 - 2016-01-07 13:52 - 00000000 ____D C:\Users\Scott\AppData\Local\DeskBar
2016-01-07 13:48 - 2016-01-07 13:48 - 00004220 _____ C:\Windows\System32\Tasks\amiupdaterExi
2016-01-07 13:48 - 2016-01-07 13:48 - 00004182 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2016-01-07 13:48 - 2016-01-07 13:48 - 00004176 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2016-01-07 13:48 - 2016-01-07 13:48 - 00003402 _____ C:\Windows\System32\Tasks\amiupdaterExd
2016-01-07 13:48 - 2016-01-07 13:48 - 00003376 _____ C:\Windows\System32\Tasks\IKRNRNFTJUKUGYYE
2016-01-07 13:48 - 2016-01-07 13:48 - 00002852 _____ C:\Windows\System32\Tasks\AKAJBNYC1
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\ProgramData\Service1291
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\ProgramData\FlashBeat
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25
2016-01-07 13:06 - 2016-01-07 13:06 - 00000000 ____D C:\ProgramData\sushileads
2016-01-07 13:05 - 2016-01-07 13:05 - 00001443 _____ C:\ProgramData\tempimage.bmp
2016-01-07 13:04 - 2016-01-07 13:14 - 00000000 ____D C:\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231
2016-01-07 13:04 - 2016-01-07 13:02 - 00000178 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-07 13:03 - 2016-01-07 13:03 - 00001826 _____ C:\Users\Scott\Desktop\Note-Up.lnk
2016-01-07 13:03 - 2016-01-07 13:03 - 00001826 _____ C:\Users\Guest\Desktop\Note-Up.lnk
2016-01-07 13:03 - 2016-01-07 13:03 - 00000000 ___HD C:\Program Files\AmazingTab
2016-01-07 13:03 - 2016-01-07 13:03 - 00000000 ____D C:\Program Files\amztab
2016-01-07 13:03 - 2016-01-07 13:03 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231
2016-01-07 13:01 - 2016-01-07 13:06 - 00000000 ____D C:\Program Files (x86)\sushileads
2016-01-07 13:01 - 2016-01-07 13:01 - 00003512 _____ C:\Windows\System32\Tasks\SushiLeads
2015-12-19 12:07 - 2015-12-20 09:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-17 16:08 - 2015-12-17 16:08 - 02560512 _____ (winpcoptimizerbetatwo) C:\Windows\Allpcoptimizer.exe
2015-12-17 16:08 - 2015-12-17 16:08 - 00155136 _____ C:\Windows\Allpcoptimizer.pdb
2015-12-10 18:22 - 2015-12-10 18:22 - 00188104 _____ C:\ods.exe
2015-12-08 14:56 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 14:56 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 14:56 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 14:56 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 14:56 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 14:56 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 14:56 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 14:56 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 14:56 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 14:56 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 14:56 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 14:56 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 14:56 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 14:56 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 14:56 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 14:56 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 14:56 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 14:56 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 14:56 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 14:56 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 14:56 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 14:56 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 14:56 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 14:56 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 14:56 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 14:56 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 14:56 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 14:56 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 14:56 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 14:56 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 14:56 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 14:56 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 14:56 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 14:56 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 14:56 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 14:56 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 14:56 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 14:56 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 14:56 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 14:56 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 14:56 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 14:56 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 14:56 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 14:56 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 14:56 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 14:56 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 14:56 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 14:56 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 14:56 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 14:56 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 14:56 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 14:56 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 14:56 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 14:56 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 14:56 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 14:56 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 14:56 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 14:56 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 14:56 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 14:56 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 14:56 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 14:56 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 14:56 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 14:56 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 14:56 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 14:56 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 14:56 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 14:56 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 14:56 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 14:56 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 14:56 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 14:56 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 14:56 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 14:56 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 14:56 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 14:56 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 14:56 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 14:56 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 14:56 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 14:56 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 14:56 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 14:56 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 14:56 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 14:56 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 14:56 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-08 14:56 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-08 14:56 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 14:56 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 14:56 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 14:56 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 14:56 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 14:56 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-08 14:56 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 14:56 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 14:56 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 14:56 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 14:56 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 14:56 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 14:56 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-08 14:56 - 2015-10-08 14:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 14:56 - 2015-10-08 13:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-08 13:52 - 2015-12-08 13:52 - 00000151 _____ C:\ods.exe.config

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-07 16:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-07 16:03 - 2014-11-30 00:00 - 00000000 ____D C:\Windows\Minidump
2016-01-07 16:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-07 15:05 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-07 14:17 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-07 14:17 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-07 14:14 - 2013-05-26 10:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-07 14:14 - 2013-02-21 09:47 - 00001610 _____ C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-07 14:14 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-07 13:56 - 2013-02-21 09:46 - 00000000 ____D C:\Users\Scott
2016-01-07 13:51 - 2013-06-05 17:00 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-07 13:51 - 2013-06-05 17:00 - 00001340 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-07 13:44 - 2013-05-26 10:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-20 09:22 - 2013-07-31 14:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-18 14:57 - 2013-06-05 17:37 - 00000000 ____D C:\Users\Scott\AppData\Roaming\MediaMonkey
2015-12-17 22:18 - 2011-06-08 17:58 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-17 22:17 - 2015-04-06 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-17 22:17 - 2015-04-06 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-09 13:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 10:31 - 2009-07-13 23:45 - 00413176 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 00:35 - 2013-05-31 13:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 00:34 - 2013-06-05 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 00:34 - 2013-06-05 19:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 00:34 - 2013-06-05 19:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 00:32 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:30 - 2011-06-08 13:21 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:39 - 2011-06-08 16:21 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:24 - 2013-12-21 20:36 - 00000000 ___RD C:\Users\Scott\Documents\Outlook Files

==================== Files in the root of some directories =======

2013-02-21 10:00 - 2014-01-01 10:52 - 0007605 _____ () C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
2013-07-24 10:10 - 2013-07-24 10:48 - 0000710 _____ () C:\ProgramData\hpzinstall.log
2016-01-07 13:05 - 2016-01-07 13:05 - 0001443 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\5A5F.tmp.exe
C:\Users\Scott\AppData\Local\Temp\amisetup1931__15940.exe
C:\Users\Scott\AppData\Local\Temp\amzngtb.exe
C:\Users\Scott\AppData\Local\Temp\fsd24CF.exe
C:\Users\Scott\AppData\Local\Temp\InstallHelper.exe
C:\Users\Scott\AppData\Local\Temp\netstream.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 17:39

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Scott (2016-01-07 16:08:05)
Running from Y:\Scotty\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-21 14:46:43)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-667926241-938725764-3588881007-500 - Administrator - Disabled)
Guest (S-1-5-21-667926241-938725764-3588881007-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-667926241-938725764-3588881007-1002 - Limited - Enabled)
Scott (S-1-5-21-667926241-938725764-3588881007-1000 - Administrator - Enabled) => C:\Users\Scott

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Acronis True Image Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced ScreenSnapshotTool 1.1.0.11130 (HKLM\...\{61FFE1F9-137D-4c31-A181-3415FCAA5946}) (Version: 1.1.0.11130 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION
AllPCOptimizer (HKLM-x32\...\{20A647C6-0C59-42A7-B3B4-1E95674496BB}) (Version: 2.00.0000 - All PC Optimizer)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ATI AVIVO64 Codecs (Version: 11.6.0.10104 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATTENTION
BufferChm (x32 Version: 130.0.327.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2011.0104.2155.39304 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DeskBar (HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\{DE6791BD-7EAC-4822-B923-B8D6393C6110}_is1) (Version: 2.7.1.1750 - Goobzo LTD)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0000 - SEIKO EPSON Corp.)
EPSON WorkForce GT-1500 Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdateEPSON WorkForce GT-1500_is1) (Version: 3.0.2.0 - Epson America Inc.)
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION
GamesDesktop 025.005010200 (HKLM-x32\...\gmsd_us_005010200_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G3010 (HKLM\...\{3B3FA519-42F3-4534-B867-960481329CFC}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
hpg3010 (x32 Version: 14.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
ISIS Driver - EPSON GT-1500 v1.0 (HKLM-x32\...\{D41864EF-CC5D-4CF4-B0B9-CA3152164157}) (Version: 1.0 - EMC Captiva)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Media Add-ons for Acronis True Image Home 2012 (HKLM-x32\...\{9A5509EE-5579-46C1-B566-5065545547F9}) (Version: 15.0.5060 - Acronis)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Navtech PBS (HKLM-x32\...\{BDFBF58B-19D7-479C-B324-D73FCE13F07E}) (Version: 15.1.21 - Navtech Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Mechanic (HKLM-x32\...\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1) (Version: 1.0.15.0 - Uniblue Systems Limited)
PC Optimizer (HKLM-x32\...\{D2CB3C4E-701F-4277-B7B1-1708AE9364BF}) (Version: 1.0.0 - PC Optimizer)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pluto TV version 0.1.5 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.5 - Pluto TV)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{DEA18FF6-D84A-4242-9663-692E5BA56805}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Search Too Know (HKLM-x32\...\Search Too Know) (Version: 2.0.5850.19374 - Search Too Know) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.0.0.1 - ) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.369.000 - Hewlett-Packard) Hidden
SpaceSoundPro (HKLM\...\SpaceSoundPro) (Version: 1.0 - ) <==== ATTENTION
SpaceSoundPro Service (HKLM-x32\...\zz.11772.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
SwiftSearch 1.10.0.25 (HKLM-x32\...\SwiftSearch_1.10.0.25) (Version: 1.10.0.25 - SwiftSearch) <==== ATTENTION
TheBrowser (HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\TheBrowser) (Version: 44.4.9.7 - TheBrowser)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TV Time (HKLM-x32\...\TVTime) (Version: 2.7.79 - Ratio Applications)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (x32 Version: 130.0.128.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Samsung Re-Drive (HKLM-x32\...\{500BDCEA-4EFA-4DC3-9768-74C1A2C3E48B}_is1) (Version: 1.6.0 - Samsung Electronics)
Zune (HKLM\...\Zune) (Version: 04.07.1404.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F90E68-DA1C-4F6C-B841-F8C69B801FAA} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe [2015-12-16] ()
Task: {0E87A7A2-43C0-4286-8328-8D4BE78408B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {10AB3684-CFE2-4409-A56C-28866FAA4C7E} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {1B81F6F7-D661-4C10-99D7-CBE22D8CAB1C} - System32\Tasks\amiupdaterExi => C:\Users\Scott\AppData\Local\Temp\amiupdater1359.exe <==== ATTENTION
Task: {265116BC-ACF3-45BC-B4AF-47CD03882CE6} - System32\Tasks\AmiUpdXp => C:\Users\Scott\AppData\Local\3473\Updater.exe [2016-01-07] () <==== ATTENTION
Task: {274B70FF-1773-47A5-91B0-7D422A882FB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2D4E93B2-2EDD-4B1E-818D-1BD4C3A1FA3D} - System32\Tasks\AKAJBNYC1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2016-01-06] (FlashBeat) <==== ATTENTION
Task: {43DDC59A-A7C0-453C-A8AB-67428EE055C6} - System32\Tasks\IKRNRNFTJUKUGYYE => C:\ProgramData\Service1291\Service1291.exe [2016-01-07] () <==== ATTENTION
Task: {50E1D155-5DD3-4E47-9029-5A8A80E1762D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {52246412-D952-4727-9F88-7D621A958CFD} - System32\Tasks\amiupdaterExd => C:\Users\Scott\AppData\Local\Temp\task.vbs <==== ATTENTION
Task: {59713759-E2A7-4E46-AF24-6E2D53B3AE74} - System32\Tasks\Eotnuaivg => C:\ProgramData\Eotnuaivg\1.0.7.1\ejletode.exe [2016-01-07] ()
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {7A88CC93-A7A4-4AB8-96F2-49C4BE6BFC89} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {927C15B7-1E5C-44DC-AC06-6EF662B1CB48} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-10-11] ()
Task: {A993F337-A89A-4059-90E1-449F3125E2E6} - System32\Tasks\IBUpd => C:\Users\Scott\AppData\Local\TheBrowser\Application\updater.exe [2015-12-02] ()
Task: {ADC6F1F9-C81A-4094-A4DC-9B4A1D0A5177} - System32\Tasks\PC-Mechanic Startup => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-11-30] (Uniblue Systems Limited)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0E79F92-5B4C-47E1-8E7A-A934E27190D0} - System32\Tasks\PC-Mechanic Maintenance => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-11-30] (Uniblue Systems Limited)
Task: {ED4EEF2F-B12F-4C31-80D9-DB29FB1DA5F3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {EE2FA1A6-3E7D-4BCF-A25D-FB1E26B2AA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F3216CD2-D2CC-4388-904C-AD72E7841DDD} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AKAJBNYC1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Scott\AppData\Local\3473\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IKRNRNFTJUKUGYYE.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC-Mechanic Maintenance.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\Windows\Tasks\PC-Mechanic Startup.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (4).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-07 13:02 - 00000178 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-667926241-938725764-3588881007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{55E767A9-7FA3-4B78-9740-D257157AC924}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C24AA2E3-EA76-4723-A0DD-3CE30DC901DF}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{B4F6F053-59D7-4FFC-8E54-BF88FA5894F6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0BBAE6D1-AF66-47BF-BCFF-0AD4AA04B18E}] => (Allow) LPort=2869
FirewallRules: [{44CCB118-A37D-4D9A-9560-BB5EBB15C424}] => (Allow) LPort=1900
FirewallRules: [{04988C14-16B6-458B-9E7E-7DF9B0F1E346}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C2B48621-1BD6-4D85-8E03-089ED3E55494}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{3A957D5A-9B38-45E2-9C4C-C5D6A4550339}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{015127B5-61CE-40F8-9524-3986A3C1C1A6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{11F82E51-66F3-47AB-9919-D577DD481B1C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4BFAD3C1-9E3E-4A50-AD2F-B48C7038AAD3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{43274E2C-3150-4295-878A-8A9775D04DE1}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{94C9AFE6-89DF-4116-A5B3-BDB5AF153222}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DC780B5B-46CE-4E83-AEE2-DA591A785EFA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{17C78897-9F52-4A8B-A0A8-480F8831FB41}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CE9382B9-A4F6-415F-B77B-1851E94E5A93}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{ACCBC4D3-BC41-4947-BB30-CB8745101DDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{ADD1316B-A8BD-4517-B663-F7ABB64975EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5EA29DDE-84B1-48B9-A1ED-75A87DB943A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{15546992-EDC7-4734-9B61-BE7CE67AA312}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{9F56BB72-9F83-4D55-90C1-07942DA52FED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{83FAAF5A-DDD1-49D0-97EA-F8846FDC4706}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{E2A7ACEA-1ED0-4D85-A32C-CC4C976881B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{9679C4C8-EF5D-4AB2-9500-453CC30123FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D30A296A-F68C-4D17-A1CF-DC603165A4E2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{61D2CE6D-7780-4875-8689-DB771C1076AE}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{441A2721-3375-457C-BE4B-512981AC7AB7}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{52ECCBE9-4E2F-461D-ABD0-CE1DC8427D90}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{E005147C-6001-4494-A639-97A0ED898593}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
FirewallRules: [{098F0A78-C6AE-479B-8779-188CC68B5445}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE71F19B-D9A7-4A8D-8EB3-7C1DAF150093}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9FFE697F-A8E5-44DA-BAA4-054A1EE06DC3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{401D7B74-444D-4786-BB38-E4B0BF73B0D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{819F0791-D610-4C77-AD3F-1BFA8F18153B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4932DECD-414A-4F67-BCA0-320F27F6AD83}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{DC598A93-E5E1-4D33-A820-D68D7EE550D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{261C5C2A-652E-40E0-83ED-5D8AFC5E410C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF87607D-93F9-45FE-9AFC-1EABD98CCA1B}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{2DE0D8BB-761D-43D1-9C8D-7C79C15F72FD}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{A56E3F8E-852C-447B-88D9-F499A7937DC0}] => (Allow) C:\Users\Scott\AppData\Local\TheBrowser\Application\TheBrowser.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2016 04:05:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (1516) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Scott\AppData\Local\Microsoft\Windows\WebCache\V0108F25.log.

Error: (01/07/2016 02:16:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wiindows.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 129c

Start Time: 01d1497fe4e14ca7

Termination Time: 0

Application Path: C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe

Report Id:

Error: (01/07/2016 02:16:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wiindows.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2020

Start Time: 01d1497fb96927d0

Termination Time: 0

Application Path: C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe

Report Id:

Error: (01/07/2016 02:15:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PlutoTV.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1914

Start Time: 01d1497fb2ba71df

Termination Time: 2

Application Path: C:\Program Files (x86)\Pluto TV\PlutoTV.exe

Report Id:

Error: (01/07/2016 02:14:49 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (6140) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (01/07/2016 02:11:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TheBrowser.exe, version: 44.4.9.7, time stamp: 0x56558593
Faulting module name: chrome.dll, version: 44.4.9.7, time stamp: 0x565580ed
Exception code: 0x80000003
Fault offset: 0x000a2500
Faulting process id: 0x224c
Faulting application start time: 0xTheBrowser.exe0
Faulting application path: TheBrowser.exe1
Faulting module path: TheBrowser.exe2
Report Id: TheBrowser.exe3

Error: (01/07/2016 01:51:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/07/2016 01:51:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/07/2016 01:13:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dm.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1474

Start Time: 01d14976c1a59030

Termination Time: 0

Application Path: C:\Users\Scott\AppData\Local\Temp\is-5AVTG.tmp\dm.tmp

Report Id:

Error: (01/07/2016 01:12:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program predm.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f48

Start Time: 01d14976bf2ec388

Termination Time: 0

Application Path: C:\Users\Scott\AppData\Local\Temp\is-T6TQN.tmp\predm.tmp

Report Id:


System errors:
=============
Error: (01/07/2016 04:07:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (01/07/2016 04:07:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/07/2016 04:06:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/07/2016 04:06:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
  Date: 2016-01-07 13:27:35.684
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.668
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.668
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.637
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.637
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.622
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.341
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.325
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.325
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.294
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 12%
Total physical RAM: 6126.46 MB
Available physical RAM: 5365.5 MB
Total Virtual: 6124.66 MB
Available Virtual: 5399.93 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:105.99 GB) (Free:44.88 GB) NTFS
Drive i: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive j: (Cruzer) (Removable) (Total:7.47 GB) (Free:4.83 GB) FAT32
Drive w: (Audio/Video) (Fixed) (Total:1299.61 GB) (Free:1224.55 GB) NTFS
Drive y: (Misc Files) (Fixed) (Total:97.66 GB) (Free:75.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B70CC00B)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=1299.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 69870F89)
Partition 1: (Not Active) - (Size=1024 KB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Thnx in advance.


Edited by scewter, 07 January 2016 - 03:21 PM.

  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello Scewter and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem. :)

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.


    OK. Let's see if we can get a set of FRST logs to look at.
  • On a clean PC Please download Farbar Recovery Scan Tool and save it to a flash drive.
    Note: You need to run the version compatible with your infected system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • If you can, boot normally and plug the flash drive into the infected PC.
  • Browse to your flash drive and locate the file FRST.exe or FRST64.exe depending on which version for your system.
  • Right click on the file and select Run as Administrator
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (this will be your flash drive).
  • Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
  • The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
  • Please also paste that along with the FRST.txt into your reply.
    Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.


    If you cannot boot normally Here are some instructions to help you access the Recovery Environment to run a scan.

    There are two options shown below. For the first, you will only need a flash drive or some such, for the second, you will need both a flash drive and a Windows Installation Disk..

    If you are unable to access the Recovery Environment through the first option and have a Windows Installation disc for that machine then option two will be a good one to try.

    Now

    Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
    It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#3
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Scewter

I see you have managed to get the FRST logs. :thumbsup: so ignore post#2.

I'll need a bit of time to analyse the logs and will post back with some more instructions. :)
  • 0

#4
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Hi Bruce 1270, and thnx for very quick reply.

 

After posting the initial message, I went back and edited it to include the logs as requested. This was done probably about the time you were reading my first message and before you replied to it. Apologize for skipping that step initially, but you will now find them in my first post.

 

thnx


  • 0

#5
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

OK. Take your time.


  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Scewter

Quite a bit of bad boys there but we'll get rid of them. :)


Step1 - Remove unwanted programs

Please uninstall the following unwanted programs:

Advanced ScreenSnapshotTool 1.1.0.11130
AllPCOptimizer
Body Text Feathering
FlashBeat
GamesDesktop 025.005010200
PC Mechanic
PC Optimizer
Pluto TV version 0.1.5
Search Too Know
Setup
Software Version Updater
SpaceSoundPro
SpaceSoundPro Service
SwiftSearch 1.10.0.25
TheBrowser
TV Time



Note: If any of the programs are not listed or you have any problems uninstalling, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. Advanced ScreenSnapshotTool 1.1.0.11130
Click uninstall.
Repeat the above steps for all the other programs to remove.


Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   21.25KB   311 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step3 - run adwCleaner

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options - tick

    Reset proxy settings
    Reset winsock settings
    Reset Internet Explorer policies
    Reset Chrome policies
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Things for your next post:
  • fixlog.txt
  • adwCleaner[C*].txt
  • How is the computer performing now?

  • 0

#7
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

OK - got it. Excellent instructions. Very clear and easy to follow.

 

Question first - can this be done in the Safe Mode?

 

Thnx


  • 0

#8
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Yes that's fine if your having problems in normal mode.
  • 0

#9
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

OK. Will complete those steps in Safe Mode.

 

Normal mode does not allow me to do much. Those programs take over and prevent me from doing anything other than clicking on them to agree to install/run those malware programs. Basically unusable.

 

Will post the results shortly.


  • 0

#10
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

OK, here are the results;

 

Most of the programs were able to be deleted. Three of them wouldn't allow removal. Additionally I found two more on the Program List that were installed on that date. Those were removed as well. If more detail on this action is important I can provide the info.

 

Here's the fixlog.txt after running the FRST fix:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Scott (2016-01-08 13:27:26) Run:1
Running from Y:\Scotty\Desktop
Loaded Profiles: Scott (Available Profiles: Scott & Guest)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM-x32\...\Run: [ospd_us_014010200] => [X]
HKLM-x32\...\Run: [gmsd_us_005010200] => C:\Program Files (x86)\gmsd_us_005010200\gmsd_us_005010200.exe [3972784 2016-01-07] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.11772\ioproduct_service.bat [164 2016-01-07] ()
HKLM-x32\...\RunOnce: [upgmsd_us_005010200.exe] =>
C:\Users\Scott\AppData\Local\gmsd_us_005010200\upgmsd_us_005010200.exe [3262640 2016-01-07] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381952 2015-10-11] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [DeskBar] => C:\Users\Scott\AppData\Local\DeskBar\dblaunch.exe [243200 2015-10-29] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: {91b984ca-2f84-11e4-b2ba-180373b1ac40} - I:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\ProgramData\FlashBeat\THIHPQ64.dll => C:\ProgramData\FlashBeat\THIHPQ64.dll [1096704 2016-01-06] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\THIHPQ32.dll => C:\ProgramData\FlashBeat\THIHPQ32.dll [855552 2016-01-06] (FlashBeat)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk [2016-01-07]
ShortcutTarget: AllPCoptimizer.exe.lnk -> C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk [2016-01-07]
ShortcutTarget: PlutoTV.lnk -> C:\Program Files (x86)\Pluto TV\PlutoTV.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SearchTooKnowDesktopSearch.lnk [2016-01-07]
ShortcutTarget: SearchTooKnowDesktopSearch.lnk -> C:\ProgramData\Search Too Know\SearchTooKnowDesktopSearch.exe ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggacwoIUlsVEhgSeA0BTA0VGQ0OeQ9ZAxQXQg0QclsJA19BRQAFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlElTlpoLlZP
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggacwoIUlsVEhgSeA0BTA0VGQ0OeQ9ZAxQXQg0QclsJA19BRQAFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlElTlpoLlZP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> {4E6D4C86-0930-4323-98A4-1F372305E93C} URL = hxxp://www-mysearch.com/s.ashx?prd=opensearch&q={searchTerms}&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> {B9FC1626-B751-4C59-9FB3-99C00CF86539} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggacwoIUlsVEhgSeA0BTA0VGQ0OeQ9ZAxQXQg0QclsJA19BRQAFIk0FA18DB0VXfV9eFElXTwhwJVhKAlElTlpoLlZP
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAwQcwkLA11CDAQbdAAVVV1JGRgadlhaTF8SGQYRIghaBwkVFBNBNARaB0tXUUEeJl9NER8fHGZGIUtbCW0eTn5NL04=
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTR0cFME0FB18EURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\user.js [2016-01-07]
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\searchplugins\search-simple.xml [2016-01-07]
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\searchplugins\smod.xml [2016-01-07]
FF Extension: Search Too Know - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\Extensions\{926a21b7-3759-4709-b3b4-19e3d3e49b40}.xpi [2016-01-07] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-08] <==== ATTENTION
S2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-07] () [File not signed]
S2 dTqFXWThya; C:\ProgramData\JwDgdEtp\dTqFXWThya.exe [3002336 2016-01-07] (Ratio Applications)
S2 Service Mgr SearchTooKnow; C:\ProgramData\457082ba-095e-4f86-8a98-c078f3146538\plugincontainer.exe [783584 2016-01-07] () <==== ATTENTION
S2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-10-11] () [File not signed]
S2 swsesrvc_1.10.0.25; C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe [301648 2015-09-22] (SS)
S2 TheScreenSnapshotService; C:\Program Files (x86)\ScreenSnapshotTool\1.1.0.11130\ScreenShotServ.exe [153248 2015-12-07] ()
S2 Update Mgr SearchTooKnow; C:\Program Files (x86)\Common Files\457082ba-095e-4f86-8a98-c078f3146538\updater.exe [646368 2016-01-07] () <==== ATTENTION
S2 wucotusy; C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\hnskBC18.tmp [416256 2016-01-07] () [File not signed]
S2 zigipyro; C:\Users\Scott\AppData\Local\4C4C4544-1452174645-3310-8048-B7C04F305231\qnshB57B.tmp [158720 2015-12-26] () [File not signed]
S2 zutuzuni; C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\jnskA710.tmp [307712 2016-01-07] () [File not signed]
S2 lufolegozbt; C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\knsz91C5.tmpfs [X]
S1 swsedrvr_vt_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys [61304 2015-09-22] (SS)
2016-01-07 14:23 - 2016-01-07 14:23 - 00000000 ____D C:\Users\Scott\AppData\Local\ElevatedDiagnostics
2016-01-07 14:12 - 2016-01-07 14:12 - 00000000 ____D C:\Users\Scott\AppData\Local\TVTime
2016-01-07 14:10 - 2016-01-07 14:15 - 00000362 _____ C:\Windows\Tasks\AmiUpdXp.job
2016-01-07 14:10 - 2016-01-07 14:10 - 00003400 _____ C:\Windows\System32\Tasks\AmiUpdXp
2016-01-07 14:10 - 2016-01-07 14:10 - 00000000 ____D C:\Users\Scott\AppData\Local\3473
2016-01-07 13:57 - 2016-01-07 14:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ScreenSnapshotTool
2016-01-07 13:57 - 2016-01-07 13:57 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-01-07 13:57 - 2016-01-07 13:57 - 00000000 ____D C:\Program Files (x86)\ScreenSnapshotTool
2016-01-07 13:56 - 2016-01-07 14:15 - 00000292 _____ C:\Windows\Tasks\PC-Mechanic Startup.job
2016-01-07 13:56 - 2016-01-07 14:15 - 00000000 ____D C:\Users\Scott\AppData\Local\PlutoTV
2016-01-07 13:56 - 2016-01-07 14:14 - 00000278 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job
2016-01-07 13:56 - 2016-01-07 13:56 - 00003216 _____ C:\Windows\System32\Tasks\PC-Mechanic Maintenance
2016-01-07 13:56 - 2016-01-07 13:56 - 00002584 _____ C:\Windows\System32\Tasks\PC-Mechanic Startup
2016-01-07 13:56 - 2016-01-07 13:56 - 00001172 _____ C:\Users\Public\Desktop\PC Mechanic.lnk
2016-01-07 13:56 - 2016-01-07 13:56 - 00001093 _____ C:\Users\Public\Desktop\PlutoTV.lnk
2016-01-07 13:56 - 2016-01-07 13:56 - 00000013 _____ C:\Users\Scott\.pluto.tv
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Uniblue
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pluto TV
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\Program Files (x86)\Uniblue
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2016-01-07 13:55 - 2016-01-07 14:14 - 00000000 ____D C:\Program Files (x86)\Search Too Know
2016-01-07 13:55 - 2016-01-07 13:56 - 00000000 ____D C:\ProgramData\457082ba-095e-4f86-8a98-c078f3146538
2016-01-07 13:55 - 2016-01-07 13:55 - 00000000 ____D C:\Users\Scott\AppData\Roaming\OpenCandy
2016-01-07 13:55 - 2016-01-07 13:55 - 00000000 ____D C:\ProgramData\Search Too Know
2016-01-07 13:55 - 2016-01-07 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search Too Know
2016-01-07 13:54 - 2016-01-07 13:54 - 00003428 _____ C:\Windows\System32\Tasks\Eotnuaivg
2016-01-07 13:54 - 2016-01-07 13:54 - 00000000 ____D C:\ProgramData\Eotnuaivg
2016-01-07 13:52 - 2016-01-07 14:17 - 00000000 ____D C:\Users\Scott\AppData\Local\gmsd_us_005010200
2016-01-07 13:52 - 2016-01-07 13:52 - 00003442 _____ C:\Windows\System32\Tasks\IBUpd
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBrowser
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\Users\Scott\AppData\Local\TheBrowser
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010200
2016-01-07 13:51 - 2016-01-07 13:51 - 00001077 _____ C:\Users\Public\Desktop\KNCTR.lnk
2016-01-07 13:51 - 2016-01-07 13:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Itibiti
2016-01-07 13:51 - 2016-01-07 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2016-01-07 13:51 - 2016-01-07 13:51 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-01-07 13:50 - 2016-01-07 14:17 - 00003734 _____ C:\Windows\System32\Tasks\SecurityApps2
2016-01-07 13:50 - 2016-01-07 13:50 - 00000000 ____D C:\Users\Scott\AppData\Local\SecurityApps
2016-01-07 13:50 - 2016-01-07 13:50 - 00000000 ____D C:\Users\Scott\AppData\Local\4C4C4544-1452174645-3310-8048-B7C04F305231
2016-01-07 13:50 - 2016-01-07 13:50 - 00000000 ____D C:\Program Files (x86)\PC Optimizer
2016-01-07 13:49 - 2016-01-07 14:11 - 00000000 ____D C:\ProgramData\JwDgdEtp
2016-01-07 13:49 - 2016-01-07 13:51 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.11772
2016-01-07 13:49 - 2016-01-07 13:50 - 00000000 ____D C:\ProgramData\DataFile
2016-01-07 13:49 - 2016-01-07 13:49 - 00002615 _____ C:\Users\Public\Desktop\AllPCOptimizer.exe.lnk
2016-01-07 13:49 - 2016-01-07 13:49 - 00000008 _____ C:\END
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\ProgramData\TVTime
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All PC Optimizer
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Program Files (x86)\AllPCOptimizer
2016-01-07 13:48 - 2016-01-07 14:14 - 00000342 ____H C:\Windows\Tasks\IKRNRNFTJUKUGYYE.job
2016-01-07 13:48 - 2016-01-07 14:14 - 00000330 _____ C:\Windows\Tasks\AKAJBNYC1.job
2016-01-07 13:48 - 2016-01-07 13:52 - 00000000 ____D C:\Users\Scott\AppData\Local\DeskBar
2016-01-07 13:48 - 2016-01-07 13:48 - 00004220 _____ C:\Windows\System32\Tasks\amiupdaterExi
2016-01-07 13:48 - 2016-01-07 13:48 - 00004182 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2016-01-07 13:48 - 2016-01-07 13:48 - 00004176 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2016-01-07 13:48 - 2016-01-07 13:48 - 00003402 _____ C:\Windows\System32\Tasks\amiupdaterExd
2016-01-07 13:48 - 2016-01-07 13:48 - 00003376 _____ C:\Windows\System32\Tasks\IKRNRNFTJUKUGYYE
2016-01-07 13:48 - 2016-01-07 13:48 - 00002852 _____ C:\Windows\System32\Tasks\AKAJBNYC1
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\ProgramData\Service1291
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\ProgramData\FlashBeat
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25
2016-01-07 13:06 - 2016-01-07 13:06 - 00000000 ____D C:\ProgramData\sushileads
2016-01-07 13:05 - 2016-01-07 13:05 - 00001443 _____ C:\ProgramData\tempimage.bmp
2016-01-07 13:04 - 2016-01-07 13:14 - 00000000 ____D C:\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231
2016-01-07 13:04 - 2016-01-07 13:02 - 00000178 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-07 13:03 - 2016-01-07 13:03 - 00001826 _____ C:\Users\Scott\Desktop\Note-Up.lnk
2016-01-07 13:03 - 2016-01-07 13:03 - 00001826 _____ C:\Users\Guest\Desktop\Note-Up.lnk
2016-01-07 13:03 - 2016-01-07 13:03 - 00000000 ___HD C:\Program Files\AmazingTab
2016-01-07 13:03 - 2016-01-07 13:03 - 00000000 ____D C:\Program Files\amztab
2016-01-07 13:03 - 2016-01-07 13:03 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231
2016-01-07 13:01 - 2016-01-07 13:06 - 00000000 ____D C:\Program Files (x86)\sushileads
2016-01-07 13:01 - 2016-01-07 13:01 - 00003512 _____ C:\Windows\System32\Tasks\SushiLeads
2015-12-17 16:08 - 2015-12-17 16:08 - 02560512 _____ (winpcoptimizerbetatwo) C:\Windows\Allpcoptimizer.exe
2015-12-17 16:08 - 2015-12-17 16:08 - 00155136 _____ C:\Windows\Allpcoptimizer.pdb
C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys
2015-12-10 18:22 - 2015-12-10 18:22 - 00188104 _____ C:\ods.exe
2015-12-08 13:52 - 2015-12-08 13:52 - 00000151 _____ C:\ods.exe.config
2016-01-07 13:05 - 2016-01-07 13:05 - 0001443 _____ () C:\ProgramData\tempimage.bmp
Task: {09F90E68-DA1C-4F6C-B841-F8C69B801FAA} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe [2015-12-16] ()
Task: {10AB3684-CFE2-4409-A56C-28866FAA4C7E} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {1B81F6F7-D661-4C10-99D7-CBE22D8CAB1C} - System32\Tasks\amiupdaterExi => C:\Users\Scott\AppData\Local\Temp\amiupdater1359.exe <==== ATTENTION
Task: {265116BC-ACF3-45BC-B4AF-47CD03882CE6} - System32\Tasks\AmiUpdXp => C:\Users\Scott\AppData\Local\3473\Updater.exe [2016-01-07] () <==== ATTENTION
Task: {2D4E93B2-2EDD-4B1E-818D-1BD4C3A1FA3D} - System32\Tasks\AKAJBNYC1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2016-01-06] (FlashBeat) <==== ATTENTION
Task: {43DDC59A-A7C0-453C-A8AB-67428EE055C6} - System32\Tasks\IKRNRNFTJUKUGYYE => C:\ProgramData\Service1291\Service1291.exe [2016-01-07] () <==== ATTENTION
Task: {52246412-D952-4727-9F88-7D621A958CFD} - System32\Tasks\amiupdaterExd => C:\Users\Scott\AppData\Local\Temp\task.vbs <==== ATTENTION
Task: {59713759-E2A7-4E46-AF24-6E2D53B3AE74} - System32\Tasks\Eotnuaivg => C:\ProgramData\Eotnuaivg\1.0.7.1\ejletode.exe [2016-01-07] ()
Task: {7A88CC93-A7A4-4AB8-96F2-49C4BE6BFC89} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {927C15B7-1E5C-44DC-AC06-6EF662B1CB48} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-10-11] ()
Task: {A993F337-A89A-4059-90E1-449F3125E2E6} - System32\Tasks\IBUpd => C:\Users\Scott\AppData\Local\TheBrowser\Application\updater.exe [2015-12-02] ()
Task: {ADC6F1F9-C81A-4094-A4DC-9B4A1D0A5177} - System32\Tasks\PC-Mechanic Startup => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-11-30] (Uniblue Systems Limited)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0E79F92-5B4C-47E1-8E7A-A934E27190D0} - System32\Tasks\PC-Mechanic Maintenance => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-11-30] (Uniblue Systems Limited)
Task: C:\Windows\Tasks\AKAJBNYC1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Scott\AppData\Local\3473\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\IKRNRNFTJUKUGYYE.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC-Mechanic Maintenance.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\Windows\Tasks\PC-Mechanic Startup.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (4).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
RemoveProxy:
EmptyTemp:







*****************

Error: Restore point can only be created in normal mode.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_014010200 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010200 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\IOPROTECT => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_us_005010200.exe => value not found.
"C:\Users\Scott\AppData\Local\gmsd_us_005010200\upgmsd_us_005010200.exe [3262640 2016-01-07] ()" => not found.
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SushiLeadsApplication => value removed successfully
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DeskBar => value not found.
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
"HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I" => key removed successfully
"HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91b984ca-2f84-11e4-b2ba-180373b1ac40}" => key removed successfully
HKCR\CLSID\{91b984ca-2f84-11e4-b2ba-180373b1ac40} => key not found.
"C:\ProgramData\FlashBeat\THIHPQ64.dll" => Value data not found.
"C:\ProgramData\FlashBeat\THIHPQ32.dll" => Value data not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk => moved successfully
C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk => not found.
C:\Program Files (x86)\Pluto TV\PlutoTV.exe => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SearchTooKnowDesktopSearch.lnk => not found.
C:\ProgramData\Search Too Know\SearchTooKnowDesktopSearch.exe => not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => key removed successfully
HKCR\Wow6432Node\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E6D4C86-0930-4323-98A4-1F372305E93C}" => key removed successfully
HKCR\CLSID\{4E6D4C86-0930-4323-98A4-1F372305E93C} => key not found.
"HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9FC1626-B751-4C59-9FB3-99C00CF86539}" => key removed successfully
HKCR\CLSID\{B9FC1626-B751-4C59-9FB3-99C00CF86539} => key not found.
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504 => FRST is scripted not to move this directory.
Firefox "homepage" removed successfully
Firefox "newtab" removed successfully
Firefox "Keyword.URL" removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\user.js => moved successfully
C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\searchplugins\search-simple.xml => moved successfully
C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\searchplugins\smod.xml => moved successfully
C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\Extensions\{926a21b7-3759-4709-b3b4-19e3d3e49b40}.xpi => moved successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
AmazingTab => service removed successfully
dTqFXWThya => service not found.
Service Mgr SearchTooKnow => service not found.
SushiLeadsUpdaterService => service removed successfully
swsesrvc_1.10.0.25 => service not found.
TheScreenSnapshotService => service not found.
Update Mgr SearchTooKnow => service not found.
wucotusy => service removed successfully
zigipyro => service not found.
zutuzuni => service removed successfully
lufolegozbt => service removed successfully
swsedrvr_vt_1_10_0_25 => service removed successfully
C:\Users\Scott\AppData\Local\ElevatedDiagnostics => moved successfully
"C:\Users\Scott\AppData\Local\TVTime" => not found.
"C:\Windows\Tasks\AmiUpdXp.job" => not found.
C:\Windows\System32\Tasks\AmiUpdXp => moved successfully
"C:\Users\Scott\AppData\Local\3473" => not found.
"C:\Users\Scott\AppData\Roaming\ScreenSnapshotTool" => not found.
C:\Users\Public\Documents\Guid => moved successfully
"C:\Program Files (x86)\ScreenSnapshotTool" => not found.
"C:\Windows\Tasks\PC-Mechanic Startup.job" => not found.
C:\Users\Scott\AppData\Local\PlutoTV => moved successfully
"C:\Windows\Tasks\PC-Mechanic Maintenance.job" => not found.
C:\Windows\System32\Tasks\PC-Mechanic Maintenance => moved successfully
C:\Windows\System32\Tasks\PC-Mechanic Startup => moved successfully
"C:\Users\Public\Desktop\PC Mechanic.lnk" => not found.
"C:\Users\Public\Desktop\PlutoTV.lnk" => not found.
C:\Users\Scott\.pluto.tv => moved successfully
"C:\Users\Scott\AppData\Roaming\Uniblue" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pluto TV" => not found.
"C:\Program Files (x86)\Uniblue" => not found.
C:\Program Files (x86)\Pluto TV => moved successfully
"C:\Program Files (x86)\Search Too Know" => not found.
"C:\ProgramData\457082ba-095e-4f86-8a98-c078f3146538" => not found.
C:\Users\Scott\AppData\Roaming\OpenCandy => moved successfully
"C:\ProgramData\Search Too Know" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search Too Know" => not found.
C:\Windows\System32\Tasks\Eotnuaivg => moved successfully
C:\ProgramData\Eotnuaivg => moved successfully
"C:\Users\Scott\AppData\Local\gmsd_us_005010200" => not found.
C:\Windows\System32\Tasks\IBUpd => moved successfully
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBrowser" => not found.
"C:\Users\Scott\AppData\Local\TheBrowser" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP" => not found.
"C:\Program Files (x86)\gmsd_us_005010200" => not found.
"C:\Users\Public\Desktop\KNCTR.lnk" => not found.
"C:\Users\Scott\AppData\Roaming\Itibiti" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR" => not found.
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.
C:\Windows\System32\Tasks\SecurityApps2 => moved successfully
C:\Users\Scott\AppData\Local\SecurityApps => moved successfully
"C:\Users\Scott\AppData\Local\4C4C4544-1452174645-3310-8048-B7C04F305231" => not found.
C:\Program Files (x86)\PC Optimizer => moved successfully
"C:\ProgramData\JwDgdEtp" => not found.
C:\Program Files (x86)\SpaceSondPro_v53.11772 => moved successfully
C:\ProgramData\DataFile => moved successfully
C:\Users\Public\Desktop\AllPCOptimizer.exe.lnk => moved successfully
C:\END => moved successfully
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0" => not found.
"C:\ProgramData\TVTime" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All PC Optimizer => moved successfully
"C:\Program Files\SpaceSoundPro" => not found.
C:\Program Files (x86)\SpaceSondPro => moved successfully
C:\Program Files (x86)\AllPCOptimizer => moved successfully
C:\Windows\Tasks\IKRNRNFTJUKUGYYE.job => moved successfully
"C:\Windows\Tasks\AKAJBNYC1.job" => not found.
"C:\Users\Scott\AppData\Local\DeskBar" => not found.
C:\Windows\System32\Tasks\amiupdaterExi => moved successfully
C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => moved successfully
C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => moved successfully
C:\Windows\System32\Tasks\amiupdaterExd => moved successfully
C:\Windows\System32\Tasks\IKRNRNFTJUKUGYYE => moved successfully
C:\Windows\System32\Tasks\AKAJBNYC1 => moved successfully
C:\ProgramData\Service1291 => moved successfully
"C:\ProgramData\FlashBeat" => not found.
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully
"C:\Program Files (x86)\SwiftSearch_1.10.0.25" => not found.
C:\ProgramData\sushileads => moved successfully
C:\ProgramData\tempimage.bmp => moved successfully
C:\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231 => moved successfully
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
C:\Users\Scott\Desktop\Note-Up.lnk => moved successfully
C:\Users\Guest\Desktop\Note-Up.lnk => moved successfully
C:\Program Files\AmazingTab => moved successfully
C:\Program Files\amztab => moved successfully
C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231 => moved successfully
C:\Program Files (x86)\sushileads => moved successfully
C:\Windows\System32\Tasks\SushiLeads => moved successfully
C:\Windows\Allpcoptimizer.exe => moved successfully
C:\Windows\Allpcoptimizer.pdb => moved successfully
"C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys" => not found.
C:\ods.exe => moved successfully
C:\ods.exe.config => moved successfully
"C:\ProgramData\tempimage.bmp" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09F90E68-DA1C-4F6C-B841-F8C69B801FAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F90E68-DA1C-4F6C-B841-F8C69B801FAA}" => key removed successfully
C:\Windows\System32\Tasks\SecurityApps2 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityApps2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10AB3684-CFE2-4409-A56C-28866FAA4C7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10AB3684-CFE2-4409-A56C-28866FAA4C7E}" => key removed successfully
C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B81F6F7-D661-4C10-99D7-CBE22D8CAB1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B81F6F7-D661-4C10-99D7-CBE22D8CAB1C}" => key removed successfully
C:\Windows\System32\Tasks\amiupdaterExi => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExi" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{265116BC-ACF3-45BC-B4AF-47CD03882CE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{265116BC-ACF3-45BC-B4AF-47CD03882CE6}" => key removed successfully
C:\Windows\System32\Tasks\AmiUpdXp => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D4E93B2-2EDD-4B1E-818D-1BD4C3A1FA3D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D4E93B2-2EDD-4B1E-818D-1BD4C3A1FA3D}" => key removed successfully
C:\Windows\System32\Tasks\AKAJBNYC1 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AKAJBNYC1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{43DDC59A-A7C0-453C-A8AB-67428EE055C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43DDC59A-A7C0-453C-A8AB-67428EE055C6}" => key removed successfully
C:\Windows\System32\Tasks\IKRNRNFTJUKUGYYE => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IKRNRNFTJUKUGYYE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52246412-D952-4727-9F88-7D621A958CFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52246412-D952-4727-9F88-7D621A958CFD}" => key removed successfully
C:\Windows\System32\Tasks\amiupdaterExd => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{59713759-E2A7-4E46-AF24-6E2D53B3AE74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59713759-E2A7-4E46-AF24-6E2D53B3AE74}" => key removed successfully
C:\Windows\System32\Tasks\Eotnuaivg => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Eotnuaivg" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A88CC93-A7A4-4AB8-96F2-49C4BE6BFC89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A88CC93-A7A4-4AB8-96F2-49C4BE6BFC89}" => key removed successfully
C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{927C15B7-1E5C-44DC-AC06-6EF662B1CB48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{927C15B7-1E5C-44DC-AC06-6EF662B1CB48}" => key removed successfully
C:\Windows\System32\Tasks\SushiLeads => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A993F337-A89A-4059-90E1-449F3125E2E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A993F337-A89A-4059-90E1-449F3125E2E6}" => key removed successfully
C:\Windows\System32\Tasks\IBUpd => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADC6F1F9-C81A-4094-A4DC-9B4A1D0A5177}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADC6F1F9-C81A-4094-A4DC-9B4A1D0A5177}" => key removed successfully
C:\Windows\System32\Tasks\PC-Mechanic Startup => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC-Mechanic Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0E79F92-5B4C-47E1-8E7A-A934E27190D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0E79F92-5B4C-47E1-8E7A-A934E27190D0}" => key removed successfully
C:\Windows\System32\Tasks\PC-Mechanic Maintenance => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC-Mechanic Maintenance" => key removed successfully
C:\Windows\Tasks\AKAJBNYC1.job => not found.
C:\Windows\Tasks\AmiUpdXp.job => not found.
C:\Windows\Tasks\IKRNRNFTJUKUGYYE.job => not found.
C:\Windows\Tasks\PC-Mechanic Maintenance.job => not found.
C:\Windows\Tasks\PC-Mechanic Startup.job => not found.
C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk => Shortcut argument removed successfully.
C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk => Shortcut argument removed successfully.
C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (4).lnk => Shortcut argument removed successfully.
C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.



========= End of CMD: =========


=========  netsh advfirewall reset =========


An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========


An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

There's no user specified settings to be reset.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration


========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration


========= End of CMD: =========


=========  netsh int ipv4 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 458.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:27:33 ====

 

I ran the adwcleaner as instructed. Performed all the steps. Unfortunately at the end it said to click finish and the computer would restart and then provide the logfile. I did this but started it in the safe mode. No logfile appeared. Did not find one saved on the desktop (same location as the program file), restarted the program but no logfile existed so unfortunately I can provide no specifics on what it had found. I'm guessing if I let it start in the normal mode it might have provided the logfile as it said it would? I can say this - it discovered a whole lot of registry items. Didn't count them but estimate the number to exceed 40.

 

Sorry about not having that logfile.

 

Have not run the computer in the normal mode yet, so really can't say how it's running.


  • 0

Advertisements


#11
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Scewter

Good stuff. Well done. :thumbsup:

Please try booting your sytem normally to see how things are running. The majority of the adware should hopefully be gone.

AdwCleaner log

The logs produced by adwCleaner are located in %systemdrive%\AdwCleaner which is usually the C drive. Browse to this folder and locate the file adwCleaner[C*].txt
Please copy and paste this in your next reply.
  • 0

#12
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Found it.

 

# AdwCleaner v5.028 - Logfile created 08/01/2016 at 13:43:24
# Updated 04/01/2016 by Xplode
# Database : 2015-12-30.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Scott - SCOTT-PC
# Running from : Y:\Scotty\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Scott\AppData\Local\Installer\Install_18778
[-] Folder Deleted : C:\Users\Scott\AppData\Local\Installer\Install_20103
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ScreenSnapshotTool

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\amztab.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
[-] Key Deleted : HKCU\Software\Microsoft\KanarCore
[-] Key Deleted : HKCU\Software\NpApp
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
[-] Key Deleted : HKLM\SOFTWARE\AmazingTab
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : [x64] HKLM\SOFTWARE\SpaceSoundPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\AmazingTab
[-] Key Deleted : HKU\.DEFAULT\Software\IM
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\SweetIM
[-] Key Deleted : HKU\.DEFAULT\Software\WNLT

***** [ Web browsers ] *****


*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2917 bytes] ##########
 

Seems to be running clean, but haven't spent much time on it yet. Will let it run for awhile. Processes count total are down to what they were prior to the problem starting, so that's a very good sign as well.

 

Waiting on further instructions from you.


  • 0

#13
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Scewter

OK, Here are the next steps for you. :)

Please complete these steps in normal mode.

Step1 - Run Malwarebytes

Your Malwarebytes version is out of date. Please download the latest version.


Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbamfree.png
  • The scan may take some time to finish,so please be patient.
    threatscan.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.



    Step2 - ESET on line scan


    Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Step3 - Fresh FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.

    Things for your next post:
  • MBAM log
  • ESET log
  • FRST.txt and Addition.txt
  • What issues,if any,still remain with your computer?

  • 0

#14
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Here are the results as requested - note when downloading/updating MBAM it automatically installed the Premium version as I had purchased this a few years back:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/9/2016
Scan Time: 9:33 AM
Logfile: MBAM_Scan Log_1.09.2016.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.09.02
Rootkit Database: v2016.01.05.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Scott

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415553
Time Elapsed: 7 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 24
PUP.Optional.SweetPacks, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}, Quarantined, [b0e62b0cf8a1be783a636e05dc26a25e],
PUP.Optional.SweetPacks, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}, Quarantined, [b0e62b0cf8a1be783a636e05dc26a25e],
PUP.Optional.SweetPacks, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35B-6118-11DC-9C72-001320C79847}, Quarantined, [a2f4f542e0b971c58f164231e220b24e],
PUP.Optional.SweetPacks, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35B-6118-11DC-9C72-001320C79847}, Quarantined, [a2f4f542e0b971c58f164231e220b24e],
PUP.Optional.SweetPacks, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [97ff2f089108a88eced83d11cc36768a],
PUP.Optional.SweetPacks, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [97ff2f089108a88eced83d11cc36768a],
PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\Allpcoptimizer_RASAPI32, Quarantined, [8e083502dbbe14220a44ea3658aca15f],
PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\Allpcoptimizer_RASMANCS, Quarantined, [62344ee98e0b2c0a9ab47ca4f1132cd4],
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\TRACING\amztab_RASAPI32, Quarantined, [6e2860d7aeeb4de9f51b70ac6a9a8d73],
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\TRACING\amztab_RASMANCS, Quarantined, [fc9a989fbadf7abcd53bb864e71db848],
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASAPI32, Quarantined, [65313afd7e1b42f4acf3f8ee90731ee2],
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASMANCS, Quarantined, [98fe191efe9b55e19e015d89887b966a],
PUP.Optional.SwiftSearch, HKLM\SOFTWARE\WOW6432NODE\SwiftSearch_1.10.0.25, Quarantined, [296dae8978211f17a4f67b5a53b038c8],
PUP.Optional.AmazingTab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\edfhabmbbhdcdpnoilchepfojmdeannd, Quarantined, [7026ff38edac0c2aab0c0d0a2ed6d62a],
PUP.Optional.SushiLeads, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SushiLeadsApplication_RASAPI32, Quarantined, [395dfa3d7b1ebb7b51ed666f34cf48b8],
PUP.Optional.SushiLeads, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SushiLeadsApplication_RASMANCS, Quarantined, [366057e04059043260de74619271619f],
PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASAPI32, Quarantined, [8511ad8a7128c76f0513a6418083c040],
PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASMANCS, Quarantined, [1680e354d7c26bcb31e718cfb350867a],
PUP.Optional.SushiLeads, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SushiLeadsUpdaterService, Quarantined, [e3b31b1c564339fd8cb61abba65d936d],
PUP.Optional.Vitruvian, HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\INSTALLPATH\STATUS, Quarantined, [4551c6714950c27473f5db4838cc11ef],
PUP.Optional.TheBrowser, HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\B13FD70F_0, Quarantined, [d3c311263d5c73c37bb94083cc36ca36],
PUP.Optional.PCMechanic, HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\CE87C7BE_0, Quarantined, [019586b1a1f8e2547eb64ed4cc38f10f],
PUP.Optional.SweetIM, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\SweetIM, Quarantined, [0195c275475265d1520631a439caff01],
PUP.Optional.InstallBrain, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\WNLT, Quarantined, [791d7cbb7128d066a52afbbe0bf8956b],

Registry Values: 10
PUP.Optional.SweetPacks, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EEE6C35B-6118-11DC-9C72-001320C79847}, ????????, Quarantined, [a2f4f542e0b971c58f164231e220b24e]
PUP.Optional.SweetPacks, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{EEE6C35B-6118-11DC-9C72-001320C79847}, Quarantined, [4a4c86b1f8a1f83e30757cf7fe043fc1],
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [4650d95eb2e7f046d1eef4f3fd06d828]
PUP.Optional.TheBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{A56E3F8E-852C-447B-88D9-F499A7937DC0}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Scott\AppData\Local\TheBrowser\Application\TheBrowser.exe|Name=TheBrowser (mDNS-In)|Desc=Inbound rule for TheBrowser to allow mDNS traffic.|EmbedCtxt=TheBrowser|, Quarantined, [deb8142369300d291ece1c0145bfac54]
PUP.Optional.Vitruvian, HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\INSTALLPATH\STATUS|SwiftSearch, I, Quarantined, [4551c6714950c27473f5db4838cc11ef]
PUP.Optional.TheBrowser, HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\b13fd70f_0, {0.0.0.00000000}.{5c263fe5-f7e1-43c6-897e-c8d7b8714fc6}|\Device\HarddiskVolume5\Users\Scott\AppData\Local\TheBrowser\Application\TheBrowser.exe%b{00000000-0000-0000-0000-000000000000}, Quarantined, [d3c311263d5c73c37bb94083cc36ca36]
PUP.Optional.PCMechanic, HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\ce87c7be_0, {0.0.0.00000000}.{5c263fe5-f7e1-43c6-897e-c8d7b8714fc6}|\Device\HarddiskVolume5\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe%b{00000000-0000-0000-0000-000000000000}, Quarantined, [019586b1a1f8e2547eb64ed4cc38f10f]
PUP.Optional.DeskBar, HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DeskBar.exe, 8888, Quarantined, [eda92e09f2a7e55114a2968a778d9070]
PUP.Optional.Yontoo, HKU\S-1-5-21-667926241-938725764-3588881007-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [712555e2118849edc336a73f3fc43ec2]
PUP.Optional.InstallBrain, HKU\S-1-5-21-667926241-938725764-3588881007-501\SOFTWARE\WNLT|URL, SWEETPACKS_SEARCH, Quarantined, [791d7cbb7128d066a52afbbe0bf8956b]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.FakeIELaunch, C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, Quarantined, [eaacad8a4257f0463410be29ac57f40c],
PUP.Optional.Yontoo, C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\searchplugins\yahoo.xml, Quarantined, [95016ec95b3eaa8c526914bfbc48e51b],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=e1c870ca6b012944bc95537006660819
# end=init
# utc_time=2016-01-09 03:21:26
# local_time=2016-01-09 10:21:26 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27566
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=e1c870ca6b012944bc95537006660819
# end=updated
# utc_time=2016-01-09 03:26:43
# local_time=2016-01-09 10:26:43 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e1c870ca6b012944bc95537006660819
# engine=27566
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-09 03:59:46
# local_time=2016-01-09 10:59:46 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 19856370 179735234 0 0
# scanned=233062
# found=36
# cleaned=0
# scan_time=1983
sh=838B19A3278D004AF7860301BA97C160AA1D5438 ft=1 fh=8754296661d019b8 vn="a variant of MSIL/StartPage.BI trojan" ac=I fn="C:\FRST\Quarantine\C\ods.exe.xBAD"
sh=F1A26B01A38AA6F51DDE3042D133BA37A81E61BC ft=1 fh=341136e4638f4975 vn="a variant of MSIL/Amonetize.AB potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\amztab\packages\28ae07cb-5577-494f-84e4-5ad1e9a86959\zetip.exe"
sh=D94D4F8428CD86BEC8EB53DD05479A3BF27C5FCD ft=1 fh=2e542fd8a4d27f27 vn="Win32/OpenCandy.F potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files\amztab\packages\28ae07cb-5577-494f-84e4-5ad1e9a86959\setup\7Zip_Update.9.38.exe"
sh=77BA66EF95920C7F8B9F7EFDE162BBA49E3540D6 ft=1 fh=fbb1597de28708a9 vn="Win32/OpenCandy.F potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files\amztab\packages\28ae07cb-5577-494f-84e4-5ad1e9a86959\setup\Skype_Update.7.12.0.101.exe"
sh=80D21E3051ED9C7C1C7987FF6E96ECA7FB663281 ft=1 fh=33299c2c28899a83 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files\amztab\packages\28ae07cb-5577-494f-84e4-5ad1e9a86959\temp\run.exe"
sh=F7526E1A1AFAECA390F9DC3A37683CC4F91AAEA7 ft=1 fh=c71c001157d1f5fa vn="a variant of Win32/Adware.ConvertAd.ACL application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\hnskBC18.tmp"
sh=352FEB9EB456A986FD500D129709ED0159852DED ft=1 fh=04c5ffd1c154d146 vn="a variant of Win32/Adware.ConvertAd.ABN application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\jnskA710.tmp"
sh=17DE132C3B3288156D65DF400E7989E9D8366DF4 ft=1 fh=11c5ad50f9ace8e5 vn="a variant of Win32/Adware.ConvertAd.AFM application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\knsz91C5.tmpfs"
sh=630CC933B81168B50BE5BD61AC95DBCC3BF39CBE ft=1 fh=a0711d408d362e56 vn="a variant of Win32/Adware.ConvertAd.AFN application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\rnseA5B4.exe"
sh=8989871A97A18EEE2E5E93F69F9B57E10607E93F ft=1 fh=14716d775202f63f vn="Win32/Adware.ConvertAd.AEY application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\Uninstall.exe"
sh=A225D2BCF05AAF89CCB6A0DA4CE5C2626C3A8057 ft=1 fh=c3065d3e8909dd37 vn="a variant of Win32/Adware.ConvertAd.AFJ.gen application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\vnse3E86.tmp"
sh=9434D1A5D56479988254608D5289E1E9D488DC54 ft=1 fh=c2a767356ec8b23d vn="a variant of Win64/BubbleSound.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SpaceSondPro\Spacesoundpro.exe"
sh=5E0F70231EA690F5747639397D4E5381A58F79A5 ft=1 fh=b934ef6c314a6a4e vn="a variant of Win32/Adware.MaxDriver.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.11772\ioproduct.exe"
sh=3F7A49C0BD55FF0DF8C4D9AC683A94CB14C513CC ft=1 fh=64dde6e2368bbf87 vn="a variant of Win32/Adware.MaxDriver.C application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.11772\SpaceSondPro_Service.exe"
sh=4745E52E7BA870B7CE2F2B4A05F1CE5A59164349 ft=1 fh=4236bdd4545d6508 vn="a variant of MSIL/Adware.PullUpdate.P application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Eotnuaivg\1.0.7.1\ejletode.exe"
sh=C6E310F6E780160B817AF2F7CE3D416BB800585F ft=1 fh=04e9c0f8fc34af3e vn="a variant of Win32/Adware.ConvertAd.PD application" ac=I fn="C:\FRST\Quarantine\C\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231\onsp5FC7.tmp"
sh=0F5363D7EC1502CE4AD298C7B3B8EC776CED9E3C ft=1 fh=bf28f9153f80c234 vn="a variant of Win32/Adware.ConvertAd.AER.gen application" ac=I fn="C:\FRST\Quarantine\C\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231\pnsp5FC8.exe"
sh=630CC933B81168B50BE5BD61AC95DBCC3BF39CBE ft=1 fh=a0711d408d362e56 vn="a variant of Win32/Adware.ConvertAd.AFN application" ac=I fn="C:\FRST\Quarantine\C\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231\rnsp5FC6.exe"
sh=D986331EA5966DECC506CFED916F1495D6E6E9A3 ft=1 fh=811047ad3ebe7589 vn="a variant of Win32/Adware.ConvertAd.ACK application" ac=I fn="C:\FRST\Quarantine\C\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231\snsp5FC5.tmp"
sh=8036234AA005A1E4AD7C4BFB705FA26DAFAE1967 ft=0 fh=0000000000000000 vn="JS/BrowseFox.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\Extensions\{926a21b7-3759-4709-b3b4-19e3d3e49b40}.xpi.xBAD"
sh=29589828E3835B260C8B0C3587641E351407551B ft=1 fh=efcd4ce9a14031d5 vn="a variant of Win32/UniBlue.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Scott\AppData\Roaming\OpenCandy\AF86A38D42C0456E85D3E0ABE775AFED\pcm_us_p1v7.exe"
sh=F5FDBDDA6E61D6E392090CE37FDD5748EDEF75B5 ft=1 fh=4c2408bfe0b7df9a vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=6934335239B34885403720699DA5EE97B4CE8A48 ft=1 fh=1c9eac9f7d08a7aa vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=2EF805EC3EC590A62B83073C2488BA51477CAD38 ft=1 fh=1139f15e2114b7f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="Y:\Downloads\BitZipper502TrialSetup-en-pl-techpro.exe"
sh=180C8ED7C81E3AE7B0507B26C927EA93584B017C ft=1 fh=b0b83453fcc7b480 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="Y:\Downloads\ccsetup327.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="Y:\Downloads\ccsetup328.exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="Y:\Downloads\ccsetup402(1).exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="Y:\Downloads\ccsetup402.exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="Y:\Downloads\ccsetup403.exe"
sh=86D6AB5D0A24772249F2948B577AD0D71B927FD5 ft=0 fh=0000000000000000 vn="a variant of Win32/UbSpyEraser potentially unwanted application" ac=I fn="Y:\Downloads\powersuite_1[1].5-nara.rar"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="Y:\Scotty\Desktop\cbsidlm-tr1_13-CrystalDiskInfo-SEO-10832082.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="Y:\Scotty\Desktop\ccsetup414.exe"
sh=C98F041F2E590541BF58A4318E92C0617427A6CE ft=1 fh=f97637e090000e40 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="Y:\Scotty\Desktop\ccsetup513.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="Y:\Scotty\Downloads\ccsetup416.exe"
sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="Y:\Scotty\Downloads\ccsetup508.exe"
sh=9D5832FECCC8D0ED608D80D794191D6132EF9FF2 ft=1 fh=6014be58d0587036 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="Y:\Scotty\Downloads\CrystalDiskInfo5_6_2-en.exe"

 

Here's a list of the threats found by ESET:

 

C:\FRST\Quarantine\C\ods.exe.xBAD a variant of MSIL/StartPage.BI trojan
C:\FRST\Quarantine\C\Program Files\amztab\packages\28ae07cb-5577-494f-84e4-5ad1e9a86959\zetip.exe a variant of MSIL/Amonetize.AB potentially unwanted application
C:\FRST\Quarantine\C\Program Files\amztab\packages\28ae07cb-5577-494f-84e4-5ad1e9a86959\setup\7Zip_Update.9.38.exe Win32/OpenCandy.F potentially unsafe application
C:\FRST\Quarantine\C\Program Files\amztab\packages\28ae07cb-5577-494f-84e4-5ad1e9a86959\setup\Skype_Update.7.12.0.101.exe Win32/OpenCandy.F potentially unsafe application
C:\FRST\Quarantine\C\Program Files\amztab\packages\28ae07cb-5577-494f-84e4-5ad1e9a86959\temp\run.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\hnskBC18.tmp a variant of Win32/Adware.ConvertAd.ACL application
C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\jnskA710.tmp a variant of Win32/Adware.ConvertAd.ABN application
C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\knsz91C5.tmpfs a variant of Win32/Adware.ConvertAd.AFM application
C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\rnseA5B4.exe a variant of Win32/Adware.ConvertAd.AFN application
C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\Uninstall.exe Win32/Adware.ConvertAd.AEY application
C:\FRST\Quarantine\C\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\vnse3E86.tmp a variant of Win32/Adware.ConvertAd.AFJ.gen application
C:\FRST\Quarantine\C\Program Files (x86)\SpaceSondPro\Spacesoundpro.exe a variant of Win64/BubbleSound.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.11772\ioproduct.exe a variant of Win32/Adware.MaxDriver.A application
C:\FRST\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.11772\SpaceSondPro_Service.exe a variant of Win32/Adware.MaxDriver.C application
C:\FRST\Quarantine\C\ProgramData\Eotnuaivg\1.0.7.1\ejletode.exe a variant of MSIL/Adware.PullUpdate.P application
C:\FRST\Quarantine\C\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231\onsp5FC7.tmp a variant of Win32/Adware.ConvertAd.PD application
C:\FRST\Quarantine\C\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231\pnsp5FC8.exe a variant of Win32/Adware.ConvertAd.AER.gen application
C:\FRST\Quarantine\C\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231\rnsp5FC6.exe a variant of Win32/Adware.ConvertAd.AFN application
C:\FRST\Quarantine\C\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231\snsp5FC5.tmp a variant of Win32/Adware.ConvertAd.ACK application
C:\FRST\Quarantine\C\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\Extensions\{926a21b7-3759-4709-b3b4-19e3d3e49b40}.xpi.xBAD JS/BrowseFox.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Scott\AppData\Roaming\OpenCandy\AF86A38D42C0456E85D3E0ABE775AFED\pcm_us_p1v7.exe a variant of Win32/UniBlue.F potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
Y:\Downloads\BitZipper502TrialSetup-en-pl-techpro.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
Y:\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\ccsetup402(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\powersuite_1[1].5-nara.rar a variant of Win32/UbSpyEraser potentially unwanted application
Y:\Scotty\Desktop\cbsidlm-tr1_13-CrystalDiskInfo-SEO-10832082.exe Win32/DownloadAdmin.G potentially unwanted application
Y:\Scotty\Desktop\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Scotty\Desktop\ccsetup513.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Scotty\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Scotty\Downloads\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Scotty\Downloads\CrystalDiskInfo5_6_2-en.exe Win32/OpenCandy potentially unsafe application

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Scott (administrator) on SCOTT-PC (09-01-2016 11:22:16)
Running from Y:\Scotty\Desktop
Loaded Profiles: Scott & Guest (Available Profiles: Scott & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-01-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-01-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: {e22af264-b573-11e5-aace-8ce43ac2189d} - I:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2013-12-21]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33953347-52EE-4DE5-8083-A08942394243}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3F1DA497-3454-43C5-85F2-5F449B44E28B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-667926241-938725764-3588881007-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-667926241-938725764-3588881007-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-501 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-667926241-938725764-3588881007-501 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-667926241-938725764-3588881007-501 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504
FF SelectedSearchEngine: Default
FF DefaultSearchEngine: Default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; C:\Windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 10:21 - 2016-01-09 10:21 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-09 09:26 - 2016-01-09 10:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-09 09:26 - 2016-01-09 09:26 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-09 09:26 - 2016-01-09 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-09 09:26 - 2016-01-09 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-09 09:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-09 09:26 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-08 13:36 - 2016-01-08 13:43 - 00000000 ____D C:\AdwCleaner
2016-01-07 16:05 - 2016-01-08 13:49 - 00895454 _____ C:\Windows\ntbtlog.txt
2016-01-07 16:00 - 2016-01-09 11:22 - 00000000 ____D C:\FRST
2015-12-19 12:07 - 2016-01-08 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 10:44 - 2013-05-26 10:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 10:21 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-09 10:08 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-09 10:08 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-09 10:05 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-09 10:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-09 10:01 - 2013-05-26 10:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 10:00 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2016-01-09 10:00 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-09 09:26 - 2013-05-31 13:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes
2016-01-09 09:26 - 2013-05-31 13:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-08 20:10 - 2014-07-29 18:18 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-08 18:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-08 17:48 - 2015-01-15 09:26 - 00000000 ____D C:\Users\Scott\AppData\LocalLow\Temp
2016-01-08 13:27 - 2013-06-05 17:00 - 00001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-08 13:27 - 2013-06-05 17:00 - 00001056 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-08 13:27 - 2013-02-21 09:47 - 00001163 _____ C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-08 13:27 - 2013-02-21 09:46 - 00000000 ____D C:\Users\Scott
2016-01-07 16:03 - 2014-11-30 00:00 - 00000000 ____D C:\Windows\Minidump
2015-12-20 09:22 - 2013-07-31 14:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-18 14:57 - 2013-06-05 17:37 - 00000000 ____D C:\Users\Scott\AppData\Roaming\MediaMonkey
2015-12-17 22:18 - 2011-06-08 17:58 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-17 22:17 - 2015-04-06 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-17 22:17 - 2015-04-06 02:00 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2013-02-21 10:00 - 2014-01-01 10:52 - 0007605 _____ () C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
2013-07-24 10:10 - 2013-07-24 10:48 - 0000710 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-09 09:50

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Scott (2016-01-09 11:22:35)
Running from Y:\Scotty\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-21 14:46:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-667926241-938725764-3588881007-500 - Administrator - Disabled)
Guest (S-1-5-21-667926241-938725764-3588881007-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-667926241-938725764-3588881007-1002 - Limited - Enabled)
Scott (S-1-5-21-667926241-938725764-3588881007-1000 - Administrator - Enabled) => C:\Users\Scott

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Acronis True Image Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ATI AVIVO64 Codecs (Version: 11.6.0.10104 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BufferChm (x32 Version: 130.0.327.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2011.0104.2155.39304 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0000 - SEIKO EPSON Corp.)
EPSON WorkForce GT-1500 Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdateEPSON WorkForce GT-1500_is1) (Version: 3.0.2.0 - Epson America Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G3010 (HKLM\...\{3B3FA519-42F3-4534-B867-960481329CFC}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
hpg3010 (x32 Version: 14.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
ISIS Driver - EPSON GT-1500 v1.0 (HKLM-x32\...\{D41864EF-CC5D-4CF4-B0B9-CA3152164157}) (Version: 1.0 - EMC Captiva)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Add-ons for Acronis True Image Home 2012 (HKLM-x32\...\{9A5509EE-5579-46C1-B566-5065545547F9}) (Version: 15.0.5060 - Acronis)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Navtech PBS (HKLM-x32\...\{BDFBF58B-19D7-479C-B324-D73FCE13F07E}) (Version: 15.1.21 - Navtech Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{DEA18FF6-D84A-4242-9663-692E5BA56805}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.369.000 - Hewlett-Packard) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (x32 Version: 130.0.128.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Samsung Re-Drive (HKLM-x32\...\{500BDCEA-4EFA-4DC3-9768-74C1A2C3E48B}_is1) (Version: 1.6.0 - Samsung Electronics)
Zune (HKLM\...\Zune) (Version: 04.07.1404.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E87A7A2-43C0-4286-8328-8D4BE78408B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {274B70FF-1773-47A5-91B0-7D422A882FB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {51E6B74A-DA61-4C71-A4A7-E877CE7A4394} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {B8C79A4C-25C9-41F5-B3B7-F2323A9A53F8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {EE2FA1A6-3E7D-4BCF-A25D-FB1E26B2AA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F3216CD2-D2CC-4388-904C-AD72E7841DDD} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2008-09-08 09:19 - 2008-09-08 09:19 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-01-04 21:54 - 2011-01-04 21:54 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-26 16:08 - 2010-08-26 16:08 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-05-09 22:09 - 2010-08-11 18:19 - 00056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-05-09 22:09 - 2010-08-11 18:19 - 00113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-05-09 22:09 - 2010-08-11 18:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2013-12-18 12:19 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
2014-10-19 09:05 - 2014-10-19 09:05 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-05-09 22:03 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-08 13:27 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-667926241-938725764-3588881007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-667926241-938725764-3588881007-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{55E767A9-7FA3-4B78-9740-D257157AC924}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C24AA2E3-EA76-4723-A0DD-3CE30DC901DF}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{B4F6F053-59D7-4FFC-8E54-BF88FA5894F6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0BBAE6D1-AF66-47BF-BCFF-0AD4AA04B18E}] => (Allow) LPort=2869
FirewallRules: [{44CCB118-A37D-4D9A-9560-BB5EBB15C424}] => (Allow) LPort=1900
FirewallRules: [{04988C14-16B6-458B-9E7E-7DF9B0F1E346}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C2B48621-1BD6-4D85-8E03-089ED3E55494}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{3A957D5A-9B38-45E2-9C4C-C5D6A4550339}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{015127B5-61CE-40F8-9524-3986A3C1C1A6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{11F82E51-66F3-47AB-9919-D577DD481B1C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4BFAD3C1-9E3E-4A50-AD2F-B48C7038AAD3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{43274E2C-3150-4295-878A-8A9775D04DE1}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{94C9AFE6-89DF-4116-A5B3-BDB5AF153222}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DC780B5B-46CE-4E83-AEE2-DA591A785EFA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{17C78897-9F52-4A8B-A0A8-480F8831FB41}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CE9382B9-A4F6-415F-B77B-1851E94E5A93}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{ACCBC4D3-BC41-4947-BB30-CB8745101DDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{ADD1316B-A8BD-4517-B663-F7ABB64975EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5EA29DDE-84B1-48B9-A1ED-75A87DB943A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{15546992-EDC7-4734-9B61-BE7CE67AA312}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{9F56BB72-9F83-4D55-90C1-07942DA52FED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{83FAAF5A-DDD1-49D0-97EA-F8846FDC4706}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{E2A7ACEA-1ED0-4D85-A32C-CC4C976881B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{9679C4C8-EF5D-4AB2-9500-453CC30123FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D30A296A-F68C-4D17-A1CF-DC603165A4E2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{61D2CE6D-7780-4875-8689-DB771C1076AE}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{441A2721-3375-457C-BE4B-512981AC7AB7}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{52ECCBE9-4E2F-461D-ABD0-CE1DC8427D90}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{E005147C-6001-4494-A639-97A0ED898593}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
FirewallRules: [{098F0A78-C6AE-479B-8779-188CC68B5445}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE71F19B-D9A7-4A8D-8EB3-7C1DAF150093}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9FFE697F-A8E5-44DA-BAA4-054A1EE06DC3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{401D7B74-444D-4786-BB38-E4B0BF73B0D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{819F0791-D610-4C77-AD3F-1BFA8F18153B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4932DECD-414A-4F67-BCA0-320F27F6AD83}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{DC598A93-E5E1-4D33-A820-D68D7EE550D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{261C5C2A-652E-40E0-83ED-5D8AFC5E410C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF87607D-93F9-45FE-9AFC-1EABD98CCA1B}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{2DE0D8BB-761D-43D1-9C8D-7C79C15F72FD}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2016 11:16:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (01/08/2016 06:20:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI66F8.tmp
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IndexOutOfRangeException
Stack:
   at System.Data.DataTableCollection.get_Item(Int32)
   at status.Form1..ctor()
   at status.Program.Main()

Error: (01/08/2016 01:43:25 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description:

Error: (01/08/2016 01:43:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (01/08/2016 12:58:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: silentunconfigurator.exe, version: 0.0.0.0, time stamp: 0x559b9a85
Faulting module name: silentunconfigurator.exe, version: 0.0.0.0, time stamp: 0x559b9a85
Exception code: 0xc0000417
Fault offset: 0x000000000000b4b1
Faulting process id: 0x530
Faulting application start time: 0xsilentunconfigurator.exe0
Faulting application path: silentunconfigurator.exe1
Faulting module path: silentunconfigurator.exe2
Report Id: silentunconfigurator.exe3

Error: (01/07/2016 04:05:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (1516) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Scott\AppData\Local\Microsoft\Windows\WebCache\V0108F25.log.

Error: (01/07/2016 02:16:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wiindows.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 129c

Start Time: 01d1497fe4e14ca7

Termination Time: 0

Application Path: C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe

Report Id:

Error: (01/07/2016 02:16:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wiindows.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2020

Start Time: 01d1497fb96927d0

Termination Time: 0

Application Path: C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe

Report Id:

Error: (01/07/2016 02:15:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PlutoTV.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1914

Start Time: 01d1497fb2ba71df

Termination Time: 2

Application Path: C:\Program Files (x86)\Pluto TV\PlutoTV.exe

Report Id:

Error: (01/07/2016 02:14:49 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (6140) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

System errors:
=============
Error: (01/09/2016 10:26:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (01/09/2016 10:26:40 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Scott\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/09/2016 10:26:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (01/09/2016 10:26:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Scott\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/09/2016 10:26:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (01/09/2016 10:26:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Scott\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/09/2016 10:25:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (01/09/2016 10:25:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Scott\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/09/2016 10:25:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (01/09/2016 10:25:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Scott\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

CodeIntegrity:
===================================
  Date: 2016-01-07 13:27:35.684
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.668
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.668
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.637
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.637
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.622
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.341
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.325
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.325
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-01-07 13:27:35.294
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 32%
Total physical RAM: 6126.46 MB
Available physical RAM: 4118.66 MB
Total Virtual: 6124.66 MB
Available Virtual: 4071.63 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:105.99 GB) (Free:45.84 GB) NTFS
Drive w: (Audio/Video) (Fixed) (Total:1299.61 GB) (Free:1224.55 GB) NTFS
Drive y: (Misc Files) (Fixed) (Total:97.66 GB) (Free:75.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B70CC00B)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=1299.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 69870F89)
Partition 1: (Not Active) - (Size=1024 KB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

That should be everything you asked for. Everything went very smoothly. Computer seems to be running very well.

 

Standing by for any additional steps.

 


  • 0

#15
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Scewter
 

Computer seems to be running very well.

:thumbsup:

ESET has found a few things to tidy up but majority was already quarantined by FRST fix which will be removed when I clean up my tools.

First


ATTENTION: System Restore is disabled


Your system restore is turned off. Are you aware of this or turned it off yourself? I would strongly recommend this is turned on. It can be useful to restore to an earlier point where there are issues with the machine.

If you have not turned this off please renable it by doing the following:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the disk, and then click Configure.
  • To be able to restore system settings and previous versions of files, click Restore system settings and previous versions of files.
  • Click OK, and then click OK again.


    Step1 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Open notepad and copy/paste the text in the quotebox below into it:

    CreateRestorePoint:
    Y:\Downloads\BitZipper502TrialSetup-en-pl-techpro.exe
    Y:\Downloads\powersuite_1[1].5-nara.rar
    Y:\Scotty\Desktop\cbsidlm-tr1_13-CrystalDiskInfo-SEO-10832082.exe
    Y:\Scotty\Downloads\CrystalDiskInfo5_6_2-en.exe
    HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
    HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: {e22af264-b573-11e5-aace-8ce43ac2189d} - I:\LaunchU3.exe -a
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-501 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
    Toolbar: HKU\S-1-5-21-667926241-938725764-3588881007-501 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    CMD: bitsadmin /reset /allusers
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state on
    EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP