Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is infected with random links and words that are underline


  • Please log in to reply

#16
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I think we can clean it ok with the FRST fix. Then we will run other scans too and I think things will be fine, I have not seen zero access for quite a while. I'm not sure if it's even active on your computer.

When you download the fixlist to the flash drive, remember to move it to the desktop on the infected computer
Because:

FRST program and Fixlist must always be in the same place so the fix can run.

After that you can return it back on line and we will run other scans.

 

That is good to hear. Thank you so very much for the help. I'm glad you are experienced with this issue that is on laptop #2. Is there a way to see if it is active on the computer from what you see in the stuff I submit to you? 

 

I moved everything to the desktop on the other laptop and ran the scan. 

 

Here is what it gave me back. 

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by breakmydreams (06-07-2017 13:36:15) Run:1
Running from C:\Users\breakmydreams\Desktop
Loaded Profiles: breakmydreams (Available Profiles: breakmydreams)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM -> DefaultScope {CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {A8957BB5-F5E8-478C-9D19-81E0C239E0BA} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2178555272-1815042791-136943586-1001 -> DefaultScope {CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2178555272-1815042791-136943586-1001 -> {08359746-CE79-464F-AF3E-2B810E5C7E6F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS480
SearchScopes: HKU\S-1-5-21-2178555272-1815042791-136943586-1001 -> {4B928D05-8D7A-4B21-ACDD-764653FE3DFE} URL = hxxp://www.bing.com/search?FORM=U162DF&PC=U162&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2178555272-1815042791-136943586-1001 -> {BC6C9C76-BF3E-46F3-9C39-EF856558EEB1} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS480
SearchScopes: HKU\S-1-5-21-2178555272-1815042791-136943586-1001 -> {CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: QmeeBHO -> {6577593B-7445-4680-B5CE-4F38D770864D} -> C:\Program Files (x86)\Qmee\1.5.0\KangoBHO64.dll [2015-07-31] (Kango)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
BHO-x32: Java� Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2178555272-1815042791-136943586-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2178555272-1815042791-136943586-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2178555272-1815042791-136943586-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2178555272-1815042791-136943586-1001 -> No Name - {E120ACB6-21BA-45ED-9E79-32079107C103} -  No File
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=U162&form=U162HP","hxxp://www.cassiopessa.com/?f=7&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=","hxxp://www.cassiopessa.com/?f=1&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=&uref=chmm"
CHR DefaultSearchURL: Default -> hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=
CHR DefaultSearchKeyword: Default -> cassiopesa.com
CHR Extension: (OneStopGPT) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahagolkpaghhinaljhjihagjgomdokb [2014-03-10] [UpdateUrl: hxxps://s3.amazonaws.com/com.alexa.toolbar/autoupdate/atbpg/update.xml] <==== ATTENTION
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}
C:\Users\breakmydreams\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc}
C:\Users\breakmydreams\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc}\@
C:\Users\breakmydreams\restartIE.cmd-1441665211.cmd
C:\Users\breakmydreams\restartIE2.cmd
C:\Users\breakmydreams\SBExtnBack.exe
2017-01-02 14:16 - 2017-01-02 14:16 - 0000000 _____ () C:\Users\breakmydreams\AppData\Local\Temp\mzokaf0h.dll
BHO-x32: QmeeBHO -> {6577593B-7445-4680-B5CE-4F38D770864D} -> C:\Program Files (x86)\Qmee\1.5.0\KangoBHO.dll [2015-07-31] (Kango)
Toolbar: HKLM - Qmee - {A4C2B741-E69A-4C2E-AAB1-C38D8163E40B} - C:\Program Files (x86)\Qmee\1.5.0\KangoBHO64.dll [2015-07-31] (Kango)
C:\Program Files (x86)\Qmee
Toolbar: HKLM-x32 - Qmee - {A4C2B741-E69A-4C2E-AAB1-C38D8163E40B} - C:\Program Files (x86)\Qmee\1.5.0\KangoBHO.dll [2015-07-31] (Kango)
CHR Extension: (Klout) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2015-07-12]
CustomCLSID: HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\breakmydreams\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
Task: {1705A9C9-D145-4F24-9AA9-F2604A2A1278} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9AED915D-DDE1-43F4-BA0C-00047FE15366} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D7946C47-859F-4394-990A-B064FEFBBA74} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} => key removed successfully
HKLM\Software\Classes\CLSID\{CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} => key not found. 
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08359746-CE79-464F-AF3E-2B810E5C7E6F} => key removed successfully
HKLM\Software\Classes\CLSID\{08359746-CE79-464F-AF3E-2B810E5C7E6F} => key not found. 
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B928D05-8D7A-4B21-ACDD-764653FE3DFE} => key removed successfully
HKLM\Software\Classes\CLSID\{4B928D05-8D7A-4B21-ACDD-764653FE3DFE} => key not found. 
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC6C9C76-BF3E-46F3-9C39-EF856558EEB1} => key removed successfully
HKLM\Software\Classes\CLSID\{BC6C9C76-BF3E-46F3-9C39-EF856558EEB1} => key not found. 
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} => key removed successfully
HKLM\Software\Classes\CLSID\{CD73A8D9-FBFC-4DC5-9167-A0003A0EAF9F} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6577593B-7445-4680-B5CE-4F38D770864D} => key removed successfully
HKLM\Software\Classes\CLSID\{6577593B-7445-4680-B5CE-4F38D770864D} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E120ACB6-21BA-45ED-9E79-32079107C103} => value removed successfully
HKLM\Software\Classes\CLSID\{E120ACB6-21BA-45ED-9E79-32079107C103} => key not found. 
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc} => moved successfully
C:\Users\breakmydreams\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc} => moved successfully
"C:\Users\breakmydreams\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc}\@" => not found.
C:\Users\breakmydreams\restartIE.cmd-1441665211.cmd => moved successfully
C:\Users\breakmydreams\restartIE2.cmd => moved successfully
C:\Users\breakmydreams\SBExtnBack.exe => moved successfully
C:\Users\breakmydreams\AppData\Local\Temp\mzokaf0h.dll => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6577593B-7445-4680-B5CE-4F38D770864D} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6577593B-7445-4680-B5CE-4F38D770864D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A4C2B741-E69A-4C2E-AAB1-C38D8163E40B} => value removed successfully
HKLM\Software\Classes\CLSID\{A4C2B741-E69A-4C2E-AAB1-C38D8163E40B} => key removed successfully
C:\Program Files (x86)\Qmee => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A4C2B741-E69A-4C2E-AAB1-C38D8163E40B} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A4C2B741-E69A-4C2E-AAB1-C38D8163E40B} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt2 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt3 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt4 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt5 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt6 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt7 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt8 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1705A9C9-D145-4F24-9AA9-F2604A2A1278} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1705A9C9-D145-4F24-9AA9-F2604A2A1278} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AED915D-DDE1-43F4-BA0C-00047FE15366} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AED915D-DDE1-43F4-BA0C-00047FE15366} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7946C47-859F-4394-990A-B064FEFBBA74} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7946C47-859F-4394-990A-B064FEFBBA74} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5407431 B
Java, Flash, Steam htmlcache => 41350527 B
Windows/system/drivers => 55448838 B
Edge => 0 B
Chrome => 61624090 B
Firefox => 14119335 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 208244149 B
systemprofile32 => 869475 B
LocalService => 16384 B
NetworkService => 463123614 B
breakmydreams => 7371213 B
 
RecycleBin => 0 B
EmptyTemp: => 829.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:40:31 ====

  • 0

Advertisements


#17
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Looks like it was moved successfully

Lets check for rootkits since this is a rootkit type infection.

Download Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

  • 0

#18
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Here are the results. 

It did say it didn't find any malware, but here are the two logs that you requested in the next reply. 

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18282
breakmydreams :: HANSONNUTT [administrator]
 
7/6/2017 6:05:22 PM
mbar-log-2017-07-06 (18-05-22).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 336012
Time elapsed: 49 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18282
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.296000 GHz
Memory total: 2792218624, free: 962064384
 
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     07/06/2017 18:04:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp6.sys
\SystemRoot\system32\DRIVERS\VBoxNetLwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\nnfwdk64.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\appobserver64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\windows\System32\ntdll.dll
\windows\System32\smss.exe
\windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003056790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80030561e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003056790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002f2b040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8002a29290, DeviceName: \Device\00000068\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 20C94C86
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 593326080
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 596400128  Numsec = 28741632
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-3074048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-596400128-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 


  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Lets scan for adware.

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
Next
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

  • 0

#20
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Here are the results of the two scans... looks like they found quite a few threats... not sure if they are good or bad threats... 

 

 

 

# AdwCleaner v6.047 - Logfile created 10/07/2017 at 16:40:57
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : breakmydreams - HANSONNUTT
# Running from : C:\Users\breakmydreams\Desktop\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: CouponPrinterService
[-] Service deleted: YahooAUService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\breakmydreams\AppData\Local\Shortcut Installer
[-] Folder deleted: C:\Users\breakmydreams\AppData\LocalLow\iac
[-] Folder deleted: C:\Users\breakmydreams\AppData\LocalLow\Toolbar4
[-] Folder deleted: C:\Users\breakmydreams\AppData\LocalLow\Yahoo! Companion
[-] Folder deleted: C:\Users\breakmydreams\AppData\LocalLow\Yahoo!\Companion
[#] Folder deleted on reboot: C:\Users\breakmydreams\AppData\LocalLow\IAC
[-] Folder deleted: C:\Users\breakmydreams\AppData\Roaming\pccustubinstaller
[-] Folder deleted: C:\Users\breakmydreams\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\ProgramData\BasicSeek
[-] Folder deleted: C:\ProgramData\Yahoo! Companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BasicSeek
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\Program Files (x86)\BasicSeek
[-] Folder deleted: C:\Program Files (x86)\Conduit
[-] Folder deleted: C:\Program Files (x86)\Coupons
[-] Folder deleted: C:\Program Files (x86)\DownloadManager
[-] Folder deleted: C:\Program Files (x86)\file scout
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion
[-] Folder deleted: C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eiimolhnbbbdagljikeckdkldgemmmlj
[-] Folder deleted: C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppdjnkblmcjfnlogjjhpigpdgpcgdpll
[-] Folder deleted: C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apjkpjchfbckhjhokinlgdbmibpbbjak
[-] Folder deleted: C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
 
 
***** [ Files ] *****
 
[-] File deleted: C:\windows\SysNative\drivers\netfilter64.sys
[-] File deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File deleted: C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
[-] File deleted: C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\yahooauservice
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\couponprinterservice
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\YahooAUService
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\yahooauservice
[-] Key deleted: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper.2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key deleted: HKU\.DEFAULT\Software\IBUpdaterService
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\InstalledThirdPartyPrograms
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\Pokki
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\AppDataLow\Toolbar
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\AppDataLow\Software\BackgroundContainer
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\IBUpdaterService
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\InstalledThirdPartyPrograms
[#] Key deleted on reboot: HKCU\Software\Pokki
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Toolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\BackgroundContainer
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\InstalledThirdPartyPrograms
[#] Key deleted on reboot: [x64] HKCU\Software\Pokki
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\BackgroundContainer
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.cassiopessa.com/?f=7&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=
[-] [C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.cassiopessa.com/?f=1&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=&uref=chmm
[-] [C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: amfclgbdpgndipgoegfpkkgobahigbcl
[-] [C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gngocbkfmikdgphklgmmehbjjlfgdemm
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [18628 Bytes] - [10/07/2017 16:40:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [17035 Bytes] - [10/07/2017 16:33:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18776 Bytes] ##########
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by breakmydreams (Administrator) on Mon 07/10/2017 at 17:02:05.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 56 
 
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{0BE92D58-811E-441C-B9D6-6E46448BDF3D} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{15A14874-D85B-4EF1-8C16-DADE007DD883} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{1CD37AAD-2707-4FCC-9DED-45E7F0FD65EF} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{1D9EFC97-A1E6-4054-8CD8-5E5AFBE49817} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{25FFE229-293E-48E5-986B-2B3F6F8F0B25} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{3294A359-09B2-4E83-AC4D-3B152C3F912D} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{33CCC4F1-75FF-4869-BB03-18613699E556} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{3A17B305-E5B1-486A-802D-2808A06B36E3} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{3B20EDEE-E2C6-431A-BCDD-B98157EA7A41} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{424A77A9-0FC2-4828-8B1E-EB3F6AC81468} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{43FEBBD5-6C50-4141-8FA7-84D4A8EA3EC1} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{53579E87-621D-4B93-8156-CA79E37EEFED} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{706484C0-F3EE-4C67-BBDB-B8BCA615E0C1} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{70875146-DEE7-453E-BAE4-26940D2F9B8B} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{8A9F065B-F5FB-4B60-98F3-A9A2D8DC31A7} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{8C7E6FF8-1555-448A-B11B-0419C62A5E1E} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{933C76B8-CC3C-450D-B1C2-8FE769B85EAA} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{9844DB67-F6DA-442E-AB9D-2665FF1D3929} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{A2B2BD10-A4D2-4916-828E-69A4C7D08DFE} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{C1255FD7-8F7A-4CA7-8281-A64D37C55202} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{D69561A2-4034-4690-872C-E54E354B8443} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{E1A62B19-E2FD-420E-80F1-6E2931029723} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{E7F393A3-577C-4A2B-A19C-B3AA96BD37C6} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{FA48A3B8-561C-431C-9355-C05A5343A602} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\{FFF17D88-4BB5-4D35-9300-64A6691530BF} (Empty Folder)
Successfully deleted: C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm (Folder) 
Successfully deleted: C:\Users\breakmydreams\AppData\Roaming\Mozilla\Firefox\Profiles\3uictqyy.default-1444867216056\extensions\[email protected] (File) 
Successfully deleted: C:\Users\Public\Desktop\play more great games!.url (Shortcut) 
Successfully deleted: C:\windows\couponprinter.ocx (File) 
Successfully deleted: C:\windows\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\GUT63C2.tmp (File) 
Successfully deleted: C:\Users\breakmydreams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RIY9UN9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\breakmydreams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJJ8MYOT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\breakmydreams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZ3F2D9F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\breakmydreams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y285NUC3 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RIY9UN9 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJJ8MYOT (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZ3F2D9F (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y285NUC3 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\SysWOW64\sho24C2.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho346C.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho3B5D.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho4B44.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho4E07.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho5304.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho7301.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho90CB.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoAFB.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoB5.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoB81B.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoC445.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoCA13.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoD42E.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoD58E.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoDCA3.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoF700.tmp (File) 
 
Deleted the following from C:\Users\breakmydreams\AppData\Roaming\Mozilla\Firefox\Profiles\3uictqyy.default-1444867216056\prefs.js
user_pref(browser.newtab.url, hxxp://search.swagbucks.com/?f=51);
user_pref(browser.startup.homepage, hxxp://search.swagbucks.com/?f=51);
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_FD07B0A0FFFA35A1E1B5AFB70C1EB3FA (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A4C2B741-E69A-4C2E-AAB1-C38D8163E40B} (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/10/2017 at 17:10:18.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

It's all junk that gets accumulated over time, nothing too serious but junk files non the less.

I see that you have regular malwarebytes installed (Malwarebytes Anti Malware)

Could you run a scan with that too.

Things are looking better here...

Thanks
Joe :)
  • 0

#22
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Hello,

It's all junk that gets accumulated over time, nothing too serious but junk files non the less.

I see that you have regular malwarebytes installed (Malwarebytes Anti Malware)

Could you run a scan with that too.

Things are looking better here...

Thanks
Joe :)

 

Yes I do have malwarebytes and will run a scan :) 

 

So, what does this mean from when the adw ran??? 

Is it a good thing it deleted those things and cleared them??? 

 

Christa 

 

*************************

 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
 


  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Yes its a very good thing thing adw cleaned and deleted those items.

Thanks
Joe :)
  • 0

#24
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

The malware bytes scan that I just ran didn't find anything today on laptop #2 unlike what it found the day you started helping me with it, so that is a good thing right? It didn't give me anything to post on here since it didn't find anything. However, if there is a way to show what the scan ran through and then share it on here for you to verify, then let me know. Also, let me know if you what to see what all it found on the day you started helping me with it. 

 

 

After we fix laptop #2 can you help me with one more computer??? 


  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

That's good Malwarebytes did not find anything.
 

Also, let me know if you what to see what all it found on the day you started helping me with it.

Yes. I'd like to see that.

Next lets check to make sure nothing is left

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

After we fix laptop #2 can you help me with one more computer???

Yes I can.
  • 0

Advertisements


#26
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Hello,

That's good Malwarebytes did not find anything.
 

Also, let me know if you what to see what all it found on the day you started helping me with it.

Yes. I'd like to see that.

Next lets check to make sure nothing is left

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

After we fix laptop #2 can you help me with one more computer???

Yes I can.

 

 

Will be sure to get both things shared with you. Going to get to that now hopefully while I'm busy trying to get other things done around the house today. Trying to be productive today :) Also, thank you for helping me out so much :) It means alot!!! 


Edited by breakmydreams, 12 July 2017 - 03:44 PM.

  • 0

#27
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Here are the Maleware scan logs from the day you started helping me with laptop #2 to today's that you had me run. Hope it helps out. Also, working on getting you the new scan logs for the FRST scan again still. That will be in my next reply. Hope that is ok? 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 7/4/2017 9:01 PM, SYSTEM, HANSONNUTT, Protection, Malware Protection, Starting, 
Protection, 7/4/2017 9:01 PM, SYSTEM, HANSONNUTT, Protection, Malware Protection, Started, 
 
(end)
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 7/5/2017 4:43 AM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Update, 7/5/2017 4:43 AM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Error, 7/5/2017 9:07 AM, SYSTEM, HANSONNUTT, Scan, SDKDatabaseLoadDefaults failed with code: 20021, 20021, 
Update, 7/5/2017 9:07 AM, SYSTEM, HANSONNUTT, Scheduler, Failed, Unable to access update server, 
Update, 7/5/2017 11:23 AM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Update, 7/5/2017 11:25 AM, SYSTEM, HANSONNUTT, Manual, Failed, No Internet connection detected, 
Update, 7/5/2017 11:26 AM, SYSTEM, HANSONNUTT, Scheduler, Failed, Unable to access update server, 
Protection, 7/5/2017 11:29 AM, SYSTEM, HANSONNUTT, Protection, Malware Protection, Starting, 
Protection, 7/5/2017 11:29 AM, SYSTEM, HANSONNUTT, Protection, Malware Protection, Started, 
Update, 7/5/2017 1:34 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Update, 7/5/2017 1:37 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, Unable to access update server, 
Update, 7/5/2017 1:54 PM, SYSTEM, HANSONNUTT, Manual, Failed, No Internet connection detected, 
Error, 7/5/2017 1:54 PM, SYSTEM, HANSONNUTT, Scan, SDKDatabaseLoadDefaults failed with code: 20021, 20021, 
Update, 7/5/2017 1:55 PM, SYSTEM, HANSONNUTT, Manual, Failed, No Internet connection detected, 
Error, 7/5/2017 1:55 PM, SYSTEM, HANSONNUTT, Scan, SDKDatabaseLoadDefaults failed with code: 20021, 20021, 
Update, 7/5/2017 2:01 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Update, 7/5/2017 2:04 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, Unable to access update server, 
Update, 7/5/2017 2:56 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Update, 7/5/2017 2:59 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, Unable to access update server, 
Update, 7/5/2017 3:09 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Update, 7/5/2017 3:12 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, Unable to access update server, 
Update, 7/5/2017 4:48 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Update, 7/5/2017 4:51 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, Unable to access update server, 
Update, 7/5/2017 5:02 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Update, 7/5/2017 5:05 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, Unable to access update server, 
Update, 7/5/2017 5:46 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, No Internet connection detected, 
Update, 7/5/2017 5:49 PM, SYSTEM, HANSONNUTT, Scheduler, Failed, Unable to access update server, 
Error, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Update, Bad md5 or size: swissarmy, 11, 
Error, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Update, Bad md5 or size: actions, 11, 
Error, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Update, Bad md5 or size: domains, 11, 
Error, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Update, Bad md5 or size: ips, 11, 
Error, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Update, Bad md5 or size: akadomains, 11, 
Error, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Update, Bad md5 or size: akaips, 11, 
Update, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Scheduler, AKA IP Database, 0.0.0.0, 2015.9.11.2, 
Update, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Scheduler, Remediation Database, 0.0.0.0, 2017.6.16.1, 
Update, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Scheduler, IP Database, 0.0.0.0, 2017.7.5.2, 
Update, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Scheduler, Rootkit Database, 0.0.0.0, 2017.5.27.1, 
Update, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Scheduler, AKA Domain Database, 0.0.0.0, 2015.9.11.2, 
Update, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Scheduler, Domain Database, 0.0.0.0, 2017.7.5.6, 
Update, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Scheduler, Malware Database, 0.0.0.0, 2017.7.5.6, 
Protection, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Protection, Refresh, Starting, 
Protection, 7/5/2017 6:13 PM, SYSTEM, HANSONNUTT, Protection, Refresh, Success, 
Error, 7/5/2017 6:18 PM, SYSTEM, HANSONNUTT, Update, Bad md5 or size: actions, 11, 
Error, 7/5/2017 6:18 PM, SYSTEM, HANSONNUTT, Update, Bad md5 or size: ips, 11, 
Update, 7/5/2017 6:18 PM, SYSTEM, HANSONNUTT, Scheduler, Remediation Database, 2016.5.6.1, 2017.6.16.1, 
Update, 7/5/2017 6:18 PM, SYSTEM, HANSONNUTT, Scheduler, IP Database, 2016.5.8.1, 2017.7.5.2, 
Protection, 7/5/2017 6:18 PM, SYSTEM, HANSONNUTT, Protection, Refresh, Starting, 
Protection, 7/5/2017 6:19 PM, SYSTEM, HANSONNUTT, Protection, Refresh, Success, 
Protection, 7/5/2017 6:19 PM, SYSTEM, HANSONNUTT, Protection, Malicious Website Protection, Starting, 
Protection, 7/5/2017 6:21 PM, SYSTEM, HANSONNUTT, Protection, Malicious Website Protection, Started, 
Protection, 7/5/2017 6:49 PM, SYSTEM, HANSONNUTT, Protection, Malicious Website Protection, Stopping, 
Protection, 7/5/2017 6:49 PM, SYSTEM, HANSONNUTT, Protection, Malicious Website Protection, Stopped, 
Protection, 7/5/2017 6:49 PM, SYSTEM, HANSONNUTT, Protection, Malware Protection, Stopping, 
Protection, 7/5/2017 6:50 PM, SYSTEM, HANSONNUTT, Protection, Malware Protection, Stopped, 
Scan, 7/5/2017 7:08 PM, SYSTEM, HANSONNUTT, Manual, Start:7/5/2017 6:32 PM, Duration:35 min 49 sec, Threat Scan, Completed, 2 Malware Detections, 23 Non-Malware Detections, 
 
(end)
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/5/2017
Scan Time: 6:32 PM
Logfile: July 5th Scan Log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.07.05.06
Rootkit Database: v2017.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: breakmydreams
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283012
Time Elapsed: 35 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{08FA7ADD-0777-4C77-AE77-67FE4F4999C0}, Delete-on-Reboot, [beecf56d446590a6abdcc930c73a03fd], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{092E969D-ABC8-4653-8B64-78CBA9E1D57E}, Delete-on-Reboot, [cddd045ec8e1290d2265db1ee41d47b9], 
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EC0BCB3F-60C1-4899-AFCE-EDE987CEA869}, Delete-on-Reboot, [5c4e87db1f8ac3738c0e96927291fd03], 
Adware.BrowseFox, HKLM\SOFTWARE\WOW6432NODE\BrowseFox, Quarantined, [43673d254d5c83b396092d74897702fe], 
PUP.Optional.SysTweak, HKLM\SOFTWARE\WOW6432NODE\Systweak, Quarantined, [e2c86002baef122446d9a68cf70909f7], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\cltmng_RASAPI32, Quarantined, [a10952102d7c41f53c8eaaccec161de3], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\cltmng_RASMANCS, Quarantined, [357586dc189116203991670fcd35cd33], 
PUP.Optional.SysTweak, HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Systweak, Quarantined, [4f5b8bd7cadf55e1a91fdb58d0304eb2], 
 
Registry Values: 4
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{08FA7ADD-0777-4C77-AE77-67FE4F4999C0}|Path, \ProPCCleaner_Popup, Delete-on-Reboot, [beecf56d446590a6abdcc930c73a03fd]
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{092E969D-ABC8-4653-8B64-78CBA9E1D57E}|Path, \ProPCCleaner_Start, Delete-on-Reboot, [cddd045ec8e1290d2265db1ee41d47b9]
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EC0BCB3F-60C1-4899-AFCE-EDE987CEA869}|Path, \BackgroundContainer Startup Task, Delete-on-Reboot, [5c4e87db1f8ac3738c0e96927291fd03]
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|LyricsSay-1-bg.exe, 8000, Quarantined, [27835b07951437ffa1d17bb29c67ce32]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 8
PUP.Optional.SysTweak, C:\Users\breakmydreams\AppData\Roaming\Systweak, Quarantined, [2981045eedbc61d5fb0dc57242be46ba], 
PUP.Optional.SysTweak, C:\Users\breakmydreams\AppData\Roaming\Systweak\BeforeUninstall, Quarantined, [2981045eedbc61d5fb0dc57242be46ba], 
PUP.Optional.SearchProtect, C:\SearchProtect, Quarantined, [8a20c89a595039fda13bc8abc7396d93], 
PUP.Optional.SearchProtect, C:\SearchProtect\ffprotect, Quarantined, [8a20c89a595039fda13bc8abc7396d93], 
PUP.Optional.Conduit, C:\Users\breakmydreams\AppData\LocalLow\Conduit, Quarantined, [7b2facb636739b9b5da3cba4e022bf41], 
PUP.Optional.Conduit, C:\Users\breakmydreams\AppData\LocalLow\Conduit\Community Alerts, Quarantined, [7b2facb636739b9b5da3cba4e022bf41], 
PUP.Optional.Conduit, C:\Users\breakmydreams\AppData\LocalLow\Conduit\Community Alerts\Dialogs, Quarantined, [7b2facb636739b9b5da3cba4e022bf41], 
PUP.Optional.Conduit, C:\Users\breakmydreams\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog, Quarantined, [7b2facb636739b9b5da3cba4e022bf41], 
 
Files: 5
Adware.RelevantKnowledge, C:\Users\breakmydreams\Downloads\PRSetup.exe, Quarantined, [2b7fcd95b1f803333850e16eb14fe719], 
PUP.Optional.Conduit, C:\Users\breakmydreams\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js, Quarantined, [7b2facb636739b9b5da3cba4e022bf41], 
PUP.Optional.Conduit, C:\Users\breakmydreams\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc, Quarantined, [7b2facb636739b9b5da3cba4e022bf41], 
PUP.Optional.Conduit, C:\Users\breakmydreams\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js, Quarantined, [7b2facb636739b9b5da3cba4e022bf41], 
PUP.Optional.Conduit, C:\Users\breakmydreams\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js, Quarantined, [7b2facb636739b9b5da3cba4e022bf41], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 7/12/2017 1:50 PM, SYSTEM, HANSONNUTT, Manual, Failed, No Internet connection detected, 
Scan, 7/12/2017 2:30 PM, SYSTEM, HANSONNUTT, Manual, Start:7/12/2017 1:50 PM, Duration:40 min 21 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/12/2017
Scan Time: 1:50 PM
Logfile: July 12th Scan log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.07.05.06
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: breakmydreams
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280326
Time Elapsed: 40 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 

 


  • 0

#28
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Can you see what is stopping my Disk Defrag from being able to open and run with this?? If so, can we work on fixing that as well please?? Thank you. 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
Ran by breakmydreams (administrator) on HANSONNUTT (13-07-2017 14:21:16)
Running from C:\Users\breakmydreams\Desktop
Loaded Profiles: breakmydreams (Available Profiles: breakmydreams)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\windows\System32\atiesrxx.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\NielsenOnline64.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\windows\System32\wbem\WMIADAP.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [194400 2016-03-03] (The Nielsen Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23743808 2016-05-04] (Dropbox, Inc.)
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\MountPoints2: {c1d8d66d-0f6c-11e3-b96b-00266c08a449} - G:\windows\AutoRun.exe {430A8AE3-8898-4DAB-8C5B-5E8ADA7D571E} 3.0.0.02 VID_19D2&PID_0358 {9B00E99F-83A4-40d4-B987-7EB04F722BB7}
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\breakmydreams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-07-10]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{63C4EE6D-8FF2-47D1-A936-3E88325F2848}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{D3814425-7DAD-4CAF-9D53-DB5F7D0F323B}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {18C3FD15-74F6-4280-9C98-3590C966B7B8} hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: HKLM-x32 {2C153C75-8476-434B-B3C3-57B63A3D1939} hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: HKLM-x32 {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: HKLM-x32 {483EB14D-AF1C-4951-81B0-4E2B41829FF6} hxxps://assess.shlonline.com/cabs/QOLCheck.ocx
DPF: HKLM-x32 {555F1BBC-6EC2-474F-84AF-633EF097FF54} hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: HKLM-x32 {61900274-3323-4446-BDCD-91548D32AF1B} hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: HKLM-x32 {62969CF2-0F7A-433B-A221-FD8818C06C2F} hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: HKLM-x32 {95A311CD-EC8E-452A-BCEC-B844EB616D03} hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: HKLM-x32 {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: HKLM-x32 {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: HKLM-x32 {BB637307-92FA-47EC-B3F7-6969078673CC} hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: HKLM-x32 {C5326A4D-E9AA-40AD-A09A-E74304D86B47} hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: HKLM-x32 {C82BB209-F528-46F9-96D5-69DEF7260916} hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: HKLM-x32 {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: HKLM-x32 {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: HKLM-x32 {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
 
FireFox:
========
FF ProfilePath: C:\Users\breakmydreams\AppData\Roaming\Mozilla\Firefox\Profiles\3uictqyy.default-1444867216056 [2017-07-06]
FF Extension: (Qmee) - C:\Users\breakmydreams\AppData\Roaming\Mozilla\Firefox\Profiles\3uictqyy.default-1444867216056\Extensions\[email protected] [2016-01-05]
FF Extension: (No Name) - C:\Users\breakmydreams\AppData\Roaming\Mozilla\Firefox\Profiles\3uictqyy.default-1444867216056\extensions\[email protected] [not found]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\[email protected]
FF Extension: (Nielsen NetSight) - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\[email protected] [2017-07-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin64.dll [2014-11-03] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-19] (Pando Networks)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-05] (Google Inc.)
FF Plugin-x32: @worldwinner.com/Launcher2,version=1.10.0.25 -> C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2011-03-17] (WorldWinner.com, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\breakmydreams\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\breakmydreams\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-19] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-19] (Pando Networks)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/?pc=U162&form=U162HP
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=U162&form=U162HP","hxxp://www.cassiopessa.com/?f=7&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=","hxxp://www.cassiopessa.com/?f=1&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=&uref=chmm"
CHR Profile: C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Nielsen NetSight) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgmmbefnahabhcchpfkobeindpppflc [2017-07-05]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-07-07]
CHR Extension: (Savings Alerts) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflpeapppfijfecjmibidlnfggdifmic [2017-07-05]
CHR Extension: (Screenwise Meter) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2017-07-05]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2017-07-05]
CHR Extension: (OneStopGPT) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahagolkpaghhinaljhjihagjgomdokb [2014-03-10] [UpdateUrl: hxxps://s3.amazonaws.com/com.alexa.toolbar/autoupdate/atbpg/update.xml] <==== ATTENTION
CHR Extension: (Klout) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2015-07-12]
CHR Extension: (Skype) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-05]
CHR Extension: (Qmee) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-07-05]
CHR Extension: (MyPoints Score) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2017-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-05]
CHR Extension: (Chrome Media Router) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-07]
CHR HKLM\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2178555272-1815042791-136943586-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iahagolkpaghhinaljhjihagjgomdokb] - C:\Users\breakmydreams\AppData\Local\Alexa\atbpg-SmCPIj-1.3.crx [2014-01-10]
CHR HKLM-x32\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-11] (Dropbox, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [3170144 2016-03-03] (The Nielsen Company)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\appobserver64.sys [15200 2016-03-03] (The Nielsen Company)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2017-07-06] (Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\nnfwdk64.sys [26464 2016-03-03] (The Nielsen Company)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R1 VBoxNetAdp; C:\windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-13 14:21 - 2017-07-13 14:22 - 00021934 _____ C:\Users\breakmydreams\Desktop\FRST.txt
2017-07-12 19:30 - 2017-07-12 19:30 - 00001072 _____ C:\July 12th Scan log.txt
2017-07-12 19:30 - 2017-07-12 19:30 - 00000334 _____ C:\July 12th Protection log.txt
2017-07-12 19:29 - 2017-07-12 19:29 - 00005435 _____ C:\July 5th Protection Log.txt
2017-07-12 19:29 - 2017-07-12 19:29 - 00004885 _____ C:\July 5th Scan Log.txt
2017-07-12 19:28 - 2017-07-12 19:28 - 00000247 _____ C:\July 4th 2017 Protection log.txt
2017-07-10 17:10 - 2017-07-10 17:10 - 00007184 _____ C:\Users\breakmydreams\Desktop\JRT.txt
2017-07-10 16:28 - 2017-07-10 16:51 - 00000000 ____D C:\AdwCleaner
2017-07-10 16:27 - 2017-07-10 16:26 - 01663672 _____ (Malwarebytes) C:\Users\breakmydreams\Desktop\JRT.exe
2017-07-10 16:27 - 2017-07-10 16:21 - 04110280 _____ C:\Users\breakmydreams\Desktop\adwcleaner_6.047.exe
2017-07-06 18:04 - 2017-07-07 16:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-06 17:51 - 2017-07-07 16:41 - 00000000 ____D C:\Users\breakmydreams\Desktop\mbar
2017-07-06 17:50 - 2017-07-06 17:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\breakmydreams\Desktop\mbar-1.09.3.1001.exe
2017-07-06 13:44 - 2017-07-06 13:44 - 00000000 ____D C:\Users\breakmydreams\AppData\Roaming\Google
2017-07-06 13:36 - 2017-07-06 13:40 - 00024946 _____ C:\Users\breakmydreams\Desktop\Fixlog.txt
2017-07-05 19:51 - 2017-07-05 19:55 - 00050408 _____ C:\Users\breakmydreams\Downloads\Addition.txt
2017-07-05 19:48 - 2017-07-05 19:55 - 00034937 _____ C:\Users\breakmydreams\Downloads\FRST.txt
2017-07-05 19:46 - 2017-07-13 14:21 - 00000000 ____D C:\FRST
2017-07-05 19:45 - 2017-07-13 14:10 - 02435584 _____ (Farbar) C:\Users\breakmydreams\Desktop\FRST64.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-13 14:21 - 2009-07-14 01:13 - 00006502 _____ C:\windows\system32\PerfStringBackup.INI
2017-07-13 14:17 - 2016-02-11 18:09 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-07-13 14:16 - 2012-04-24 22:36 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-07-12 19:26 - 2014-06-28 10:37 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 19:22 - 2016-02-11 18:08 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-07-12 13:53 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 13:53 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-10 16:49 - 2014-10-30 15:46 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-10 16:45 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-07-10 16:38 - 2012-04-24 22:29 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-07-10 16:37 - 2012-04-24 22:36 - 00000000 ____D C:\Users\breakmydreams\AppData\LocalLow\Yahoo!
2017-07-07 16:25 - 2015-04-05 06:57 - 00000000 ___SD C:\windows\SysWOW64\GWX
2017-07-07 16:25 - 2015-04-05 06:57 - 00000000 ___SD C:\windows\system32\GWX
2017-07-07 16:24 - 2012-05-19 16:41 - 00002155 _____ C:\windows\epplauncher.mif
2017-07-07 16:24 - 2012-05-19 16:40 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-07-07 16:24 - 2012-05-19 16:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-07-07 16:23 - 2012-05-19 16:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-07-07 16:22 - 2014-12-10 20:24 - 00000000 ____D C:\windows\system32\appraiser
2017-07-06 17:51 - 2014-06-28 10:36 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2017-07-06 13:44 - 2014-02-22 13:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-06 13:40 - 2012-04-19 16:06 - 00000000 ____D C:\Users\breakmydreams\AppData\LocalLow\Temp
2017-07-06 13:38 - 2012-04-18 22:08 - 00000000 ____D C:\Users\breakmydreams
2017-07-06 13:34 - 2012-02-25 09:44 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-05 19:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2017-07-05 19:08 - 2012-02-25 09:44 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-05 19:08 - 2012-02-25 09:44 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-05 19:04 - 2016-02-11 18:09 - 00003918 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-07-05 19:04 - 2016-02-11 18:08 - 00003666 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-07-04 22:07 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
 
==================== Files in the root of some directories =======
 
2013-03-06 01:03 - 2012-09-21 05:29 - 0196608 _____ () C:\Users\breakmydreams\AppData\Local\common_functions.dll
2012-09-21 05:29 - 2012-09-21 05:29 - 0114688 _____ () C:\Users\breakmydreams\AppData\Local\ie_runner_app.exe
2013-03-06 01:03 - 2012-06-26 06:59 - 0940544 _____ (Apache Software Foundation) C:\Users\breakmydreams\AppData\Local\log4cxx.dll
2015-08-25 23:41 - 2015-08-25 23:41 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-01-23 08:21
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by breakmydreams (13-07-2017 14:24:02)
Running from C:\Users\breakmydreams\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-19 02:08:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2178555272-1815042791-136943586-500 - Administrator - Disabled)
breakmydreams (S-1-5-21-2178555272-1815042791-136943586-1001 - Administrator - Enabled) => C:\Users\breakmydreams
Guest (S-1-5-21-2178555272-1815042791-136943586-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2178555272-1815042791-136943586-1008 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.19.34 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.61.1 - Dropbox, Inc.) Hidden
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Firefly Online Cortex (HKLM-x32\...\Steam App 343750) (Version:  - Spark Plug Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
iSpQ VideoChat 9 (HKLM-x32\...\{A03E40E6-5395-46FC-A128-6997FC9D7080}) (Version: 9.1.25 - nanoCom Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Nielsen (HKLM-x32\...\NetSight) (Version:  - )
Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype Web Plugin (HKLM-x32\...\{15AF46DB-9EBA-4662-AA52-29EF23585035}) (Version: 3.2.0.23388 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SwagButton (HKLM-x32\...\{7967795F-ADBE-477F-8777-AF6195210D2B}) (Version: 167.0.107 - Prodege)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.44109 - TeamViewer)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WorldWinner Games (HKLM-x32\...\{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}) (Version: 1.10.0.25 - WorldWinner.com, Inc.)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version:  - PopCap Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-04] (Dropbox, Inc.)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-04] (Dropbox, Inc.)
ContextMenuHandlers01: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers01: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers01: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers02: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2015-10-05] (Malwarebytes)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-04] (Dropbox, Inc.)
ContextMenuHandlers04: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-06-08] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-04] (Dropbox, Inc.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2015-10-05] (Malwarebytes)
ContextMenuHandlers06: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers06: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10295993-B5CF-4E7B-8BCD-A7B059CA6EF1} - System32\Tasks\{45F4F7F7-8066-40B5-A10D-DB16E710B817} => C:\Users\breakmydreams\Documents\MapleStory\MapleStorySetupV151.exe
Task: {368AFE89-DCB8-4692-8B3B-38E911DF4503} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {451E0786-11FD-4F89-88C7-AE517EF60174} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {519B7C82-5BFD-4200-BDD3-FE5C77A008D7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-11] (Dropbox, Inc.)
Task: {54B09701-C83A-4066-A9CF-2025C2C5C53C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {64DDCDD2-C577-4DCC-9BA5-1987CFB7B181} - System32\Tasks\{5432D8DA-BFCC-454E-83F8-E822B2191864} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-05-18] (Blizzard North)
Task: {7A7A551C-16BF-408A-A17E-CF5D4C10D5CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8F72254D-B3FC-45EC-8A8F-4D558A0F1A87} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {98E1924F-96FE-48CB-9BF5-44306D1B4CF0} - System32\Tasks\{19121881-E303-4594-9947-4BCEB8C7513C} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-05-18] (Blizzard North)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\windows\system32\srtasks.exe
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\windows\System32\LocationNotificationWindows.exe
Task: {B5EBE78B-DE8F-4953-9358-4B84AF2194E1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {BD82E19D-148A-44AA-95E6-9E13E5AA1AE3} - System32\Tasks\{EE8A8259-326C-451C-999E-A40DF7183AA3} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-05-18] (Blizzard North)
Task: {BEA72C03-771C-4E95-A7FE-D49A10529E23} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {C654A81A-6872-441B-8381-8EAF74CBCABE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-11] (Dropbox, Inc.)
Task: {D3868BD1-B97E-45D2-A262-DE8B3DA9498D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2178555272-1815042791-136943586-1001
Task: {DDED528F-F43C-4667-BB63-A1E95547F1C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E8ADC78E-B21E-4E2B-913B-EC9D984524AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {F1990D08-226D-494E-93DC-396EFDA77788} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {F75EF8F4-EFEB-4880-994A-CF56EB2AE5B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-11-18 21:18 - 2010-11-18 21:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2014-08-28 12:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-28 12:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-28 12:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-25 12:44 - 2016-03-03 10:21 - 00791392 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
2016-04-12 14:01 - 2016-03-03 10:17 - 00791392 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\communication.dll
2016-04-12 14:01 - 2016-03-03 10:17 - 00183136 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\npsp1.dll
2016-04-12 14:01 - 2016-03-03 10:17 - 00252256 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\npwmi.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2178555272-1815042791-136943586-1001\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-07-05 17:00 - 00450892 ____R C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com
 
There are 15464 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2178555272-1815042791-136943586-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\breakmydreams\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NielsenOnline => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A75294BF-6D28-4190-9F30-9486B0656966}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D09F841C-3ED7-4C01-9C4F-C0D9B114F558}] => (Allow) LPort=2869
FirewallRules: [{43FD5422-C754-41E9-80F0-F7306695CD76}] => (Allow) LPort=1900
FirewallRules: [{18E36171-96E6-486F-BF4E-777316285C52}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3C8ED9E3-A07F-4BF8-8452-E16E2B3ACD0F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{6456AFDB-4290-4254-8265-5B7759FCC094}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{159DAE23-93B7-410E-A322-317D0060FE5C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E3C3F4D8-65CE-49C2-8BCE-51E1AB67B982}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A5323A45-B96A-4E79-9667-8D8E2F5DFF3B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7D09C87E-E4B8-4E27-879A-565DB476E2E3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D71C8364-87C2-4051-936D-299C4F19C286}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8340C004-18D4-4414-9871-A8E2461939E4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{ABC655AB-D160-4C23-ADDF-55490663256E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3EF08668-23E2-4589-BF2C-D3A2774F148B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{047506A7-3849-43A2-98DB-DCA89A4B869C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{96CA532F-0995-45F5-9146-9FA7928B306D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{22725756-734A-42F8-A2B5-F8B334137F86}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B4718761-2FEF-4F5B-A509-87E28D5F34AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FireflyOnlineCortex\FireflyCortex.exe
FirewallRules: [{B339AB6A-D974-436D-888D-CA4C20858653}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FireflyOnlineCortex\FireflyCortex.exe
FirewallRules: [{2948D0D1-E136-4C8C-93EC-AC2D08F68D27}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\SkypeWebPlugin.exe
FirewallRules: [{C0346D53-A8EB-488E-8E18-CB03FFCC398D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{69D0E40F-921E-4A8F-9289-01EA93643109}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{32C20140-73F5-4B24-ACDA-54BC15922DAC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{E0906B54-0810-4D99-97D2-678A2660D0D7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{4D261E4E-7B4A-4DA3-AFB0-9C3478BF20C7}C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe] => (Allow) C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe
FirewallRules: [UDP Query User{240E493B-02FE-4E26-A384-0208F12257A3}C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe] => (Allow) C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe
FirewallRules: [{CEC0EF4E-9A9D-4B3C-9BBE-7F1A1F0CBD83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90496004-87A5-4CDE-9461-1399B6C75B1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CAE4574-7455-4622-87C5-3527869C3070}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{AB37E0E9-2CF2-45B6-A0A0-8133C9C9EB1B}] => (Allow) LPort=5357
FirewallRules: [{1336BF40-D205-4F7B-864D-9C0CBEC771DA}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B3706DC5-81DF-4DBB-85BD-821A48579443}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{69434080-33AD-48C3-ACB3-46273988541A}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{D605537C-F814-4A99-8852-857901CE69A6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{228FDAD0-749B-403F-B40A-AF76BCD044EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
07-05-2016 08:30:18 Windows Update
07-05-2016 17:59:52 Windows Update
09-05-2016 23:03:06 Removed iSpQ VideoChat 9
09-05-2016 23:25:53 Windows Update
31-12-2016 13:40:38 Windows Backup
01-01-2017 23:28:28 Restore Operation
05-07-2017 18:26:42 Windows Update
06-07-2017 13:36:24 Restore Point Created by FRST
07-07-2017 16:20:11 Windows Update
10-07-2017 17:02:10 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2017 02:21:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (07/13/2017 02:21:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (07/13/2017 02:19:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (07/13/2017 02:19:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (07/12/2017 07:34:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (07/12/2017 07:34:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (07/12/2017 07:23:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (07/12/2017 07:23:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (07/12/2017 01:49:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (07/12/2017 01:49:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (07/12/2017 07:33:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.
 
Error: (07/12/2017 07:32:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 117.2.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.13804.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (07/12/2017 07:32:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.516.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (07/12/2017 07:32:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.516.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (07/12/2017 07:32:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.516.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x8024402c
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (07/12/2017 07:29:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 117.2.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.13804.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (07/12/2017 07:29:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.516.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (07/12/2017 07:29:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.516.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (07/12/2017 07:29:48 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.516.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x8024402c
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (07/12/2017 02:05:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 117.2.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.13804.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 2662.87 MB
Available physical RAM: 1559.72 MB
Total Virtual: 5323.92 MB
Available Virtual: 3781.27 MB
 
==================== Drives ================================
 
Drive c: (TI106302W0C) (Fixed) (Total:282.92 GB) (Free:126.11 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 20C94C86)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)
 
==================== End of Addition.txt ============================
 

  • 0

#29
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts

Can you see what is stopping my Disk Defrag from being able to open

Do you get any error when trying to open Disc defrag ?

Programs to uninstall
Java 8 Update 31
Pando Media Booster

Old versions of Java are an infection risk. It's now recommended not to install Java at all. Unless you know you absolutely need it.

Next
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
FF Extension: (No Name) - C:\Users\breakmydreams\AppData\Roaming\Mozilla\Firefox\Profiles\3uictqyy.default-1444867216056\extensions\[email protected] [not found]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-19] (Pando Networks)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-19] (Pando Networks)
FF Plugin HKU\S-1-5-21-2178555272-1815042791-136943586-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll [No File]
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=U162&form=U162HP","hxxp://www.cassiopessa.com/?f=7&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=","hxxp://www.cassiopessa.com/?f=1&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=&uref=chmm"
CHR Extension: (OneStopGPT) - C:\Users\breakmydreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahagolkpaghhinaljhjihagjgomdokb [2014-03-10] [UpdateUrl: hxxps://s3.amazonaws.com/com.alexa.toolbar/autoupdate/atbpg/update.xml] <==== ATTENTION
FirewallRules: [{A5323A45-B96A-4E79-9667-8D8E2F5DFF3B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7D09C87E-E4B8-4E27-879A-565DB476E2E3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D71C8364-87C2-4051-936D-299C4F19C286}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8340C004-18D4-4414-9871-A8E2461939E4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{ABC655AB-D160-4C23-ADDF-55490663256E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
Task: {DDED528F-F43C-4667-BB63-A1E95547F1C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next reset browsers
https://www.howtogee...fault-settings/
  • 0

#30
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

 

Can you see what is stopping my Disk Defrag from being able to open

Do you get any error when trying to open Disc defrag ?


 

 

Yes I will take a screen shot and show you what shows up for it. 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP