Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think my computer is infected [Closed]


  • This topic is locked This topic is locked

#1
lyfelton

lyfelton

    Member

  • Member
  • PipPip
  • 50 posts

When I get connected to WIFI my CPU usage maxes out. Not sure what to do. I had to disconnect the wifi to run the FRST program, put the texts files on a jump drive and use another computer to post this.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-05-2016

Ran by raygon (administrator) on RAYGON-PC (18-05-2016 19:11:15)
Running from C:\Users\raygon\Desktop
Loaded Profiles: raygon (Available Profiles: raygon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\ProgramData\GorillaPrice\WatGorp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [297336 2013-09-25] (Updater)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNDgwMTk3MDIxLVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrM (the data entry has 68 more characters).
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2011-02-01] ()
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\...\MountPoints2: {9d94f46b-ccd5-11e0-810d-0c60763098f1} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-22] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2010-10-23]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2362685967-2414932231-879251054-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-2362685967-2414932231-879251054-1001] => http=127.0.0.1:8080
Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{0EC3C8B7-6E85-46F4-B1AF-8FF9CA786222}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DEBE2630-0958-4046-8ADF-0AAB1010618B}: [DhcpNameServer] 192.168.254.254
ManualProxies: 1http=127.0.0.1:8080
 
Internet Explorer:
==================
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKLM -> DefaultScope {227DFF7C-67B5-4876-9C20-F5FBDAC3A31D} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {227DFF7C-67B5-4876-9C20-F5FBDAC3A31D} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {39D6653E-C4EC-4AD6-9A34-513EE6E38898} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> {39D6653E-C4EC-4AD6-9A34-513EE6E38898} URL = 
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-05] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-05] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2362685967-2414932231-879251054-1001: @nsroblox.roblox.com/launcher -> C:\Users\raygon\AppData\Local\Roblox\Versions\version-5ce51d8367464075\\NPRobloxProxy.dll [2011-06-26] ( Roblox Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1055F558-072E-42A6-8386-6E4A9281AD4B&SSPV=","hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1055F558-072E-42A6-8386-6E4A9281AD4B&SSPV=","hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=hp&installDate=01/12/2013"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\raygon\AppData\Local\Roblox\Versions\version-5ce51d8367464075\\NPRobloxProxy.dll ( Roblox Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\raygon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-11-05]
CHR Extension: (New Tab Page) - C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-12-01]
CHR Extension: (Google Docs) - C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-26]
CHR Extension: (Google Search) - C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-26]
CHR Extension: (Gmail) - C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-26]
CHR Extension: (Managera) - C:\Users\raygon\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [625152 2013-11-11] () [File not signed] <==== ATTENTION
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-11-05] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-18 19:11 - 2016-05-18 19:14 - 00020450 _____ C:\Users\raygon\Desktop\FRST.txt
2016-05-18 19:10 - 2016-05-18 19:11 - 00000000 ____D C:\FRST
2016-05-18 19:09 - 2016-05-18 18:56 - 02382336 _____ (Farbar) C:\Users\raygon\Desktop\FRST64.exe
2016-05-18 18:55 - 2016-05-18 18:55 - 00000000 ____H C:\Users\raygon\BIT1085.tmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-18 19:27 - 2013-09-19 22:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-18 19:27 - 2013-09-19 22:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-18 19:08 - 2009-07-14 01:13 - 00788704 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-18 19:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-18 19:01 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-18 19:01 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-18 18:55 - 2016-04-16 11:43 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForraygon
2016-05-18 18:55 - 2016-04-16 11:43 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForraygon.job
2016-05-18 18:55 - 2013-11-05 14:03 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-18 18:55 - 2013-11-05 14:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-18 18:55 - 2013-11-05 14:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-18 18:55 - 2013-11-05 14:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-18 18:55 - 2010-10-24 07:55 - 00000000 ____D C:\Users\raygon
 
==================== Files in the root of some directories =======
 
2015-10-12 07:39 - 2015-10-12 07:39 - 6420480 _____ () C:\Program Files (x86)\GUT50B4.tmp
2014-11-01 10:15 - 2014-11-01 10:15 - 6000640 _____ () C:\Program Files (x86)\GUTD660.tmp
2010-11-18 22:18 - 2010-11-18 22:18 - 0000000 _____ () C:\Users\raygon\AppData\Roaming\wklnhst.dat
2011-12-14 22:51 - 2012-01-11 23:54 - 0008784 ___SH () C:\Users\raygon\AppData\Local\2t26jd3b40h735
2010-10-24 08:04 - 2010-10-24 08:04 - 0000000 _____ () C:\Users\raygon\AppData\Local\AtStart.txt
2010-10-24 08:04 - 2010-10-24 08:04 - 0000000 _____ () C:\Users\raygon\AppData\Local\DSwitch.txt
2010-10-24 08:04 - 2010-10-24 08:04 - 0000000 _____ () C:\Users\raygon\AppData\Local\QSwitch.txt
2013-11-05 19:24 - 2016-04-16 19:17 - 0007607 _____ () C:\Users\raygon\AppData\Local\resmon.resmoncfg
2011-12-14 22:51 - 2012-01-11 23:54 - 0008784 ___SH () C:\ProgramData\2t26jd3b40h735
2010-10-23 23:44 - 2016-04-16 23:02 - 0000290 _____ () C:\ProgramData\hpqp.ini
2010-12-10 23:50 - 2011-07-01 23:52 - 0000021 _____ () C:\ProgramData\hpqp.txt
2010-10-24 08:04 - 2016-04-16 23:03 - 0000189 _____ () C:\ProgramData\HPWALog.txt
2010-10-23 23:46 - 2010-10-23 23:46 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-17 16:26 - 2009-08-17 16:27 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-10-23 23:45 - 2010-10-23 23:45 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-17 16:20 - 2009-08-17 16:22 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-23 23:45 - 2010-10-23 23:45 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-10-23 23:45 - 2010-10-23 23:45 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-17 16:20 - 2009-08-17 16:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-17 16:22 - 2009-08-17 16:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-23 23:46 - 2010-10-23 23:46 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
Some files in TEMP:
====================
C:\Users\raygon\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe
C:\Users\raygon\AppData\Local\Temp\1374509789_SmartPCFixInstaller_ITNTDigiC_appsP.exe
C:\Users\raygon\AppData\Local\Temp\BackupSetup.exe
C:\Users\raygon\AppData\Local\Temp\bpuninstall.exe
C:\Users\raygon\AppData\Local\Temp\nse33C2.exe
C:\Users\raygon\AppData\Local\Temp\nsoC342.exe
C:\Users\raygon\AppData\Local\Temp\nstCDBE.exe
C:\Users\raygon\AppData\Local\Temp\nsu3817.exe
C:\Users\raygon\AppData\Local\Temp\Runner2.exe
C:\Users\raygon\AppData\Local\Temp\Runner4.exe
C:\Users\raygon\AppData\Local\Temp\sp64126.exe
C:\Users\raygon\AppData\Local\Temp\ttv.exe
C:\Users\raygon\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\raygon\AppData\Local\Temp\{EA9F2404-38E1-4E8E-BFBC-5044CDED84C9}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 
 
LastRegBack: 2013-11-30 20:48
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-05-2016
Ran by raygon (2016-05-18 19:33:02)
Running from C:\Users\raygon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-10-24 11:55:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2362685967-2414932231-879251054-500 - Administrator - Disabled)
Guest (S-1-5-21-2362685967-2414932231-879251054-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2362685967-2414932231-879251054-1002 - Limited - Enabled)
raygon (S-1-5-21-2362685967-2414932231-879251054-1001 - Administrator - Enabled) => C:\Users\raygon
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
BitTorrent (HKU\S-1-5-21-2362685967-2414932231-879251054-1001\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GorillaPrice (HKLM-x32\...\GorillaPrice) (Version:  - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP IDF Software (HKLM-x32\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Jenkat Games Arcade (HKLM-x32\...\Jenkat Games Arcade) (Version:  - Jenkat)
Knctr (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.18 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Roblox for raygon (HKU\S-1-5-21-2362685967-2414932231-879251054-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Safari (HKLM-x32\...\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}) (Version: 5.33.19.4 - Apple Inc.)
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.7896 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.43 - Creative Island Media, LLC) <==== ATTENTION
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02229115-51AF-45D0-8B68-2201C63B70B7} - System32\Tasks\{A947B908-134E-4922-9695-2F9F57EF777C} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {038DA4B4-D9BA-4FBD-B25C-2ED28E8EE098} - System32\Tasks\HPCeeScheduleForraygon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1BA390A1-1675-4475-A538-B6758EED8E49} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {29A48783-BD79-4390-A76F-49A715C857F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {2C446461-3419-42D6-90B8-CC1664F5E8D0} - System32\Tasks\{3B8987A5-5DCD-4496-A4C5-7B75CE60331D} => pcalua.exe -a "H:\WD Passport\DATA (D)\Laptop files\TDT laptops\SymantecAntivirus\20081123-004-i32.exe" -d "H:\WD Passport\DATA (D)\Laptop files\TDT laptops\SymantecAntivirus"
Task: {334E0C14-AFC9-482E-B0A1-879706C8DF44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {5850C693-50BD-40F9-B5B5-DA47B2DAF635} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {743B767E-0926-4FA8-92DC-DFD5D6E7837E} - System32\Tasks\{F15F815C-374D-4C5B-88F5-6A69FF01A3AE} => pcalua.exe -a "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112905-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_AllWin_EN_CD1\CD1\setup.exe" -d "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112905-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_AllWin_EN_CD1\CD1"
Task: {7F208B72-94C6-47F6-B7C8-B0589004799B} - System32\Tasks\{07AC5A4E-DCF1-496A-A819-BCF20C2ABB88} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {805B14E0-C87E-411C-85C6-3C0774ADF1AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8E667D8F-07EE-4ED7-9CF2-245E946068EA} - System32\Tasks\{2ED99FBE-FB96-4300-B77A-FEFBBA9007DB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Symantec Shared\LiveReg\VcSetup.exe" -c /REMOVE
Task: {A3FC5B47-4CAA-4F95-9882-2F679544E872} - System32\Tasks\{F51A38BE-8B6A-400E-9E77-4826090D4885} => pcalua.exe -a "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112906-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_AllWin_EN_CD2\CD2\CentralQ\QConsole\setup.exe" -d "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112906-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_A (the data entry has 35 more characters).
Task: {AFA94929-FDA8-41A0-BE12-D9DC8C6E5D59} - System32\Tasks\{D1992C35-DC15-4E65-8664-BB7CBAB3AE99} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {C7F10A79-9238-4B7F-A464-2C0DE5AF9CEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {E453B491-09C5-452B-ABDB-3F2FA2055777} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-18] (Adobe Systems Incorporated)
Task: {EF580451-76FD-49B4-9CC5-95B3695F285C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EF6EF5EE-44A2-4199-8EC7-68754478FE86} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {FCB755E4-F3E1-4A12-8784-71BF220C4D28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForraygon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-11 11:25 - 2013-11-11 11:25 - 00625152 _____ () C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
2009-08-17 16:26 - 2009-01-21 14:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-11-05 10:01 - 2013-11-05 10:01 - 00070144 _____ () C:\ProgramData\GorillaPrice\WatGorp.exe
2009-07-01 18:44 - 2009-07-01 18:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\raygon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{157A38E3-FB68-4A1C-8910-C762C902838D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{503B555B-C290-4F47-A364-92756DC8B338}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{66EC861E-FBAF-4E1D-B498-954B8A956B10}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{00579801-CF90-4B3E-81A1-BA002C85C7BA}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E86F483E-F655-419B-AC7D-A0F7592E3A43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{71A45A37-113C-46AF-BBE5-19BA52F382B1}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{2ECCF8F4-96D1-4053-B505-5C1BE1D46409}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [TCP Query User{6350EEDE-41D0-4206-A42E-8C3FF7F7B65A}C:\users\raygon\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\raygon\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{9DB89D01-7C6B-459C-B3A8-F9D31E249833}C:\users\raygon\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\raygon\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{E3CD8E3B-7EDA-4E6E-9DF3-6671DC80C6D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4713E746-C114-49DC-ADA7-2EE2D910B6D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4471FF4-3884-4AF3-80ED-C44D7CA3C6DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E65F530-9101-459E-B18D-DA9604F35982}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3234848B-FCBB-4311-85AE-4F38B655B8E8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{82D4ADA5-DD17-4A94-B6A5-CA1A3CB2C656}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{12DD5037-3652-43A3-922A-0F3052738D26}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
20-12-2014 14:58:24 Windows Update
22-12-2014 18:29:49 Windows Modules Installer
28-12-2014 22:08:06 Windows Update
02-01-2015 00:03:53 Windows Update
04-02-2015 19:37:15 Windows Update
10-02-2015 20:37:26 Windows Update
21-02-2015 13:50:18 Windows Update
26-02-2015 20:30:40 Windows Update
27-02-2015 17:47:00 Windows Update
18-10-2015 21:42:53 Windows Update
26-10-2015 18:59:29 Windows Update
11-04-2016 13:48:28 Windows Update
16-04-2016 20:08:13 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/18/2016 06:52:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1650611805 ticks; setting correction factor to -43328789
 
Error: (04/18/2016 04:20:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65363108
 
Error: (04/18/2016 04:20:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 65363108
 
Error: (04/18/2016 04:20:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/18/2016 04:19:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65347368
 
Error: (04/18/2016 04:19:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 65347368
 
Error: (04/18/2016 04:19:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/18/2016 04:19:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65331721
 
Error: (04/18/2016 04:19:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 65331721
 
Error: (04/18/2016 04:19:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/18/2016 06:55:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/18/2016 06:53:23 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DEBE2630-0958-4046-8ADF-0AAB1010618B} because another computer on the network has the same name.  The server could not start.
 
Error: (05/18/2016 06:53:20 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/18/2016 06:53:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/18/2016 06:52:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (04/18/2016 04:17:07 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (04/18/2016 04:17:05 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (04/18/2016 04:17:04 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (04/18/2016 04:17:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (04/17/2016 10:14:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 48%
Total physical RAM: 3003.2 MB
Available physical RAM: 1551.31 MB
Total Virtual: 6004.59 MB
Available Virtual: 4050.2 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:220.79 GB) (Free:142.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.9 GB) (Free:2.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Lexar) (Removable) (Total:3.73 GB) (Free:3.69 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: BE691504)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there are a few infections there so lets get started :

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [297336 2013-09-25] (Updater)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNDgwMTk3MDIxLVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrM (the data entry has 68 more characters).
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
ProxyEnable: [S-1-5-21-2362685967-2414932231-879251054-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-2362685967-2414932231-879251054-1001] => http=127.0.0.1:8080
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
ManualProxies: 1http=127.0.0.1:8080
Hosts:
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKLM -> {39D6653E-C4EC-4AD6-9A34-513EE6E38898} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1055F558-072E-42A6-8386-6E4A9281AD4B&SSPV=","hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1055F558-072E-42A6-8386-6E4A9281AD4B&SSPV=","hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=hp&installDate=01/12/2013"
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx <not found>
R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [625152 2013-11-11] () [File not signed] <==== ATTENTION
R2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-11-05] () [File not signed]
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
2016-05-18 18:55 - 2016-05-18 18:55 - 00000000 ____H C:\Users\raygon\BIT1085.tmp
2015-10-12 07:39 - 2015-10-12 07:39 - 6420480 _____ () C:\Program Files (x86)\GUT50B4.tmp
2014-11-01 10:15 - 2014-11-01 10:15 - 6000640 _____ () C:\Program Files (x86)\GUTD660.tmp
2011-12-14 22:51 - 2012-01-11 23:54 - 0008784 ___SH () C:\Users\raygon\AppData\Local\2t26jd3b40h735
2011-12-14 22:51 - 2012-01-11 23:54 - 0008784 ___SH () C:\ProgramData\2t26jd3b40h735
DeleteJunctionsIndirectory: C:\Windows\system64
Task: {2C446461-3419-42D6-90B8-CC1664F5E8D0} - System32\Tasks\{3B8987A5-5DCD-4496-A4C5-7B75CE60331D} => pcalua.exe -a "H:\WD Passport\DATA (D)\Laptop files\TDT laptops\SymantecAntivirus\20081123-004-i32.exe" -d "H:\WD Passport\DATA (D)\Laptop files\TDT laptops\SymantecAntivirus"
Task: {743B767E-0926-4FA8-92DC-DFD5D6E7837E} - System32\Tasks\{F15F815C-374D-4C5B-88F5-6A69FF01A3AE} => pcalua.exe -a "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112905-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_AllWin_EN_CD1\CD1\setup.exe" -d "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112905-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_AllWin_EN_CD1\CD1"
Task: {7F208B72-94C6-47F6-B7C8-B0589004799B} - System32\Tasks\{07AC5A4E-DCF1-496A-A819-BCF20C2ABB88} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {8E667D8F-07EE-4ED7-9CF2-245E946068EA} - System32\Tasks\{2ED99FBE-FB96-4300-B77A-FEFBBA9007DB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Symantec Shared\LiveReg\VcSetup.exe" -c /REMOVE
Task: {A3FC5B47-4CAA-4F95-9882-2F679544E872} - System32\Tasks\{F51A38BE-8B6A-400E-9E77-4826090D4885} => pcalua.exe -a "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112906-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_AllWin_EN_CD2\CD2\CentralQ\QConsole\setup.exe" -d "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112906-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_A (the data entry has 35 more characters).
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Classes\.exe: exefile => <===== ATTENTION
C:\ProgramData\GorillaPrice
C:\ProgramData\RHelpers
C:\Program Files (x86)\GorillaPrice
C:\ProgramData\Updater
C:\PROGRA~2\SearchProtect
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
lyfelton

lyfelton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Thanks so much for your help. All done and posted logs.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-05-2016

Ran by raygon (2016-05-19 19:08:05) Run:1
Running from C:\Users\raygon\Desktop
Loaded Profiles: raygon (Available Profiles: raygon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [297336 2013-09-25] (Updater)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNDgwMTk3MDIxLVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrM (the data entry has 68 more characters).
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
ProxyEnable: [S-1-5-21-2362685967-2414932231-879251054-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-2362685967-2414932231-879251054-1001] => http=127.0.0.1:8080
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
ManualProxies: 1http=127.0.0.1:8080
Hosts:
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKLM -> {39D6653E-C4EC-4AD6-9A34-513EE6E38898} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=ds&q={searchTerms}&installDate=01/12/2013
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-2362685967-2414932231-879251054-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1055F558-072E-42A6-8386-6E4A9281AD4B&SSPV=","hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1055F558-072E-42A6-8386-6E4A9281AD4B&SSPV=","hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=d83e1c30-f8e5-39c8-878d-55931739809d&searchtype=hp&installDate=01/12/2013"
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx <not found>
R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [625152 2013-11-11] () [File not signed] <==== ATTENTION
R2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-11-05] () [File not signed]
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
2016-05-18 18:55 - 2016-05-18 18:55 - 00000000 ____H C:\Users\raygon\BIT1085.tmp
2015-10-12 07:39 - 2015-10-12 07:39 - 6420480 _____ () C:\Program Files (x86)\GUT50B4.tmp
2014-11-01 10:15 - 2014-11-01 10:15 - 6000640 _____ () C:\Program Files (x86)\GUTD660.tmp
2011-12-14 22:51 - 2012-01-11 23:54 - 0008784 ___SH () C:\Users\raygon\AppData\Local\2t26jd3b40h735
2011-12-14 22:51 - 2012-01-11 23:54 - 0008784 ___SH () C:\ProgramData\2t26jd3b40h735
DeleteJunctionsIndirectory: C:\Windows\system64
Task: {2C446461-3419-42D6-90B8-CC1664F5E8D0} - System32\Tasks\{3B8987A5-5DCD-4496-A4C5-7B75CE60331D} => pcalua.exe -a "H:\WD Passport\DATA (D)\Laptop files\TDT laptops\SymantecAntivirus\20081123-004-i32.exe" -d "H:\WD Passport\DATA (D)\Laptop files\TDT laptops\SymantecAntivirus"
Task: {743B767E-0926-4FA8-92DC-DFD5D6E7837E} - System32\Tasks\{F15F815C-374D-4C5B-88F5-6A69FF01A3AE} => pcalua.exe -a "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112905-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_AllWin_EN_CD1\CD1\setup.exe" -d "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112905-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_AllWin_EN_CD1\CD1"
Task: {7F208B72-94C6-47F6-B7C8-B0589004799B} - System32\Tasks\{07AC5A4E-DCF1-496A-A819-BCF20C2ABB88} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {8E667D8F-07EE-4ED7-9CF2-245E946068EA} - System32\Tasks\{2ED99FBE-FB96-4300-B77A-FEFBBA9007DB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Symantec Shared\LiveReg\VcSetup.exe" -c /REMOVE
Task: {A3FC5B47-4CAA-4F95-9882-2F679544E872} - System32\Tasks\{F51A38BE-8B6A-400E-9E77-4826090D4885} => pcalua.exe -a "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112906-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_AllWin_EN_CD2\CD2\CentralQ\QConsole\setup.exe" -d "H:\WD Passport\antivirus\Symantec 10.2 for 32 &amp; 64 Bit\CM-112906-Symantec_Antivirus_Corporate_Edition_10.2.1.1000_MR1_A (the data entry has 35 more characters).
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Classes\.exe: exefile => <===== ATTENTION
C:\ProgramData\GorillaPrice
C:\ProgramData\RHelpers
C:\Program Files (x86)\GorillaPrice
C:\ProgramData\Updater
C:\PROGRA~2\SearchProtect
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
 
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Updater => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value removed successfully
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Updater => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value data removed successfully.
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
Hosts restored successfully.
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}" => key removed successfully
HKCR\CLSID\{39D6653E-C4EC-4AD6-9A34-513EE6E38898} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found. 
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2362685967-2414932231-879251054-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => value removed successfully
Chrome StartupUrls => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla" => key removed successfully
GorillaPrice => Service stopped successfully.
GorillaPrice => service removed successfully
WatGorp => Service stopped successfully.
WatGorp => service removed successfully
CltMngSvc => service removed successfully
C:\Users\raygon\BIT1085.tmp => moved successfully
C:\Program Files (x86)\GUT50B4.tmp => moved successfully
C:\Program Files (x86)\GUTD660.tmp => moved successfully
C:\Users\raygon\AppData\Local\2t26jd3b40h735 => moved successfully
C:\ProgramData\2t26jd3b40h735 => moved successfully
"C:\Windows\system64" => Deleting reparse point and unlocking started:
"C:\Windows\system64" =>Deleting reparse point and unlocking completed.
"C:\Windows\system64" =>Deleting reparse point and unlocking completed.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C446461-3419-42D6-90B8-CC1664F5E8D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C446461-3419-42D6-90B8-CC1664F5E8D0}" => key removed successfully
C:\Windows\System32\Tasks\{3B8987A5-5DCD-4496-A4C5-7B75CE60331D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B8987A5-5DCD-4496-A4C5-7B75CE60331D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{743B767E-0926-4FA8-92DC-DFD5D6E7837E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{743B767E-0926-4FA8-92DC-DFD5D6E7837E}" => key removed successfully
C:\Windows\System32\Tasks\{F15F815C-374D-4C5B-88F5-6A69FF01A3AE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F15F815C-374D-4C5B-88F5-6A69FF01A3AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F208B72-94C6-47F6-B7C8-B0589004799B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F208B72-94C6-47F6-B7C8-B0589004799B}" => key removed successfully
C:\Windows\System32\Tasks\{07AC5A4E-DCF1-496A-A819-BCF20C2ABB88} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07AC5A4E-DCF1-496A-A819-BCF20C2ABB88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E667D8F-07EE-4ED7-9CF2-245E946068EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E667D8F-07EE-4ED7-9CF2-245E946068EA}" => key removed successfully
C:\Windows\System32\Tasks\{2ED99FBE-FB96-4300-B77A-FEFBBA9007DB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2ED99FBE-FB96-4300-B77A-FEFBBA9007DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3FC5B47-4CAA-4F95-9882-2F679544E872}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3FC5B47-4CAA-4F95-9882-2F679544E872}" => key removed successfully
C:\Windows\System32\Tasks\{F51A38BE-8B6A-400E-9E77-4826090D4885} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F51A38BE-8B6A-400E-9E77-4826090D4885}" => key removed successfully
"HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Classes\.exe" => key removed successfully
C:\ProgramData\GorillaPrice => moved successfully
C:\ProgramData\RHelpers => moved successfully
C:\Program Files (x86)\GorillaPrice => moved successfully
C:\ProgramData\Updater => moved successfully
"C:\PROGRA~2\SearchProtect" => not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2362685967-2414932231-879251054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {6C9C078D-D894-4D4E-A0DB-7D73DE2117AD}.
Unable to cancel {297EA9BF-4AD9-4344-925E-509A8EBB869A}.
Unable to cancel {26F9B699-2360-413E-A9C9-95058D7AD36E}.
Unable to cancel {F8793657-695E-4FB3-BA17-73C23D3C6EB9}.
Unable to cancel {56EFED19-389B-478B-A2D7-C2CC060D8F8E}.
Unable to cancel {1620E259-3803-4D17-A538-08C789A48F05}.
Unable to cancel {5E3AF2E8-002C-4D09-87F8-6E4A21717ADC}.
Unable to cancel {99D87B63-BDF7-489A-A406-69CB11EBBA81}.
Unable to cancel {4F026D91-D4AC-461E-8181-19C57872DF51}.
{1A4C8251-82C9-4A7D-9E27-4A369048A95B} canceled.
{CDD7AEE1-C518-4F74-B0D2-0BBBE5571931} canceled.
2 out of 11 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 1.8 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:14:35 ====
 
# AdwCleaner v5.117 - Logfile created 19/05/2016 at 20:28:10
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : raygon - RAYGON-PC
# Running from : C:\Users\raygon\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\TubeDimmer
Folder Found : C:\ProgramData\Application Data\TubeDimmer
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Itibiti VoIP Phone
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Itibiti Soft Phone
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\Users\raygon\AppData\Local\SearchProtect
Folder Found : C:\Users\raygon\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\raygon\AppData\LocalLow\HPAppData
Folder Found : C:\Users\raygon\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\raygon\AppData\Roaming\iWin
Folder Found : C:\Users\raygon\AppData\Roaming\SmartPCFix
Folder Found : C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Found : C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
 
***** [ Files ] *****
 
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\raygon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB40EAF2-2025-4F74-B9EF-7C0782F26C84}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\TidyNetwork
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Itibiti_is1
Key Found : HKU\.DEFAULT\Software\AVG Security Toolbar
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\1ClickDownload
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\WEDLMNGR
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\YahooPartnerToolbar
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\AppDataLow\Software\DynConIE
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\AppDataLow\Software\Freecause
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\AppDataLow\Software\TidyNetwork
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2362685967-2414932231-879251054-1001\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2362685967-2414932231-879251054-1001\Software\TidyNetwork
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\AVG Security Toolbar
Key Found : HKU\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{71A45A37-113C-46AF-BBE5-19BA52F382B1}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2ECCF8F4-96D1-4053-B505-5C1BE1D46409}]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}
Key Found : HKU\S-1-5-21-2362685967-2414932231-879251054-1001\Software\Microsoft\Internet Explorer\SearchScopes\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}
 
***** [ Web browsers ] *****
 
[C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : conduit.search
[C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : utorrent.en.softonic.com
[C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : amfclgbdpgndipgoegfpkkgobahigbcl
[C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : amfclgbdpgndipgoegfpkkgobahigbcl
[C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\raygon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : igjjkeeamkpihpncmmbgdkhdnjpcfmfb
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [8447 bytes] - [19/05/2016 20:28:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8520 bytes] ##########
 
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-05-19 21:08:12
-----------------------------
21:08:12.219    OS Version: Windows x64 6.1.7601 Service Pack 1
21:08:12.219    Number of processors: 1 586 0x170A
21:08:12.219    ComputerName: RAYGON-PC  UserName: raygon
21:08:29.519    Initialize success
21:08:29.738    VM: initialized successfully
21:08:29.738    VM: Intel CPU virtualization not supported 
21:08:46.679    AVAST engine download error: 0
21:08:57.241    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:08:57.241    Disk 0 Vendor: ST9250315AS 0005HPM1 Size: 238475MB BusType: 11
21:08:57.490    Disk 0 MBR read successfully
21:08:57.490    Disk 0 MBR scan
21:08:57.490    Disk 0 unknown MBR code
21:09:00.953    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          199 MB offset 2048
21:09:00.969    Disk 0 default boot code
21:09:01.000    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       226085 MB offset 409600
21:09:01.031    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS        12189 MB offset 463431680
21:09:01.281    Disk 0 scanning C:\Windows\system32\drivers
21:09:30.999    Service scanning
21:10:16.473    Modules scanning
21:10:16.473    Disk 0 trace - called modules:
21:10:16.551    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:10:16.551    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800336a060]
21:10:16.567    3 CLASSPNP.SYS[fffff880010a943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002eda060]
21:10:16.567    Disk 0 statistics 130246/0/0 @ 2.17 MB/s
21:10:16.567    Scan finished successfully
21:15:31.836    Disk 0 MBR has been saved successfully to "C:\Users\raygon\Desktop\MBR.dat"
21:15:31.899    The log file has been saved successfully to "C:\Users\raygon\Desktop\aswMBR.txt"

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next question could you connect to the internet and let me know how the system is behaving after this

JHlUMFt.png Scan with Malwarebytes Anti-Malware
  • Please download Malwarebytes Anti-Malware to your desktop
  • Launch Malwarebytes from your Desktop
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP