[AndrewThegeek]

Ok so basically I've been having this reoccurring adware that keeps coming back which causes popups by provider but everything ive tryed so far has been ineffective sense I can't seem to fine the actual location of where it's located and Im unsure how it keeps reinstalling itself. Effects are constant popups redirecting of pages to new malicious pages and moderate slowing of browsing.

 

 

 

 

Lastest scan logfile 

 

 

 List of the infected

(Save Log)

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/12/2016

Scan Time: 8:27 AM

Logfile:

Administrator: Yes

 

Version: 2.2.1.1043

Malware Database: v2016.04.12.05

Rootkit Database: v2016.04.09.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: HP

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 330195

Time Elapsed: 4 min, 24 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 1

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\privoxy.exe, 5164, , [f104eac39900de581c700231f21126da]

 

Modules: 1

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\mgwz.dll, , [f9fc2885d0c9f73f7e826ebd669dbe42],

 

Registry Keys: 5

PUP.Optional.GoSearchMe, HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}, , [639204a9fd9c989e50e2e5f87f839769],

PUP.Optional.GoSearchMe, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}, , [639204a9fd9c989e50e2e5f87f839769],

PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Softcomp Software Viewer, , [c92c4e5fb5e4bf773259a390f013639d],

PUP.Optional.Privoxy, HKLM\SOFTWARE\WOW6432NODE\SECUREWEBCHANNEL, , [0de82b826a2fd75fc0aeb1db2cd825db],

PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE, , [f104eac39900de581c700231f21126da],

 

Registry Values: 5

PUP.Optional.ProtectedIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}|URL, https://search.prote...nst=1460338276,, [f8fd79340f8a5dd95d4d1b32d3319b65]

PUP.Optional.Privoxy, HKLM\SOFTWARE\WOW6432NODE\SECUREWEBCHANNEL|Channel, split24banner4, , [0de82b826a2fd75fc0aeb1db2cd825db]

PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE|ImagePath, "C:\Program Files (x86)\Softcomp Software\privoxy.exe" --service, , [f104eac39900de581c700231f21126da]

PUP.Optional.ProtectedIO, HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}|URL, https://search.prote...nst=1460338276,, [7580c9e4485192a477326be29c68fc04]

PUM.Optional.ProxyHijacker, HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [fdf89716b6e3d95d82499fd1ad574db3]

 

Registry Data: 1

PUP.Optional.ProtectedIO, HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.prote...inst=1460338276, Good: (http://www.google.com), Bad: (https://search.protectedio.com/?u=ed8d2ecf7011b27b6f97010abb89239b&c=p1&src=hp&inst=1460338276),,[c92ca6070c8d6ec858e47ab931d4cc34]

 

Folders: 3

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software, , [f9fc2885d0c9f73f7e826ebd669dbe42],

PUP.Optional.Helper, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default\extensions\firefox@helper2, , [6293dbd2009951e58b519a9151b27e82],

PUP.Optional.Helper, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default\extensions\firefox@helper2\content, , [6293dbd2009951e58b519a9151b27e82],

 

Files: 15

Backdoor.Agent.WD, C:\Users\HP\AppData\Local\Temp\GPUpd570C4FDE0.exe, , [f3026d40930675c1a6e2e33b39c76e92],

PUP.Optional.Privoxy, C:\Windows\System32\Tasks\Softcomp Software Viewer, , [c431a10c7e1b6fc7f594270c27dc33cd],

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\privoxy.exe, , [f104eac39900de581c700231f21126da],

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\checkproxy.exe, , [f9fc2885d0c9f73f7e826ebd669dbe42],

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\config.txt, , [f9fc2885d0c9f73f7e826ebd669dbe42],

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\default.action, , [f9fc2885d0c9f73f7e826ebd669dbe42],

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\default.filter, , [f9fc2885d0c9f73f7e826ebd669dbe42],

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\mgwz.dll, , [f9fc2885d0c9f73f7e826ebd669dbe42],

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\privoxy.log, , [f9fc2885d0c9f73f7e826ebd669dbe42],

PUP.Optional.Privoxy, C:\Program Files (x86)\Softcomp Software\swjob.exe, , [f9fc2885d0c9f73f7e826ebd669dbe42],

PUP.Optional.Helper, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default\extensions\firefox@helper2\chrome.manifest, , [6293dbd2009951e58b519a9151b27e82],

PUP.Optional.Helper, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default\extensions\firefox@helper2\install.rdf, , [6293dbd2009951e58b519a9151b27e82],

PUP.Optional.Helper, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default\extensions\firefox@helper2\content\load.js, , [6293dbd2009951e58b519a9151b27e82],

PUP.Optional.Helper, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default\extensions\firefox@helper2\content\overlay.xul, , [6293dbd2009951e58b519a9151b27e82],

PUP.Optional.Helper, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default\extensions\firefox@helper2\content\style.css, , [6293dbd2009951e58b519a9151b27e82],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

 

To be clear I've already tryed to manually remove them without success, Ive tryed to reset my browser,tryed safemode+scans,tryed looking in all programs for malicious unknown programs,tryed startup programs/msconfig, tryed ad blocker, This adware refuses to leave . When I remove it it comes back  a few hours later.

[Advertisements]

Hi, lets do a manual look rather than using automated tools

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Hi, lets do a manual look rather than using automated tools

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[AndrewThegeek]

New Log file

Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.53.1000.101 - ALLDATA Corporation)
AMD Catalyst Install Manager (HKLM\...\{5559F6BF-73E1-A763-5C3B-6140CFFC1460}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version:  - )
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
FreeMouseAutoClicker 3.7 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6275.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSI Kombustor 2.0.2 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Patch testing for Chivalry (HKLM-x32\...\Steam App 232210) (Version:  - )
QuickBooks (x32 Version: 20.0.4001.807 - Intuit Inc.) Hidden
QuickBooks Simple Start 2010 Free Edition (HKLM-x32\...\{0700E22B-A419-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4001.807 - Intuit Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.2 - Synaptics Incorporated)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A288789-12CC-49E8-932E-CC078C67C508} - \Softcomp Software Viewer -> No File <==== ATTENTION
Task: {32BE1EB1-80C1-4AA4-AFD2-784311BC668C} - System32\Tasks\Better Installer => C:\Users\HP\AppData\Roaming\Better Installer\Better Installer.exe [2016-01-28] () <==== ATTENTION
Task: {538B5051-96E8-4B6E-9A6F-45993E5BA990} - \Softcomp Software Viewer -> No File <==== ATTENTION
Task: {5A25CE8A-D4F9-43FA-971F-98CBD0AEC366} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {671E4A97-7D0C-4286-A869-B2F65C1F97BE} - \watchHealth -> No File <==== ATTENTION
Task: {85D13750-30D0-422C-9D9C-1C83EFB9E1FD} - \Softcomp Software Viewer -> No File <==== ATTENTION
Task: {91D45E76-4A71-4C73-A156-E4DB22EDE469} - System32\Tasks\Computer Security Service => C:\Program Files (x86)\Computer Security\tmjob.exe [2016-04-09] () <==== ATTENTION
Task: {ADA9522A-209B-42DB-A8DF-A9580BFA8D53} - System32\Tasks\Erovulnugne => C:\ProgramData\Erovulnugne\1.0.4.1\ansaulpu.exe
Task: {B69E412E-413A-45BE-BCCE-82D5FE03F956} - System32\Tasks\Performance Updater Viewer => C:\Program Files (x86)\Performance Updater\PerformanceUpdater.exe <==== ATTENTION
Task: {B9B98E07-1556-4A6D-AC8E-DC16D6648509} - System32\Tasks\{267D7762-98E9-4CB2-83BE-3A8A4FCA9FFD} => pcalua.exe -a "C:\Users\HP\Downloads\[PC Games ] Hitman 2 Silent Assassin (PC GAME FULL).exe" -d C:\Users\HP\Downloads
Task: {CCEBE6E4-DB0B-4A28-B683-75CCEC255C78} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17] (Adobe Systems Incorporated)
Task: {E5C0D302-88A0-4764-8089-85A9F1E9B450} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F627EA18-00E2-4C5C-959B-A82E594D0D77} - \Super Optimizer Schedule -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-03 14:29 - 2013-01-31 02:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-03 14:29 - 2013-01-31 06:27 - 00380776 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2015-02-03 13:25 - 2016-04-12 08:44 - 00017920 _____ () C:\Windows\System32\rpcnetp.exe
2013-10-17 23:28 - 2013-10-17 23:28 - 00028672 _____ () C:\Windows\system32\valWBFPolicyService.exe
2016-02-08 12:58 - 2016-03-10 17:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-08 12:58 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-08 12:58 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-08 12:58 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-08 12:58 - 2016-03-31 13:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-08 12:58 - 2016-02-08 16:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-08 12:58 - 2016-02-08 16:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-08 12:58 - 2016-02-08 16:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-08 12:58 - 2016-02-08 16:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-08 12:58 - 2016-02-08 16:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-08 12:58 - 2016-03-31 13:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-14 00:41 - 2016-02-17 15:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-08 12:58 - 2016-02-08 18:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-13 10:27 - 2014-08-13 10:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\autochk.exe:BAK [46082]
AlternateDataStreams: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766 [10862]
AlternateDataStreams: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964 [10862]
AlternateDataStreams: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923 [10862]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Intuit SyncManager => c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: NUSB3MON => "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E41A27B0-07AB-4EEB-8631-1A3410FF7E5F}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{527D2C1D-B7BB-4CEB-95DA-11F96FEE0867}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{729F4124-EC63-4C34-AAA7-E1B79E1F84E2}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{A4F7AAF9-DA11-4F37-A19C-56F888EED3A5}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{BA4477D8-AAF8-4443-9A23-46F6DD565D55}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23B4042A-ABE0-4BBA-95F0-6CEC7631336E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CB7D0DE7-0C34-4832-8EE0-2ECCA09A2ABF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7E2982BB-695C-4E5F-A075-7C853E1A1E65}C:\gm\timeseal.exe] => (Allow) C:\gm\timeseal.exe
FirewallRules: [UDP Query User{532A7432-A309-4905-BAF9-9F99B02BC746}C:\gm\timeseal.exe] => (Allow) C:\gm\timeseal.exe
FirewallRules: [TCP Query User{A956657E-4CD6-4898-B9F1-7155EA0C4958}C:\gm\accuclck.exe] => (Allow) C:\gm\accuclck.exe
FirewallRules: [UDP Query User{B40D0A16-7B30-4D47-ACFF-C8DF66307030}C:\gm\accuclck.exe] => (Allow) C:\gm\accuclck.exe
FirewallRules: [{5782D475-92AC-4F44-8668-64143858EC11}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{D7376831-C8F4-41EC-99D6-142514C3B1BA}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{33EA3887-63B7-49C8-9B04-E02A6BA02659}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{93F6874D-BA4D-4976-8FCF-C3063B0CD9DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E763A92F-5DEF-4C78-8BCF-9CAE49E93ADE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{50983FF9-12C6-4052-BCF0-EC63C4375B8B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{62BEA93A-6E51-4043-91F9-B3B86EF9D56D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{F4734BFD-D268-4551-A854-05C9D659B648}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{AB109AB4-B15D-4253-9AF5-ECC32E5EF078}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{6E83073D-CBC8-47CF-848E-177D291BA580}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{ABB35131-C8EE-44FB-A795-C010776BE83E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{48BF39E7-9A5F-4CEA-8186-F2B90DC64C4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{E7D44FC3-C769-4BF5-9DD9-AB1198E3983C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{CCF2C7BE-1AEF-4718-B6D7-63442CA71D6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{D164A1CC-D11C-4D04-8842-6A7D41106A26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{B2A3D4B9-33EB-492A-91B8-E5649775A98F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{961D7B35-430C-4C62-AB7E-95F40001193C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{49D58655-CBEF-44B0-932F-AEF710D3D1DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{03521464-0050-4FDA-833E-9BAEB1B021E6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-03-2016 04:56:13 Windows Update
21-03-2016 05:46:21 Windows Update
25-03-2016 17:31:45 Windows Update
29-03-2016 04:24:05 Windows Update
08-04-2016 12:30:25 Scheduled Checkpoint
09-04-2016 11:50:23 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2016 08:46:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2016 10:51:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 5.1.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13f8

Start Time: 01d1947f36e1070d

Termination Time: 6

Application Path: C:\Users\HP\Desktop\AdwCleaner.exe

Report Id: a0c51885-0072-11e6-8073-68b599f76810

Error: (04/09/2016 06:31:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Better Installer.exe, version: 0.0.0.0, time stamp: 0x56aa34be
Faulting module name: Better Installer.exe, version: 0.0.0.0, time stamp: 0x56aa34be
Exception code: 0xc0000417
Fault offset: 0x0000b9b8
Faulting process id: 0x1210
Faulting application start time: 0xBetter Installer.exe0
Faulting application path: Better Installer.exe1
Faulting module path: Better Installer.exe2
Report Id: Better Installer.exe3

Error: (04/09/2016 03:56:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18057, time stamp: 0x55f8d739
Faulting module name: mono-1-vc.dll_unloaded, version: 0.0.0.0, time stamp: 0x55ae7d8c
Exception code: 0xc0000005
Fault offset: 0x000007feede440b0
Faulting process id: 0xc28
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/09/2016 03:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18057, time stamp: 0x55f8d739
Faulting module name: ntdll.dll, version: 6.1.7601.19018, time stamp: 0x560a0083
Exception code: 0xc0000005
Fault offset: 0x000000000001889d
Faulting process id: 0x2d0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/09/2016 12:01:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2016 11:50:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/08/2016 12:30:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/05/2016 07:55:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2016 05:01:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/12/2016 08:46:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (04/12/2016 08:44:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Transbase TECDOC CD 1_2014 Service service failed to start due to the following error:
%%2

Error: (04/12/2016 08:44:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error:
%%577

Error: (04/12/2016 08:44:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

Error: (04/12/2016 08:44:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimmptsk service failed to start due to the following error:
%%577

Error: (04/12/2016 08:44:15 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Privoxy (PrivoxyService) service terminated with service-specific error %%1067.

Error: (04/11/2016 06:31:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Privoxy (PrivoxyService) service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/09/2016 03:11:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (04/09/2016 12:01:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (04/09/2016 11:59:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Transbase TECDOC CD 1_2014 Service service failed to start due to the following error:
%%2

CodeIntegrity:
===================================
  Date: 2016-04-12 08:44:56.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rixdpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-12 08:44:56.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rixdpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-12 08:44:56.236
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-12 08:44:56.220
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-12 08:44:56.189
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimmpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-12 08:44:56.158
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimmpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-09 11:59:55.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rixdpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-09 11:59:55.540
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rixdpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-09 11:59:55.509
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-09 11:59:55.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

[Essexboy]

I will also need the main FRST log please as that contains the run keys and drivers...  I can see the problem now though

 

Attach both logs

[AndrewThegeek]

Where is that located at ? Im not seeing it.

[Essexboy]

It will be in the same location as FRST

If you cannot find it then put FRST on your desktop and run it again

[AndrewThegeek]

FRST LOGFILE 4/13/2016

 

 

NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

() C:\Windows\System32\rpcnetp.exe

() C:\Windows\System32\valWBFPolicyService.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe

(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe

(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)

Winlogon\Notify\ScCertProp: wlnotify.dll [X]

HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)

HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)

HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\MountPoints2: F - F:\Setup.exe

HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\MountPoints2: {4ba63d2b-c62f-11e5-b561-e02a82c7ab80} - E:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\MountPoints2: {bb422514-fba2-11e5-b760-68b599f76810} - E:\VerizonSWUpgradeAssistantLauncher.exe

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{9AAE24C3-BDCE-4DAC-A9ED-F9B97641C0CA}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{EC357CEF-B0D0-494B-BD10-C9BD33FEBE6E}: [DhcpNameServer] 192.168.1.254

ManualProxies: 

 

Internet Explorer:

==================

SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 

SearchScopes: HKU\S-1-5-21-3241789850-2206600503-3642038317-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2009-09-03] (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default

FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?u=ed8d2ecf7011b27b6f97010abb89239b&c=p1&src=hp&inst=1458091873

FF NetworkProxy: "type", 5)user_pref("xpinstall.signatures.required", false

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-30] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2016-04-09] (Unity Technologies ApS)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default\searchplugins\search.xml [2016-04-10]

FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2e9otsft.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]

FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=ed8d2ecf7011b27b6f97010abb89239b&c=p1&src=hp&inst=1459302561"

CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-13]

CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-13]

CHR Extension: (Adblock Plus) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-19]

CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]

CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]

CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-13]

CHR Extension: (ed8d2ecf7011b27b6f97010abb89239b) - C:\Program Files (x86)\Google\Chrome\Application\ed8d2ecf7011b27b6f97010abb89239b [2016-03-18]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)

R2 QBCFMonitorService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2009-09-03] (Intuit) [File not signed]

S3 QBFCService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28672 2013-10-17] ()

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

S2 Transbase TECDOC CD 1_2014 Service; E:\TECDOC_CD\1_2014\db\tbmux32.exe [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S2 rimmptsk; C:\Windows\System32\DRIVERS\rimmpx64.sys [67584 2009-06-25] (REDC) [File not signed]

S2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2009-06-25] (REDC) [File not signed]

S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.) [File not signed]

S2 rismxdp; C:\Windows\System32\DRIVERS\rixdpx64.sys [57856 2009-06-25] (REDC) [File not signed]

S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2016-01-24] () [File not signed]

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-04-12 11:05 - 2016-04-12 11:05 - 00012181 _____ C:\Users\HP\Desktop\FRST.txt

2016-04-12 11:03 - 2016-04-12 11:03 - 02375168 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe

2016-04-12 11:01 - 2016-04-12 11:05 - 00000000 ____D C:\FRST

2016-04-12 08:54 - 2016-04-12 08:54 - 00000097 ____H C:\Users\HP\Desktop\.~lock.Dms.odt#

2016-04-12 08:43 - 2016-04-12 08:43 - 00018379 _____ C:\Users\HP\Desktop\Dms.odt

2016-04-11 22:49 - 2016-04-11 22:50 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\HP\Downloads\sh-remover.exe

2016-04-09 20:14 - 2016-04-09 20:14 - 01166936 _____ C:\Users\HP\Downloads\Houdini_15a.zip

2016-04-09 18:49 - 2016-04-09 18:49 - 00000000 ____D C:\Users\HP\Downloads\stockfish-7-win (1)

2016-04-09 15:46 - 2016-04-09 15:46 - 00000000 ____D C:\Users\HP\AppData\Roaming\Unity

2016-04-09 15:14 - 2016-04-09 15:14 - 00000000 ____D C:\Users\HP\AppData\LocalLow\Unity

2016-04-09 15:11 - 2016-04-09 15:11 - 00000000 ____D C:\Program Files\Unity

2016-04-09 11:30 - 2016-04-09 11:30 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\HP\Downloads\SpyHunter-Installer.exe

2016-04-09 11:29 - 2016-04-12 08:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-04-09 11:29 - 2016-04-09 11:29 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-04-09 11:29 - 2016-04-09 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-04-09 11:29 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-04-09 11:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-04-09 11:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-04-09 11:28 - 2016-04-09 11:29 - 22851472 _____ (Malwarebytes ) C:\Users\HP\Downloads\mbam-setup-2.2.1.1043 (1).exe

2016-04-08 11:45 - 2016-04-08 11:45 - 01556392 _____ C:\Users\HP\Downloads\stockfish-7-win (2).zip

2016-04-08 11:45 - 2016-04-08 11:45 - 01556392 _____ C:\Users\HP\Downloads\stockfish-7-win (1).zip

2016-04-05 15:42 - 2016-04-05 15:42 - 00000855 _____ C:\Users\HP\Desktop\Kyle G Resume.txt

2016-03-27 19:25 - 2016-03-27 19:26 - 00000908 _____ C:\Users\HP\Desktop\Andrew's Resume.txt

2016-03-27 19:05 - 2016-03-27 19:05 - 00016220 _____ C:\Users\HP\Downloads\Andrew's Resume.odt

2016-03-27 19:05 - 2016-03-27 19:05 - 00016220 _____ C:\Users\HP\Downloads\Andrew's Resume (1).odt

2016-03-24 07:07 - 2016-03-24 07:07 - 00003402 _____ C:\Users\HP\Desktop\Brandons Resume obt.txt

2016-03-23 19:00 - 2016-03-23 19:00 - 00478776 _____ (Advanced Mouse Auto Clicker ltd. ) C:\Users\HP\Downloads\free-mouse-auto-clicker-3-7-en-win.exe

2016-03-23 19:00 - 2016-03-23 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMouseAutoClicker

2016-03-23 19:00 - 2016-03-23 19:00 - 00000000 ____D C:\Program Files (x86)\FreeMouseAutoClicker

2016-03-23 02:10 - 2016-03-23 02:10 - 00001111 _____ C:\Users\Public\Desktop\Arena.lnk

2016-03-23 02:08 - 2016-03-23 02:09 - 16992844 _____ ( ) C:\Users\HP\Downloads\arena_3.5.1setup (1).exe

2016-03-23 02:07 - 2016-03-23 02:08 - 18199132 _____ C:\Users\HP\Downloads\arena_3.5.1 (1).zip

2016-03-22 17:57 - 2016-03-22 17:58 - 04988970 _____ C:\Users\HP\Downloads\wlist_match1 (1).zip

2016-03-22 17:57 - 2016-03-22 17:57 - 04988970 _____ C:\Users\HP\Downloads\wlist_match1.zip

2016-03-19 17:19 - 2016-03-19 17:20 - 25028744 _____ (SUPERAntiSpyware) C:\Users\HP\Downloads\SUPERAntiSpyware.exe

2016-03-19 01:25 - 2016-03-26 08:38 - 00000000 ____D C:\Program Files (x86)\AdwCleaner

2016-03-19 01:24 - 2016-03-19 01:24 - 01527296 _____ C:\Users\HP\Desktop\AdwCleaner.exe

2016-03-19 00:41 - 2016-03-19 00:42 - 22851472 _____ (Malwarebytes ) C:\Users\HP\Downloads\mbam-setup-2.2.1.1043.exe

2016-03-18 15:27 - 2016-04-11 18:31 - 00003260 _____ C:\Windows\System32\Tasks\Computer Security Service

2016-03-18 15:27 - 2016-03-18 15:27 - 00000000 ____D C:\Program Files (x86)\Computer Security

2016-03-13 20:32 - 2016-04-11 18:31 - 00002485 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-03-13 20:32 - 2016-03-13 20:32 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-03-13 20:30 - 2016-04-12 10:35 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-13 20:30 - 2016-04-12 08:44 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-13 20:30 - 2016-03-19 17:39 - 00000000 ____D C:\Program Files (x86)\Google

2016-03-13 20:30 - 2016-03-13 20:30 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-03-13 20:30 - 2016-03-13 20:30 - 00003634 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-04-12 10:49 - 2009-07-13 21:45 - 00029808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-04-12 10:49 - 2009-07-13 21:45 - 00029808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-04-12 10:47 - 2009-07-13 22:13 - 00783294 _____ C:\Windows\system32\PerfStringBackup.INI

2016-04-12 10:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf

2016-04-12 10:14 - 2015-09-29 10:26 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype

2016-04-12 08:44 - 2016-02-08 12:54 - 00000000 ____D C:\Program Files (x86)\Steam

2016-04-12 08:44 - 2016-02-01 15:19 - 00000000 ____D C:\Windows\erdnt

2016-04-12 08:44 - 2015-02-05 15:35 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe

2016-04-12 08:44 - 2015-02-05 15:35 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll

2016-04-12 08:44 - 2015-02-03 13:25 - 00017920 _____ C:\Windows\system32\rpcnetp.exe

2016-04-12 08:44 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-04-12 08:39 - 2016-01-26 09:45 - 00000000 ____D C:\Gm

2016-04-09 19:17 - 2016-01-22 21:20 - 00000000 ____D C:\Program Files (x86)\Arena

2016-04-09 11:29 - 2016-01-30 12:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-04-09 11:15 - 2015-02-03 13:30 - 00000000 ____D C:\Users\HP\AppData\Local\VirtualStore

2016-03-27 17:37 - 2016-01-24 14:15 - 00000000 ____D C:\Users\HP\Documents\My Games

2016-03-26 09:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF

2016-03-26 08:51 - 2016-01-28 13:01 - 00000000 ____D C:\Users\HP\Desktop\Chess Games Pgn

2016-03-24 07:09 - 2015-09-21 12:20 - 00020073 _____ C:\Users\HP\Desktop\Brandons Resume.odt

2016-03-24 06:58 - 2016-01-25 19:15 - 00003403 _____ C:\Users\HP\Desktop\Brandons Resume.txt

2016-03-24 06:57 - 2016-01-27 19:42 - 00020073 _____ C:\Users\HP\Desktop\Brandons Resume template file.odt

2016-03-23 02:10 - 2016-01-28 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arena

2016-03-19 18:34 - 2016-02-28 19:31 - 00000000 ____D C:\Program Files (x86)\Icoon

2016-03-19 17:56 - 2015-06-20 18:50 - 00529236 _____ C:\Windows\ntbtlog.txt

2016-03-19 01:02 - 2015-10-15 11:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-03-19 00:55 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2016-03-19 00:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration

2016-03-19 00:54 - 2016-01-31 19:31 - 00000000 ____D C:\Program Files (x86)\Performance Updater

2016-03-17 16:42 - 2010-11-21 00:16 - 00000000 ___RD C:\Users\Public\Recorded TV

2016-03-13 22:01 - 2015-05-08 14:49 - 00000000 ____D C:\Users\HP\AppData\Local\Google

2016-03-13 20:29 - 2015-05-06 23:20 - 00000000 ____D C:\Users\HP\AppData\Local\Deployment

 

==================== Files in the root of some directories =======

 

2015-02-03 14:17 - 2015-02-03 14:17 - 0000000 _____ () C:\Users\HP\AppData\Local\AtStart.txt

2015-02-03 14:17 - 2015-02-03 14:17 - 0000000 _____ () C:\Users\HP\AppData\Local\DSwitch.txt

2015-02-03 14:17 - 2015-02-03 14:17 - 0000000 _____ () C:\Users\HP\AppData\Local\QSwitch.txt

2015-08-30 10:30 - 2015-08-30 10:30 - 0007602 _____ () C:\Users\HP\AppData\Local\Resmon.ResmonCfg

2015-02-13 16:07 - 2016-01-24 13:24 - 6216212 _____ () C:\ProgramData\OfflineCatalogue_1_2014_TECDOC_CD.log

 

Some files in TEMP:

====================

C:\Users\HP\AppData\Local\Temp\GPUpd56F87BBE0.exe

C:\Users\HP\AppData\Local\Temp\GPUpd57085B670.exe

C:\Users\HP\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll

[2010-11-20 20:24] - [2015-02-03 13:30] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

 

C:\Windows\SysWOW64\User32.dll

[2010-11-20 20:24] - [2015-02-03 13:30] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

 

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

[Essexboy]

Could you let me know how the computer is after this please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
FF NetworkProxy: "type", 5)user_pref("xpinstall.signatures.required", false
CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=ed8d2ecf7011b27b6f97010abb89239b&c=p1&src=hp&inst=1459302561"
CHR Extension: (ed8d2ecf7011b27b6f97010abb89239b) - C:\Program Files (x86)\Google\Chrome\Application\ed8d2ecf7011b27b6f97010abb89239b [2016-03-18]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
2016-04-11 22:49 - 2016-04-11 22:50 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\HP\Downloads\sh-remover.exe
2016-03-18 15:27 - 2016-03-18 15:27 - 00000000 ____D C:\Program Files (x86)\Computer Security
Task: {0A288789-12CC-49E8-932E-CC078C67C508} - \Softcomp Software Viewer -> No File <==== ATTENTION
Task: {32BE1EB1-80C1-4AA4-AFD2-784311BC668C} - System32\Tasks\Better Installer => C:\Users\HP\AppData\Roaming\Better Installer\Better Installer.exe [2016-01-28] () <==== ATTENTION
Task: {538B5051-96E8-4B6E-9A6F-45993E5BA990} - \Softcomp Software Viewer -> No File <==== ATTENTION
Task: {671E4A97-7D0C-4286-A869-B2F65C1F97BE} - \watchHealth -> No File <==== ATTENTION
Task: {85D13750-30D0-422C-9D9C-1C83EFB9E1FD} - \Softcomp Software Viewer -> No File <==== ATTENTION
Task: {91D45E76-4A71-4C73-A156-E4DB22EDE469} - System32\Tasks\Computer Security Service => C:\Program Files (x86)\Computer Security\tmjob.exe [2016-04-09] () <==== ATTENTION
Task: {ADA9522A-209B-42DB-A8DF-A9580BFA8D53} - System32\Tasks\Erovulnugne => C:\ProgramData\Erovulnugne\1.0.4.1\ansaulpu.exe
Task: {B69E412E-413A-45BE-BCCE-82D5FE03F956} - System32\Tasks\Performance Updater Viewer => C:\Program Files (x86)\Performance Updater\PerformanceUpdater.exe <==== ATTENTION
Task: {F627EA18-00E2-4C5C-959B-A82E594D0D77} - \Super Optimizer Schedule -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Lavasoft
C:\Users\HP\AppData\Roaming\Better Installer
C:\Program Files (x86)\Performance Updater
C:\ProgramData\Erovulnugne
C:\Program Files (x86)\Computer Security
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[AndrewThegeek]

FIXLOG 11:26 am 4/13/2016 

 

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

RemoveProxy:

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

 

Restore point was successfully created.

Firefox Proxy settings were reset.

Chrome StartupUrls => removed successfully

C:\Program Files (x86)\Google\Chrome\Application\ed8d2ecf7011b27b6f97010abb89239b => moved successfully

gupdate => service removed successfully

gupdatem => service removed successfully

C:\Users\HP\Downloads\sh-remover.exe => moved successfully

C:\Program Files (x86)\Computer Security => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A288789-12CC-49E8-932E-CC078C67C508}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A288789-12CC-49E8-932E-CC078C67C508}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Softcomp Software Viewer => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32BE1EB1-80C1-4AA4-AFD2-784311BC668C}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32BE1EB1-80C1-4AA4-AFD2-784311BC668C}" => key removed successfully

C:\Windows\System32\Tasks\Better Installer => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Better Installer" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{538B5051-96E8-4B6E-9A6F-45993E5BA990}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{538B5051-96E8-4B6E-9A6F-45993E5BA990}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Softcomp Software Viewer => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{671E4A97-7D0C-4286-A869-B2F65C1F97BE}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{671E4A97-7D0C-4286-A869-B2F65C1F97BE}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\watchHealth => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85D13750-30D0-422C-9D9C-1C83EFB9E1FD}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85D13750-30D0-422C-9D9C-1C83EFB9E1FD}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Softcomp Software Viewer => key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91D45E76-4A71-4C73-A156-E4DB22EDE469} => key not found. 

C:\Windows\System32\Tasks\Computer Security Service => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Computer Security Service" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{ADA9522A-209B-42DB-A8DF-A9580BFA8D53}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA9522A-209B-42DB-A8DF-A9580BFA8D53}" => key removed successfully

C:\Windows\System32\Tasks\Erovulnugne => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Erovulnugne" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B69E412E-413A-45BE-BCCE-82D5FE03F956}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B69E412E-413A-45BE-BCCE-82D5FE03F956}" => key removed successfully

C:\Windows\System32\Tasks\Performance Updater Viewer => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Performance Updater Viewer" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F627EA18-00E2-4C5C-959B-A82E594D0D77}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F627EA18-00E2-4C5C-959B-A82E594D0D77}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found. 

"HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully

"C:\Program Files (x86)\Lavasoft" => not found.

C:\Users\HP\AppData\Roaming\Better Installer => moved successfully

C:\Program Files (x86)\Performance Updater => moved successfully

"C:\ProgramData\Erovulnugne" => not found.

"C:\Program Files (x86)\Computer Security" => not found.

 

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= RemoveProxy: =========

 

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-3241789850-2206600503-3642038317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

========= End of RemoveProxy: =========

 

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state ON =========

 

Ok.

 

 

========= End of CMD: =========

[Essexboy]

How is the computer behaving now ?

I see you have AdwCleaner did you use it ?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

[AndrewThegeek]

Yes I've used it before to try to fix the problem it detected the maleware but pretended to remove it which was funny. I can do another scan if you'd like. The adware appears to be gone.

[Essexboy]

Yes please just to be sure

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.