Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dealsfinderpro


  • This topic is locked This topic is locked
26 replies to this topic

#1 omurchu

omurchu

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 18 October 2014 - 06:00 PM

Bought my son a new laptop for college - now find out he had no anti-virus running (aren't they all supposed to be tech savvy?!!). the machine is now infected with Dealsfinderpro (and possibly other stuff). Have looked at some posts on this problem here but want to start at the beginning to clean up this machine.

 

Your help is appreciated.

 

Frank



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 19 October 2014 - 05:53 AM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 omurchu

omurchu
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 19 October 2014 - 08:30 AM

Hi Pystryker

 

Have read through the above - here's the problem.

 

On opening Chrome, after a certain length of time (maybe 2 or 3 minutes) a pop-up appears with a message about a Java update. Closing the pop-up leads to a "Java" Download page. So I'm not sure  I have the time to follow the instructions before this malware becomes active.

 

Can I download to another laptop and install  Farbar Recovery Scan Tool onto the infected laptop?

 

Thanks,

Frank



#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 19 October 2014 - 09:18 AM

Can I download to another laptop and install Farbar Recovery Scan Tool onto the infected laptop?


Yes, you can use a usb to transfer it, but download this program to the clean laptop. It will protect the clean laptop in case we have to use the usb again to transfer files back and forth.

Install this program and then run Farbar's, post the logs, and we'll start showing the unwelcome guests the door. :thumbsup2:


Download MCShield to your desktop and install
  • It will initially run a scan and show the result as a toaster by the system clock.
  • Then in the control center select Scanner and tick unhide items on flash drives.
mcshieldunhide_zps00a3e64b.jpg
  • Plug in the drive and McShield will start a scan
  • Then get the log which will be here :
  • Start > all programs > MCShield > logs > all scans
And post that in your next reply.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 omurchu

omurchu
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 19 October 2014 - 09:42 AM

Just to be 100% clear:

First install MCShield on clean laptop and and scan it as above and post that log?

 

Then proceed to download Farbar to clean laptop and transfer to infected laptop with USB?

 

Or is MCShield to be installed on infected machine?

 

Frank



#6 omurchu

omurchu
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 19 October 2014 - 10:25 AM

Results of MCShield scan of clean laptop:

 

 

>>> MCShield AllScans.txt <<<
 
-----------------------------
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.10.12.1 / Windows 7 <<<
 
 
19/10/2014 16:21:28 > Drive C: - scan started (no label ~219 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
19/10/2014 16:21:32 > Drive D: - scan started (RECOVERY ~13 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
19/10/2014 16:21:34 > Drive E: - scan started (HP_TOOLS ~unknown size, FAT32 HDD )...
 
 
 
=> The drive is clean.
 
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.10.12.1 / Windows 7 <<<
 
 
19/10/2014 16:23:33 > Drive G: - scan started (KINGSTON ~14875 MB, FAT32 flash drive )...
 
 
 
=> The drive is clean.


#7 omurchu

omurchu
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 19 October 2014 - 11:22 AM

Farbar (first) scan of infected laptop:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by Stephen (administrator) on STEPHEN on 19-10-2014 17:02:13
Running from C:\Users\Stephen\Desktop
Loaded Profile: Stephen (Available profiles: Stephen)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Akamai Technologies, Inc.) C:\Users\Stephen\AppData\Local\Akamai\netsession_win.exe
(Facebook Inc.) C:\Users\Stephen\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Akamai Technologies, Inc.) C:\Users\Stephen\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-44985870-2582946011-626519790-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Stephen\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-44985870-2582946011-626519790-1002\...\Run: [Facebook Update] => C:\Users\Stephen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-15] (Facebook Inc.)
HKU\S-1-5-21-44985870-2582946011-626519790-1002\...\RunOnce: [Autodesk® AutoCAD® 2015] => C:\Autodesk\AutoCAD_2015_English_Win_32_64bit_R1_wi_en-us\Setup.exe /url "http://trial2.autodesk.com/SWDLDNET4/2015/ACD/WI/AutoCAD_2015_English_Win_32_64bit_R1_wi_en-us_Setup.exe" /SN 900-50206324 /PK (the data entry has 66 more characters).
HKU\S-1-5-21-44985870-2582946011-626519790-1002\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Stephen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> A26F0B75FD44AE74ADE98A63D842542FFC829D2A7E6F2E435F30CE1FDA403B3B
CHR DefaultSearchURL: Default -> DF2C4C95E5538229C0210071F534012E7F76312A110FDCD7866A12A2D97A6C36
CHR Profile: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-02]
CHR Extension: (Google Docs) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-02]
CHR Extension: (Google Drive) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (YouTube) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-02]
CHR Extension: (Google Search) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-02]
CHR Extension: (Google Sheets) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-02]
CHR Extension: (SASS Inspector) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkofmbmllpgfbnonmnenkiakimpgoamn [2014-10-14]
CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]
CHR Extension: (Quick start) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-10-17]
CHR Extension: (Gmail) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [488960 2014-10-17] (Fuyu LIMITED) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [273176 2014-07-18] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 17:02 - 2014-10-19 17:02 - 00022448 _____ () C:\Users\Stephen\Desktop\FRST.txt
2014-10-19 17:02 - 2014-10-19 17:02 - 00000000 ____D () C:\FRST
2014-10-19 17:00 - 2014-10-19 16:57 - 02112000 _____ (Farbar) C:\Users\Stephen\Desktop\FRST64.exe
2014-10-19 14:23 - 2014-10-19 14:24 - 00006656 ___SH () C:\Users\Stephen\Downloads\Thumbs.db
2014-10-19 14:23 - 2014-10-19 14:23 - 00008704 ___SH () C:\Users\Stephen\Documents\Thumbs.db
2014-10-17 21:58 - 2014-10-17 21:58 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-17 21:54 - 2014-10-17 21:54 - 00071536 _____ () C:\Users\Stephen\Desktop\setup.exe
2014-10-15 21:02 - 2014-10-15 21:02 - 00000344 _____ () C:\Windows\Tasks\0914avUpdateInfo.job
2014-10-15 21:02 - 2014-10-15 21:02 - 00000000 ____D () C:\ProgramData\Avg_Update_0914av
2014-10-15 20:46 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-15 20:46 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-15 20:46 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-15 20:45 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 20:45 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 20:45 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 20:45 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 20:45 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 20:26 - 2014-10-15 20:26 - 00000000 ____D () C:\Program Files (x86)\DeeaalsoFiinderPro
2014-10-15 20:20 - 2014-10-15 20:20 - 00000988 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-15 20:20 - 2014-10-15 20:20 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\TuneUp Software
2014-10-15 20:20 - 2014-10-15 20:20 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\AVG2015
2014-10-15 20:20 - 2014-10-15 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-15 20:19 - 2014-10-15 20:20 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-15 20:19 - 2014-10-15 20:19 - 00000000 ___HD () C:\$AVG
2014-10-15 20:18 - 2014-10-15 20:18 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-15 20:14 - 2014-10-19 14:14 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-15 20:14 - 2014-10-15 21:02 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Avg2015
2014-10-15 20:14 - 2014-10-15 20:14 - 00000000 ____D () C:\Users\Stephen\AppData\Local\MFAData
2014-10-15 20:11 - 2014-10-15 20:14 - 04579176 _____ (AVG Technologies) C:\Users\Stephen\Desktop\avg_free_stb_all_2015_5315_cnet.exe
2014-10-15 19:49 - 2014-09-29 23:45 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-15 19:49 - 2014-09-29 23:45 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 19:17 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 19:16 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-15 19:16 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-15 19:16 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-15 19:16 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-15 19:16 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-15 19:16 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-15 19:16 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-15 19:16 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-15 19:16 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-15 19:16 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-15 19:16 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-15 19:16 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-15 19:16 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-15 19:16 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-15 19:15 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 19:15 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 19:15 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 19:15 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 19:15 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 19:15 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 19:15 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 19:15 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 19:15 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 19:15 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 19:15 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 19:15 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 19:15 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 19:15 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 19:15 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 19:15 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 19:15 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 19:15 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 19:15 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 19:15 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 19:15 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 19:15 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 19:15 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 19:15 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 19:15 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 19:15 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 19:15 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 19:15 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 19:15 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 19:15 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 19:14 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 19:14 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 19:14 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 19:14 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 19:14 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-15 19:14 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-15 19:14 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-15 19:14 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-15 19:14 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-15 19:14 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-15 19:14 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-15 19:14 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-15 19:14 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-15 19:14 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-15 19:14 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-15 19:14 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-15 19:14 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-15 19:14 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-15 19:14 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-15 19:14 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-15 19:14 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-15 19:14 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-15 19:14 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-15 19:14 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-15 19:14 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-15 19:14 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-15 19:14 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 19:14 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-15 19:14 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-15 19:14 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-15 19:14 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 19:14 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-15 19:14 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-15 19:14 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-15 19:14 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 19:14 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-15 19:14 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-15 19:14 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-15 19:14 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-15 19:14 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 19:14 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-15 19:14 - 2014-08-01 00:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:14 - 2014-10-15 22:36 - 00000000 ____D () C:\ProgramData\DeeaalsoFiinderPro
2014-10-14 13:46 - 2014-10-14 13:46 - 00000000 ____D () C:\ProgramData\RandomDealApp
2014-10-13 20:23 - 2014-10-15 20:26 - 00000000 ____D () C:\ProgramData\6db003c4bf1447a9
2014-10-05 20:02 - 2014-10-05 20:02 - 00003098 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-44985870-2582946011-626519790-1002
2014-10-05 20:02 - 2014-10-05 20:02 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-10-01 14:00 - 2014-10-01 14:00 - 00000000 __RHD () C:\MSOCache
2014-09-30 14:07 - 2014-10-01 14:18 - 00027489 _____ () C:\Users\Stephen\Documents\LabNo2(Murphy.Stephen)..xlsx
2014-09-30 14:05 - 2014-10-19 14:30 - 00004976 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for STEPHEN-Stephen Stephen
2014-09-28 20:21 - 2014-09-28 20:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-09-26 09:27 - 2014-09-26 09:28 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Microsoft Help
2014-09-25 14:13 - 2014-09-25 14:13 - 00044176 _____ () C:\Users\Stephen\Downloads\Assignment 2 dwg.dwg
2014-09-25 14:13 - 2014-09-25 14:13 - 00000194 ____H () C:\Users\Stephen\Downloads\Assignment 2 dwg.dwl2
2014-09-25 14:13 - 2014-09-25 14:13 - 00000044 ____H () C:\Users\Stephen\Downloads\Assignment 2 dwg.dwl
2014-09-24 12:48 - 2014-09-24 12:48 - 00002115 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-24 12:48 - 2014-09-24 12:48 - 00002115 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-24 12:48 - 2014-09-24 12:48 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-09-24 12:48 - 2014-09-24 12:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-09-24 12:43 - 2014-09-24 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-24 12:42 - 2014-09-30 13:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-23 21:05 - 2014-09-23 21:05 - 00001230 _____ () C:\Users\Stephen\Desktop\Continue Microsoft Excel 2013 Installation.lnk
2014-09-23 21:03 - 2014-10-15 15:38 - 00003250 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-23 21:03 - 2014-09-23 21:03 - 00000000 ____D () C:\Users\Stephen\Documents\Optimizer Pro
2014-09-23 21:03 - 2014-09-23 21:03 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Optimizer Pro
2014-09-23 21:02 - 2014-09-23 21:02 - 00004028 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-23 21:01 - 2014-10-16 19:16 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-09-23 21:01 - 2014-10-16 19:16 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-23 20:57 - 2014-10-15 22:36 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-23 20:57 - 2014-09-23 20:57 - 00001077 _____ () C:\Users\Stephen\Desktop\Optimizer Pro.lnk
2014-09-23 20:57 - 2014-09-23 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-09-23 08:53 - 2014-09-23 11:37 - 00044163 _____ () C:\Users\Stephen\Downloads\Assignment 2.bak
2014-09-22 12:22 - 2014-09-23 14:15 - 00027124 _____ () C:\Users\Stephen\Downloads\Assignment 2.dwg
2014-09-22 12:11 - 2014-09-22 12:11 - 00000194 ____H () C:\Users\Stephen\Documents\Drawing1.dwl2
2014-09-22 12:11 - 2014-09-22 12:11 - 00000044 ____H () C:\Users\Stephen\Documents\Drawing1.dwl
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 17:01 - 2013-08-26 07:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-19 16:59 - 2013-08-22 15:46 - 00027036 _____ () C:\Windows\setupact.log
2014-10-19 14:38 - 2014-09-02 18:08 - 01184943 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 14:35 - 2014-09-02 18:30 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 14:28 - 2014-09-02 18:22 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-44985870-2582946011-626519790-1002
2014-10-19 14:14 - 2014-09-02 18:17 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7C7347CA-2B77-4323-9449-4E793655C666}
2014-10-19 14:11 - 2014-09-02 18:31 - 00002426 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-19 14:10 - 2014-09-11 22:07 - 00000000 __RDO () C:\Users\Stephen\OneDrive
2014-10-19 14:10 - 2014-09-02 18:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 14:10 - 2014-09-02 18:18 - 00000000 ____D () C:\Users\Stephen\Documents\Youcam
2014-10-17 21:57 - 2014-09-02 18:17 - 00001673 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-16 19:16 - 2013-08-26 07:01 - 00010460 _____ () C:\Windows\PFRO.log
2014-10-16 19:16 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 19:15 - 2014-09-17 11:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 19:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-16 19:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-16 19:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-10-16 19:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-16 19:14 - 2014-09-07 14:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 19:05 - 2014-09-07 14:39 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 23:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-10-15 21:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-15 20:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-15 20:53 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-15 20:19 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-15 20:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-15 19:49 - 2014-04-16 13:01 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-15 19:49 - 2014-04-16 13:01 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-15 19:48 - 2013-08-22 15:44 - 00570184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 19:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-15 19:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-15 19:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-10-15 19:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-15 19:35 - 2014-09-02 18:16 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Packages
2014-10-15 19:32 - 2013-10-17 21:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-09-25 14:10 - 2014-09-18 14:22 - 00000713 _____ () C:\Users\Stephen\Documents\plot.log
2014-09-24 12:48 - 2014-09-02 18:22 - 00000000 ___RD () C:\Users\Stephen\SkyDrive
2014-09-24 12:43 - 2014-09-02 18:17 - 00000000 ____D () C:\Users\Stephen\AppData\Local\VirtualStore
2014-09-23 08:29 - 2013-10-18 04:50 - 00000000 ___HD () C:\HP
 
Some content of TEMP:
====================
C:\Users\Stephen\AppData\Local\Temp\AcDeltree.exe
C:\Users\Stephen\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe
C:\Users\Stephen\AppData\Local\Temp\ICSW_0M1T1I1T2X1L1Q1T.exe
C:\Users\Stephen\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 22:53
 
==================== End Of Log ============================


#8 omurchu

omurchu
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 19 October 2014 - 11:23 AM

Farbar Scan (addition) of infected laptop:

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by Stephen at 2014-10-19 17:04:01
Running from C:\Users\Stephen\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 13.15.100.30925 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5BB304EB-8E5B-0F2D-66FA-6603D9BB3232}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
AutoCAD 2015 - English (Version: 20.0.141.0 - Autodesk) Hidden
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.141.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4181 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.5.3303 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.3.4503 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.5.3228 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.5.3304 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2.3305 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.2.3302 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-GB (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF02-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 12.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP SimplePass (Version: 8.00.54 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
RandomDealApp (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - RandomDealApp) <==== ATTENTION
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WindowsMangerProtect20.0.0.1013 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-44985870-2582946011-626519790-1002_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-44985870-2582946011-626519790-1002_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-44985870-2582946011-626519790-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-44985870-2582946011-626519790-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Stephen\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
24-09-2014 18:55:54 Windows Update
15-10-2014 18:36:02 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07C0F25B-1774-4F7C-B5E4-A89822F3F474} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {0B2A5E16-AA28-4A7B-90FC-0CF65C5B80A0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {135741DA-2F89-43E1-810C-E7100F5DE39A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20E29AAB-4120-403E-BE40-E1457AB942D0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3727DE82-FE55-4B7D-9095-B59161C12EF8} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4CF47589-CFDE-434C-8E9D-1AD01C0F302D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {50B3227D-88A8-4A7C-9186-2459448BB6DF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {63994CDF-026F-49DE-87E7-DE0DE7B6322B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {783C28D0-233E-4AAF-BAF0-C2D6B45923BF} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {7CB3CD50-F0DC-4245-B9F0-9F81ABB2789F} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {84629019-135D-4466-9D0B-4E1FD016DCC8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {90BE3BFF-7B5B-4B26-9B1F-D305AD207690} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A0D2F6F6-6F53-460E-8802-0BA758666A8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02] (Google Inc.)
Task: {AD704675-2720-426E-8A15-B7FF30C746E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {BB0EAD3C-5A19-4A69-B21C-0B0576E81309} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-44985870-2582946011-626519790-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {BFCDA982-FFF7-48A1-B6D9-FB1032329B6E} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CB9CC65F-DC97-48C4-B3F9-B10C6105AA0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E10E5E8E-09EF-4E1D-A01A-07E35C6CC38E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7BB10B3-374E-4A15-91B2-B200E4BEF46E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {EA4E8739-C594-4F1A-941F-A98200959280} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)
Task: {F34787ED-8EE8-4BEB-99D1-A3EFF76B9889} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {F6D80BFB-75FD-4E4A-A4FD-614D88325684} - System32\Tasks\Microsoft Office 15 Sync Maintenance for STEPHEN-Stephen Stephen => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-26] (Microsoft Corporation)
Task: {F8395510-C508-437C-A0CA-880968A415AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {FADFA0DF-5B2F-4109-A75A-59C6751676A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: C:\Windows\Tasks\0914avUpdateInfo.job => C:\ProgramData\Avg_Update_0914av\0914av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-44985870-2582946011-626519790-1002Core.job => C:\Users\Stephen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-26 11:26 - 2013-09-26 11:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-26 11:32 - 2013-09-26 11:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 11:28 - 2013-09-26 11:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 11:25 - 2013-09-26 11:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 11:25 - 2013-09-26 11:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 11:25 - 2013-09-26 11:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 11:39 - 2013-09-26 11:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 11:39 - 2013-09-26 11:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 06:48 - 2013-09-25 06:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-30 13:07 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-26 09:12 - 2014-09-26 09:12 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-26 11:34 - 2013-09-26 11:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-09-25 06:48 - 2013-09-25 06:48 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-16 13:06 - 2013-02-01 11:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2014-04-16 13:06 - 2013-02-01 11:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2014-04-16 13:06 - 2013-02-01 11:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2014-04-16 13:06 - 2013-02-01 11:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2014-04-16 13:06 - 2013-02-01 11:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2014-04-16 13:06 - 2013-02-01 11:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2014-04-16 13:06 - 2013-02-01 11:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2014-04-16 13:00 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-26 09:12 - 2014-09-26 09:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Stephen\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Stephen\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-44985870-2582946011-626519790-500 - Administrator - Disabled)
Guest (S-1-5-21-44985870-2582946011-626519790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-44985870-2582946011-626519790-1004 - Limited - Enabled)
Stephen (S-1-5-21-44985870-2582946011-626519790 - Administrator - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/19/2014 05:04:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 744
 
Start Time: 01cfebb5a3015fb7
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 9a2b2360-57a9-11e4-826c-a02bb8589980
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (10/19/2014 04:59:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2024172
 
Error: (10/19/2014 04:59:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2024172
 
Error: (10/19/2014 04:59:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/19/2014 04:25:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1516
 
Error: (10/19/2014 04:25:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1516
 
Error: (10/19/2014 04:25:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/19/2014 04:20:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11a8
 
Start Time: 01cfebaf78b28f99
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 6e2bfc34-57a3-11e4-826c-a02bb8589980
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (10/19/2014 04:15:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5654672
 
Error: (10/19/2014 04:15:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5654672
 
 
System errors:
=============
Error: (10/19/2014 04:25:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 5 time(s).
 
Error: (10/19/2014 02:40:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 4 time(s).
 
Error: (10/17/2014 11:25:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 3 time(s).
 
Error: (10/17/2014 09:43:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).
 
Error: (10/16/2014 08:21:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (10/16/2014 08:21:30 PM) (Source: DCOM) (EventID: 10010) (User: STEPHEN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/16/2014 08:21:30 PM) (Source: DCOM) (EventID: 10010) (User: STEPHEN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/16/2014 01:39:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 7 time(s).
 
Error: (10/16/2014 01:39:03 PM) (Source: DCOM) (EventID: 10010) (User: STEPHEN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (10/16/2014 01:39:03 PM) (Source: DCOM) (EventID: 10010) (User: STEPHEN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office Sessions:
=========================
Error: (10/19/2014 05:04:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2060574401cfebb5a3015fb74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe9a2b2360-57a9-11e4-826c-a02bb8589980microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (10/19/2014 04:59:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2024172
 
Error: (10/19/2014 04:59:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2024172
 
Error: (10/19/2014 04:59:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/19/2014 04:25:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1516
 
Error: (10/19/2014 04:25:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1516
 
Error: (10/19/2014 04:25:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/19/2014 04:20:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2060511a801cfebaf78b28f994294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe6e2bfc34-57a3-11e4-826c-a02bb8589980microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (10/19/2014 04:15:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5654672
 
Error: (10/19/2014 04:15:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5654672
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4555M APU with Radeon™ HD Graphics 
Percentage of memory in use: 24%
Total physical RAM: 7366.26 MB
Available physical RAM: 5528.36 MB
Total Pagefile: 8518.26 MB
Available Pagefile: 6320.06 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:912.57 GB) (Free:861.62 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.17 GB) (Free:1.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CF9F01CA)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#9 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 19 October 2014 - 11:57 AM

Just to be 100% clear:

First install MCShield on clean laptop and and scan it as above and post that log?
 
Then proceed to download Farbar to clean laptop and transfer to infected laptop with USB?
 
Or is MCShield to be installed on infected machine?
 
Frank


No need to install McShield on the infected laptop. We can do that as a preventative measure if your son uses a usb a lot to transfer files to the machine. I'm about to start working on your logs and we'll post back instructions shortly. :thumbsup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 19 October 2014 - 12:29 PM

Hello :)

A fair bit of adware here and some programs that will need to be uninstalled. However, one of them will necessitate the reinstallation of Chrome once we're completely done with the cleaning. Let's begin. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls


Please uninstall the following programs as they are adware/malware related programs.
  • Akamai NetSession Interface
  • MyPC Backup
  • Optimizer Pro v3.2
  • RandomDealApp
  • webssearches uninstall
  • WindowsMangerProtect20.0.0.1013
Step 2: Fix with Farbar's Recovery Scan Tool
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\ProgramData\WindowsMangerProtect
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T&q={searchTerms}
2014-10-15 20:26 - 2014-10-15 20:26 - 00000000 ____D () C:\Program Files (x86)\DeeaalsoFiinderPro
2014-10-14 13:46 - 2014-10-14 13:46 - 00000000 ____D () C:\ProgramData\RandomDealApp
2014-09-23 21:03 - 2014-10-15 15:38 - 00003250 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-23 21:03 - 2014-09-23 21:03 - 00000000 ____D () C:\Users\Stephen\Documents\Optimizer Pro
2014-09-23 21:03 - 2014-09-23 21:03 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Optimizer Pro
2014-09-23 21:01 - 2014-10-16 19:16 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-23 20:57 - 2014-10-15 22:36 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-23 20:57 - 2014-09-23 20:57 - 00001077 _____ () C:\Users\Stephen\Desktop\Optimizer Pro.lnk
2014-09-23 20:57 - 2014-09-23 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Task: {20E29AAB-4120-403E-BE40-E1457AB942D0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {7CB3CD50-F0DC-4245-B9F0-9F81ABB2789F} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Fresh FRST Scan Tool
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Scan Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 omurchu

omurchu
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 19 October 2014 - 04:03 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2014
Ran by Stephen at 2014-10-19 21:24:44 Run:1
Running from C:\Users\Stephen\Desktop
Loaded Profile: Stephen (Available profiles: Stephen)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\ProgramData\WindowsMangerProtect
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1413579433&from=adks&uid=TOSHIBAXMQ01ABD100_44RWTE09TXX44RWTE09T
2014-10-15 20:26 - 2014-10-15 20:26 - 00000000 ____D () C:\Program Files (x86)\DeeaalsoFiinderPro
2014-10-14 13:46 - 2014-10-14 13:46 - 00000000 ____D () C:\ProgramData\RandomDealApp
2014-09-23 21:03 - 2014-10-15 15:38 - 00003250 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-09-23 21:03 - 2014-09-23 21:03 - 00000000 ____D () C:\Users\Stephen\Documents\Optimizer Pro
2014-09-23 21:03 - 2014-09-23 21:03 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Optimizer Pro
2014-09-23 21:01 - 2014-10-16 19:16 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-23 20:57 - 2014-10-15 22:36 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-23 20:57 - 2014-09-23 20:57 - 00001077 _____ () C:\Users\Stephen\Desktop\Optimizer Pro.lnk
2014-09-23 20:57 - 2014-09-23 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Task: {20E29AAB-4120-403E-BE40-E1457AB942D0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {7CB3CD50-F0DC-4245-B9F0-9F81ABB2789F} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End
*****************
 
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe => No running process found
C:\ProgramData\WindowsMangerProtect => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
C:\Program Files (x86)\DeeaalsoFiinderPro => Moved successfully.
C:\ProgramData\RandomDealApp => Moved successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
C:\Users\Stephen\Documents\Optimizer Pro => Moved successfully.
C:\Users\Stephen\AppData\Roaming\Optimizer Pro => Moved successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
C:\Program Files (x86)\Optimizer Pro => Moved successfully.
C:\Users\Stephen\Desktop\Optimizer Pro.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20E29AAB-4120-403E-BE40-E1457AB942D0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20E29AAB-4120-403E-BE40-E1457AB942D0}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CB3CD50-F0DC-4245-B9F0-9F81ABB2789F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CB3CD50-F0DC-4245-B9F0-9F81ABB2789F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 965.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8.1 x64
Ran by Stephen on 19/10/2014 at 21:33:35.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Stephen\appdata\local\google\chrome\user data\default\local storage\http_istart.webssearches.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Stephen\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Stephen\appdata\local\google\chrome\user data\default\local storage\https_static.livelyrics00.live-lyrics.com_0.localstorage"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\DeeaalsoFiinderPro
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Stephen\appdata\local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/10/2014 at 21:41:19.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.000 - Report created 19/10/2014 at 21:48:31
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Stephen - STEPHEN
# Running from : C:\Users\Stephen\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Stephen\AppData\Roaming\webssearches
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\DealsFinderPro.DealsFinderPro
Key Deleted : HKLM\SOFTWARE\Classes\DealsFinderPro.DealsFinderPro.9
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{65e780c4-ba84-4a3c-8e68-2b1efa3b0972}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{65e780c4-ba84-4a3c-8e68-2b1efa3b0972}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{65e780c4-ba84-4a3c-8e68-2b1efa3b0972}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v37.0.2062.124
 
 
*************************
 
AdwCleaner[R0].txt - [2341 octets] - [19/10/2014 21:43:01]
AdwCleaner[S0].txt - [2038 octets] - [19/10/2014 21:48:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2098 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Stephen (administrator) on STEPHEN on 19-10-2014 21:53:57
Running from C:\Users\Stephen\Desktop
Loaded Profile: Stephen (Available profiles: Stephen)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Facebook Inc.) C:\Users\Stephen\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-44985870-2582946011-626519790-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Stephen\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-44985870-2582946011-626519790-1002\...\Run: [Facebook Update] => C:\Users\Stephen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-15] (Facebook Inc.)
HKU\S-1-5-21-44985870-2582946011-626519790-1002\...\RunOnce: [Autodesk® AutoCAD® 2015] => C:\Autodesk\AutoCAD_2015_English_Win_32_64bit_R1_wi_en-us\Setup.exe /url "http://trial2.autodesk.com/SWDLDNET4/2015/ACD/WI/AutoCAD_2015_English_Win_32_64bit_R1_wi_en-us_Setup.exe" /SN 900-50206324 /PK (the data entry has 66 more characters).
HKU\S-1-5-21-44985870-2582946011-626519790-1002\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Stephen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> A26F0B75FD44AE74ADE98A63D842542FFC829D2A7E6F2E435F30CE1FDA403B3B
CHR DefaultSearchURL: Default -> DF2C4C95E5538229C0210071F534012E7F76312A110FDCD7866A12A2D97A6C36
CHR Profile: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-02]
CHR Extension: (Google Docs) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-02]
CHR Extension: (Google Drive) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (YouTube) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-02]
CHR Extension: (Google Search) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-02]
CHR Extension: (Google Sheets) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-02]
CHR Extension: (SASS Inspector) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkofmbmllpgfbnonmnenkiakimpgoamn [2014-10-14]
CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]
CHR Extension: (Gmail) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [273176 2014-07-18] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 21:53 - 2014-10-19 21:53 - 00002186 _____ () C:\Users\Stephen\Desktop\AdwCleaner[S0].txt
2014-10-19 21:42 - 2014-10-19 21:48 - 00000000 ____D () C:\AdwCleaner
2014-10-19 21:41 - 2014-10-19 21:41 - 00001311 _____ () C:\Users\Stephen\Desktop\JRT.txt
2014-10-19 21:33 - 2014-10-19 21:33 - 00000000 ____D () C:\Windows\ERUNT
2014-10-19 21:24 - 2014-10-19 21:24 - 00000000 ____D () C:\Users\Stephen\Desktop\FRST-OlderVersion
2014-10-19 21:23 - 2014-10-19 18:45 - 01976320 _____ () C:\Users\Stephen\Desktop\AdwCleaner.exe
2014-10-19 21:23 - 2014-10-19 18:44 - 01705698 _____ (Thisisu) C:\Users\Stephen\Desktop\JRT.exe
2014-10-19 21:04 - 2014-10-19 21:04 - 00003158 _____ () C:\Windows\System32\Tasks\{603D639E-C82B-442E-A9B2-C08290329988}
2014-10-19 17:04 - 2014-10-19 17:05 - 00038194 _____ () C:\Users\Stephen\Desktop\Addition.txt
2014-10-19 17:02 - 2014-10-19 21:53 - 00017878 _____ () C:\Users\Stephen\Desktop\FRST.txt
2014-10-19 17:02 - 2014-10-19 21:53 - 00000000 ____D () C:\FRST
2014-10-19 17:00 - 2014-10-19 21:24 - 02112512 _____ (Farbar) C:\Users\Stephen\Desktop\FRST64.exe
2014-10-19 14:23 - 2014-10-19 14:24 - 00006656 ___SH () C:\Users\Stephen\Downloads\Thumbs.db
2014-10-19 14:23 - 2014-10-19 14:23 - 00008704 ___SH () C:\Users\Stephen\Documents\Thumbs.db
2014-10-15 21:02 - 2014-10-15 21:02 - 00000344 _____ () C:\Windows\Tasks\0914avUpdateInfo.job
2014-10-15 21:02 - 2014-10-15 21:02 - 00000000 ____D () C:\ProgramData\Avg_Update_0914av
2014-10-15 20:46 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-15 20:46 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-15 20:46 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-15 20:45 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 20:45 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 20:45 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 20:45 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 20:45 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 20:20 - 2014-10-15 20:20 - 00000988 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-15 20:20 - 2014-10-15 20:20 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\TuneUp Software
2014-10-15 20:20 - 2014-10-15 20:20 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\AVG2015
2014-10-15 20:20 - 2014-10-15 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-15 20:19 - 2014-10-15 20:20 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-15 20:19 - 2014-10-15 20:19 - 00000000 ___HD () C:\$AVG
2014-10-15 20:18 - 2014-10-15 20:18 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-15 20:14 - 2014-10-19 14:14 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-15 20:14 - 2014-10-15 21:02 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Avg2015
2014-10-15 20:14 - 2014-10-15 20:14 - 00000000 ____D () C:\Users\Stephen\AppData\Local\MFAData
2014-10-15 20:11 - 2014-10-15 20:14 - 04579176 _____ (AVG Technologies) C:\Users\Stephen\Desktop\avg_free_stb_all_2015_5315_cnet.exe
2014-10-15 19:49 - 2014-09-29 23:45 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-15 19:49 - 2014-09-29 23:45 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 19:17 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 19:16 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-15 19:16 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-15 19:16 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-15 19:16 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-15 19:16 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-15 19:16 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-15 19:16 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-15 19:16 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-15 19:16 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-15 19:16 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-15 19:16 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-15 19:16 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-15 19:16 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-15 19:16 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-15 19:15 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 19:15 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 19:15 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 19:15 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 19:15 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 19:15 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 19:15 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 19:15 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 19:15 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 19:15 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 19:15 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 19:15 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 19:15 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 19:15 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 19:15 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 19:15 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 19:15 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 19:15 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 19:15 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 19:15 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 19:15 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 19:15 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 19:15 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 19:15 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 19:15 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 19:15 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 19:15 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 19:15 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 19:15 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 19:15 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 19:14 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 19:14 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 19:14 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 19:14 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 19:14 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-15 19:14 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-15 19:14 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-15 19:14 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-15 19:14 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-15 19:14 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-15 19:14 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-15 19:14 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-15 19:14 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-15 19:14 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-15 19:14 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-15 19:14 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-15 19:14 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-15 19:14 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-15 19:14 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-15 19:14 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-15 19:14 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-15 19:14 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-15 19:14 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-15 19:14 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-15 19:14 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-15 19:14 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-15 19:14 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 19:14 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-15 19:14 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-15 19:14 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-15 19:14 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 19:14 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-15 19:14 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-15 19:14 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-15 19:14 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 19:14 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-15 19:14 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-15 19:14 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-15 19:14 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-15 19:14 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 19:14 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-15 19:14 - 2014-08-01 00:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-13 20:23 - 2014-10-15 20:26 - 00000000 ____D () C:\ProgramData\6db003c4bf1447a9
2014-10-05 20:02 - 2014-10-05 20:02 - 00003098 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-44985870-2582946011-626519790-1002
2014-10-05 20:02 - 2014-10-05 20:02 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-10-01 14:00 - 2014-10-01 14:00 - 00000000 __RHD () C:\MSOCache
2014-09-30 14:07 - 2014-10-01 14:18 - 00027489 _____ () C:\Users\Stephen\Documents\LabNo2(Murphy.Stephen)..xlsx
2014-09-30 14:05 - 2014-10-19 14:30 - 00004976 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for STEPHEN-Stephen Stephen
2014-09-28 20:21 - 2014-09-28 20:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-09-26 09:27 - 2014-09-26 09:28 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Microsoft Help
2014-09-25 14:13 - 2014-09-25 14:13 - 00044176 _____ () C:\Users\Stephen\Downloads\Assignment 2 dwg.dwg
2014-09-25 14:13 - 2014-09-25 14:13 - 00000194 ____H () C:\Users\Stephen\Downloads\Assignment 2 dwg.dwl2
2014-09-25 14:13 - 2014-09-25 14:13 - 00000044 ____H () C:\Users\Stephen\Downloads\Assignment 2 dwg.dwl
2014-09-24 12:48 - 2014-09-24 12:48 - 00002115 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-24 12:48 - 2014-09-24 12:48 - 00002115 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-24 12:48 - 2014-09-24 12:48 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-09-24 12:48 - 2014-09-24 12:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-09-24 12:43 - 2014-09-24 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-24 12:42 - 2014-09-30 13:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-23 21:05 - 2014-09-23 21:05 - 00001230 _____ () C:\Users\Stephen\Desktop\Continue Microsoft Excel 2013 Installation.lnk
2014-09-23 08:53 - 2014-09-23 11:37 - 00044163 _____ () C:\Users\Stephen\Downloads\Assignment 2.bak
2014-09-22 12:22 - 2014-09-23 14:15 - 00027124 _____ () C:\Users\Stephen\Downloads\Assignment 2.dwg
2014-09-22 12:11 - 2014-09-22 12:11 - 00000194 ____H () C:\Users\Stephen\Documents\Drawing1.dwl2
2014-09-22 12:11 - 2014-09-22 12:11 - 00000044 ____H () C:\Users\Stephen\Documents\Drawing1.dwl
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 21:53 - 2014-09-02 18:31 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-19 21:52 - 2014-09-11 22:07 - 00000000 __RDO () C:\Users\Stephen\OneDrive
2014-10-19 21:52 - 2014-09-02 18:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 21:52 - 2014-09-02 18:18 - 00000000 ____D () C:\Users\Stephen\Documents\Youcam
2014-10-19 21:51 - 2013-08-26 07:01 - 00133380 _____ () C:\Windows\PFRO.log
2014-10-19 21:51 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 21:50 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 21:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-19 21:36 - 2013-08-26 07:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 21:35 - 2014-09-02 18:30 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 21:26 - 2014-09-02 18:22 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-44985870-2582946011-626519790-1002
2014-10-19 21:14 - 2014-09-02 18:17 - 00001445 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-19 16:59 - 2013-08-22 15:46 - 00027036 _____ () C:\Windows\setupact.log
2014-10-19 14:38 - 2014-09-02 18:08 - 01184943 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 14:14 - 2014-09-02 18:17 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7C7347CA-2B77-4323-9449-4E793655C666}
2014-10-16 19:15 - 2014-09-17 11:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 19:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-16 19:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-16 19:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-10-16 19:14 - 2014-09-07 14:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 19:05 - 2014-09-07 14:39 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 23:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-10-15 21:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-15 20:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-15 20:53 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-15 20:19 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-15 20:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-15 19:49 - 2014-04-16 13:01 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-15 19:49 - 2014-04-16 13:01 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-15 19:48 - 2013-08-22 15:44 - 00570184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 19:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-15 19:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-15 19:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-10-15 19:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-15 19:35 - 2014-09-02 18:16 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Packages
2014-10-15 19:32 - 2013-10-17 21:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-09-25 14:10 - 2014-09-18 14:22 - 00000713 _____ () C:\Users\Stephen\Documents\plot.log
2014-09-24 12:48 - 2014-09-02 18:22 - 00000000 ___RD () C:\Users\Stephen\SkyDrive
2014-09-24 12:43 - 2014-09-02 18:17 - 00000000 ____D () C:\Users\Stephen\AppData\Local\VirtualStore
2014-09-23 08:29 - 2013-10-18 04:50 - 00000000 ___HD () C:\HP
 
Some content of TEMP:
====================
C:\Users\Stephen\AppData\Local\Temp\Quarantine.exe
C:\Users\Stephen\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 22:53
 
==================== End Of Log ============================


#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 19 October 2014 - 04:11 PM

Looking good :thumbsup2:

How is the machine running now?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 omurchu

omurchu
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 19 October 2014 - 04:21 PM

Looking good :thumbsup2:

How is the machine running now?

 

 

 

Open Chrome - still getting the pop-up that leads to the "Java" download issue - so will have to proceed using the clean laptop. 



#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 19 October 2014 - 04:41 PM

Looking good :thumbsup2:

How is the machine running now?

 
Open Chrome - still getting the pop-up that leads to the "Java" download issue - so will have to proceed using the clean laptop.


If you can download using the infected machine we are working on, please do so. You'll need to use the infected machine to run the ESET Scan, as I don't believe that's something that can be done via usb.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 omurchu

omurchu
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 20 October 2014 - 08:34 AM

ESET Online Scanner.

 

Just for any other users information:

 

Scan took over 3 hours. It does hang at times or seems to but then restarted the scan. I restarted this scan several times - also turned off the sleep/hibernate on the laptop. It may have kept going anyway but wasn't sure. So looks like this scan takes some time to complete!! :devil:

 
 
 
 
 
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3ff351f7f5ad9042912f9f9ecabd5a87
# engine=20676
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-19 10:42:09
# local_time=2014-10-19 11:42:09 (+0000, GMT Summer Time)
# country="Ireland"
# lang=1033
# osver=6.3.9600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2807702 38639822 0 0
# scanned=1451
# found=0
# cleaned=0
# scan_time=205
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3ff351f7f5ad9042912f9f9ecabd5a87
# engine=20676
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-19 11:19:05
# local_time=2014-10-20 12:19:05 (+0000, GMT Summer Time)
# country="Ireland"
# lang=1033
# osver=6.3.9600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2809918 38642038 0 0
# scanned=69681
# found=1
# cleaned=0
# scan_time=1993
sh=D60F9D365A397D85AB58BD8DEBC2EFCB72686727 ft=1 fh=c71c0011f3b7a6de vn="a variant of Win32/ELEX.AM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe"
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3ff351f7f5ad9042912f9f9ecabd5a87
# engine=20679
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-20 10:36:39
# local_time=2014-10-20 11:36:39 (+0000, GMT Summer Time)
# country="Ireland"
# lang=1033
# osver=6.3.9600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2850572 38682692 0 0
# scanned=76469
# found=1
# cleaned=0
# scan_time=10341
sh=D60F9D365A397D85AB58BD8DEBC2EFCB72686727 ft=1 fh=c71c0011f3b7a6de vn="a variant of Win32/ELEX.AM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe"
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3ff351f7f5ad9042912f9f9ecabd5a87
# engine=20682
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-20 01:21:27
# local_time=2014-10-20 02:21:27 (+0000, GMT Summer Time)
# country="Ireland"
# lang=1033
# osver=6.3.9600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2860460 38692580 0 0
# scanned=196452
# found=2
# cleaned=0
# scan_time=9728
sh=D60F9D365A397D85AB58BD8DEBC2EFCB72686727 ft=1 fh=c71c0011f3b7a6de vn="a variant of Win32/ELEX.AM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe"
sh=8B979F99C59E27A0A6CD50AA6696F3ED19CEAE96 ft=1 fh=9e521054a7fb26a3 vn="a variant of Win32/InstallCore.PL potentially unwanted application" ac=I fn="C:\Users\Stephen\Pictures\Malavida_Download_Manager.exe"

Edited by omurchu, 20 October 2014 - 08:39 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users