Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stepfather's computer completely ridden with Malware


  • This topic is locked This topic is locked
184 replies to this topic

#1 Aushin

Aushin

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 04 November 2014 - 06:27 PM

Logs are below.  This ran in Safe Mode because it's the only way to get anything to run on the computer at all.  Thanks for reading:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16686
Run by Captain Ron at 18:22:07 on 2014-11-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6106.5411 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=55&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SSPV=
uProxyServer = hxxp=127.0.0.1:50226;https=127.0.0.1:50226
uProxyOverride = <-loopback>
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Browsers+Apps+1.1: {11111111-1111-1111-1111-110611501155} - C:\Program Files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-bho.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Idmsq Extension: {3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} - C:\Users\Captain Ron\AppData\Roaming\IDMSQ\idmsqext.dll
BHO: AdvanceElite: {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} - C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll
BHO: Search Assistant BHO: {58376892-60e7-4f63-aca0-0f686af554d6} - 
BHO: Toolbar BHO: {6eb534fb-2001-45c4-b860-bc904865a379} - 
BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll
BHO: neurowise: {d08ab008-0647-4784-8e2c-5769cd4a7c3a} - C:\Program Files (x86)\neurowise\neurowisebho.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - 
TB: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWOW64\TwcToolbarIe7.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - 
TB: DictionaryBoss: {3042df7a-e900-4389-9b94-923df0daa57e} - 
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [IDMSQ] C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
uRun: [BRS] C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
uRun: [Super Optimizer] C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
uRun: [Browser Infrastructure Helper] C:\Users\Captain Ron\AppData\Local\Smartbar\Application\SnapDo.exe startup
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ospd_us_300] "C:\Program Files (x86)\ospd_us_300\ospd_us_300.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [upospd_us_300.exe] C:\Users\Captain Ron\AppData\Local\ospd_us_300\upospd_us_300.exe -runonce
StartupFolder: C:\Users\CAPTAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\CAPTAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMW~2.LNK - C:\Users\Captain Ron\AppData\Local\StormWatch\StormWatch.exe
StartupFolder: C:\Users\CAPTAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMW~1.LNK - C:\Users\Captain Ron\AppData\Local\StormWatch\StormWatchApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Windows\System32\ProtectMe.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D633E88-4581-4842-A5BC-EE8DC56E8DDC} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D633E88-4581-4842-A5BC-EE8DC56E8DDC}\249676F54416E6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D633E88-4581-4842-A5BC-EE8DC56E8DDC}\84F4D454D203838383 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D633E88-4581-4842-A5BC-EE8DC56E8DDC}\84F4D454D283931423 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Browsers+Apps+1.1: {11111111-1111-1111-1111-110611501155} - C:\Program Files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-bho64.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-11 55280]
S1 {054bd1e4-abee-467e-ab51-8ab276684243}w64;{054bd1e4-abee-467e-ab51-8ab276684243}w64;C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys [2014-10-25 48832]
S1 {255a824a-3cde-4dee-9785-284605606456}w64;{255a824a-3cde-4dee-9785-284605606456}w64;C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys [2014-10-28 48832]
S1 {46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64;{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64;C:\Windows\System32\drivers\{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64.sys [2014-10-24 48832]
S1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}w64;{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64;C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys [2014-10-25 48784]
S1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64;{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64;C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys [2014-10-24 48784]
S1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-10-6 46376]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-20 98208]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-10-13 36936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 consumerinput_update;ConsumerInput Update Service (consumerinput_update);C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-10-28 106296]
S2 CouponArificService64;CouponArificService64;C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1\kwcwagadsn64.exe [2014-10-6 172544]
S2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177136]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 DictionaryBossService;DictionaryBossService;C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe --> C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe [?]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-28 68608]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-20 13336]
S2 Internet Enhancer Service;Internet Enhancer Service;C:\Program Files (x86)\WajaIE\WajaIE Internet Enhancer\InternetEnhancerService.exe [2014-10-21 305664]
S2 LPTSystemUpdater;LPT System Updater Service;C:\Program Files (x86)\LPT\srpts.exe [2014-9-21 32800]
S2 lxdv_device;lxdv_device;C:\Windows\System32\lxdvcoms.exe -service --> C:\Windows\System32\lxdvcoms.exe -service [?]
S2 MaintainerSvc1.20.7247763;MaintainerSvc1.20.7247763;C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe [2014-10-27 123632]
S2 MaintainerSvc3.32.7672459;MaintainerSvc3.32.7672459;C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\maintainer.exe [2014-10-27 123680]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 Orbiter;Orbiter;C:\Windows\System32\svchost.exe -k ORBTR [2009-7-13 27136]
S2 rcores;rcores;C:\Windows\rcore.exe [2014-10-28 1318912]
S2 ReimageRealTimeProtector;Reimage Real Time Protector;C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-7-28 7101288]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-20 1692480]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Update AdvanceElite;Update AdvanceElite;C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [2014-10-22 523552]
S2 Update neurowise;Update neurowise;C:\Program Files (x86)\neurowise\updateneurowise.exe [2014-10-22 523552]
S2 Util AdvanceElite;Util AdvanceElite;C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [2014-10-22 523552]
S2 Util neurowise;Util neurowise;C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [2014-10-22 523552]
S2 webinstrNew;webinstrNew;C:\Windows\System32\drivers\webinstrNew.sys [2014-10-28 58040]
S3 consumerinput_updatem;ConsumerInput Update Service (consumerinput_updatem);C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-10-28 106296]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-4-20 172704]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-28 68608]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 76912]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 ProtectMe;ProtectMe;C:\Program Files (x86)\PCTRunner\ProtectMe.exe [2014-10-9 1323408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-4-20 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-12 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-04 11:42:23 -------- d-----w- C:\Windows\pss
2014-10-29 01:36:42 -------- d-----w- C:\Users\Captain Ron\AppData\Local\OneSoftperDay
2014-10-29 00:36:27 48832 ----a-w- C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys
2014-10-28 23:27:48 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{674C2270-9DA1-4A52-9414-EF28BF24AF8D}\mpengine.dll
2014-10-28 11:15:34 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\Super Optimizer
2014-10-28 11:15:19 -------- d-----w- C:\Program Files (x86)\LPT
2014-10-28 11:13:16 -------- d-----w- C:\Program Files (x86)\Setup Support for Consumer Input
2014-10-28 11:12:56 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\Compete
2014-10-28 11:12:29 -------- d-----w- C:\ProgramData\Reimage Protector
2014-10-28 11:12:18 -------- d-----w- C:\Program Files\Reimage
2014-10-28 11:12:13 -------- d-----w- C:\rei
2014-10-28 11:11:51 1495456 ----a-w- C:\Users\Captain Ron\AppData\Roaming\AO.exe
2014-10-28 11:11:34 -------- d-----w- C:\Users\Captain Ron\AppData\Local\LPT
2014-10-28 11:11:33 -------- d-----w- C:\Users\Captain Ron\AppData\Local\Smartbar
2014-10-28 11:11:26 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\VOPackage
2014-10-28 11:11:00 1979296 ----a-w- C:\Users\Captain Ron\AppData\Roaming\DYRA.exe
2014-10-28 11:09:54 -------- d-----w- C:\Program Files (x86)\PepperZip
2014-10-28 11:09:41 -------- d-----w- C:\Program Files (x86)\PCTRunner
2014-10-28 11:09:39 2451 ----a-w- C:\Windows\patsearch.bin
2014-10-28 11:09:38 58040 ----a-w- C:\Windows\System32\drivers\webinstrNew.sys
2014-10-28 11:09:35 -------- d-----w- C:\Program Files (x86)\ver7NewPlayer
2014-10-28 11:09:29 -------- d-----w- C:\Users\Captain Ron\AppData\Local\JFileManager
2014-10-28 11:09:29 -------- d-----w- C:\Program Files (x86)\JFileManager
2014-10-28 11:03:18 -------- d-----w- C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056
2014-10-28 11:03:18 -------- d-----w- C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
2014-10-26 16:07:16 -------- d-----w- C:\Users\Captain Ron\AppData\Local\{CE00CCF2-CB89-4C46-BD15-C89BA41B0771}
2014-10-26 13:39:40 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\Astromenda
2014-10-26 02:42:32 -------- d-----w- C:\Users\Captain Ron\AppData\Local\{2D7F940E-6882-4440-B353-030392526421}
2014-10-25 22:48:46 48832 ----a-w- C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys
2014-10-25 22:48:40 48784 ----a-w- C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys
2014-10-25 14:28:08 -------- d-----w- C:\Users\Captain Ron\AppData\Local\{F35D8B9B-05CC-4242-9E5F-1F79FEDAF059}
2014-10-25 02:52:43 48784 ----a-w- C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys
2014-10-25 02:50:02 48832 ----a-w- C:\Windows\System32\drivers\{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64.sys
2014-10-25 02:28:49 -------- d-----w- C:\Program Files (x86)\Sony
2014-10-25 02:25:44 -------- d-----w- C:\Users\Captain Ron\AppData\Local\{C7DAFD85-2A52-45C5-96CF-1F045EE8CCA8}
2014-10-24 23:54:28 22528 ----a-w- C:\Users\Captain Ron\AppData\Local\162171151dsisetup1621742862.exe
2014-10-23 01:33:12 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\Optimizer Pro
2014-10-23 01:28:12 -------- d-----w- C:\Program Files (x86)\AdvanceElite
2014-10-23 01:28:09 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\WSE_Astromenda
2014-10-23 01:28:09 -------- d-----w- C:\Program Files (x86)\WSE_Astromenda
2014-10-23 01:28:08 -------- d-----w- C:\ProgramData\OEM Links
2014-10-23 01:28:08 -------- d-----w- C:\MININT
2014-10-23 01:28:06 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\IDMSQ
2014-10-23 01:27:55 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-10-23 01:27:51 -------- d-----w- C:\Users\Captain Ron\AppData\Local\Programs
2014-10-23 01:27:47 -------- d-----w- C:\Program Files (x86)\IDMSQ
2014-10-23 01:25:37 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-10-23 01:25:21 -------- d-----w- C:\Program Files (x86)\Wajam
2014-10-23 01:25:16 -------- d-----w- C:\Program Files (x86)\WajaIE
2014-10-23 01:25:06 -------- d-----w- C:\Program Files\CouponArific
2014-10-23 01:25:05 -------- d-----w- C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1
2014-10-23 01:24:54 -------- d-----w- C:\Program Files (x86)\neurowise
2014-10-23 01:24:30 -------- d-----w- C:\Users\Captain Ron\AppData\Local\SearchProtect
2014-10-23 01:24:21 -------- d-----w- C:\Program Files (x86)\ORBTR
2014-10-23 01:24:20 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-10-07 01:48:36 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
.
==================== Find3M  ====================
.
2014-10-27 17:51:40 1318912 ----a-w- C:\Windows\rcore.exe
2014-10-09 19:14:04 350768 ----a-w- C:\Windows\System32\ProtectMe64.dll
2014-10-09 19:14:04 304728 ----a-w- C:\Windows\SysWow64\ProtectMe.dll
2014-10-02 19:53:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-02 06:23:02 5515736 ------w- C:\Windows\apppatch\spbin\cltmng.exe
2014-10-02 06:23:02 225752 ----a-w- C:\Windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-09-24 07:51:08 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-24 07:51:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:24:00.44 ===============

Edited by Aushin, 04 November 2014 - 06:42 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 PM

Posted 09 November 2014 - 06:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554771 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Aushin

Aushin
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 10 November 2014 - 12:56 PM

When his computer starts, several fake "antivirus" programs will pop up and run 'scans' and make suggestions about what to do.  It's incredibly unresponsive in general, and I was denied when I attempted to change settings in msconfig or visit any websites or run any antivirus.  The scan below was only able to be run in safe mode.
 
I do not believe I have my original Windows CD available.  
 
Updated logs below/attached:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16686
Run by Captain Ron at 12:51:11 on 2014-11-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6106.5268 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=55&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SSPV=
uProxyServer = hxxp=127.0.0.1:50226;https=127.0.0.1:50226
uProxyOverride = <-loopback>
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Browsers+Apps+1.1: {11111111-1111-1111-1111-110611501155} - C:\Program Files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-bho.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Idmsq Extension: {3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} - C:\Users\Captain Ron\AppData\Roaming\IDMSQ\idmsqext.dll
BHO: AdvanceElite: {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} - C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll
BHO: Search Assistant BHO: {58376892-60e7-4f63-aca0-0f686af554d6} - 
BHO: Toolbar BHO: {6eb534fb-2001-45c4-b860-bc904865a379} - 
BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll
BHO: neurowise: {d08ab008-0647-4784-8e2c-5769cd4a7c3a} - C:\Program Files (x86)\neurowise\neurowisebho.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - 
TB: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWOW64\TwcToolbarIe7.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - 
TB: DictionaryBoss: {3042df7a-e900-4389-9b94-923df0daa57e} - 
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [IDMSQ] C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
uRun: [BRS] C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
uRun: [Super Optimizer] C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
uRun: [Browser Infrastructure Helper] C:\Users\Captain Ron\AppData\Local\Smartbar\Application\SnapDo.exe startup
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ospd_us_300] "C:\Program Files (x86)\ospd_us_300\ospd_us_300.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [upospd_us_300.exe] C:\Users\Captain Ron\AppData\Local\ospd_us_300\upospd_us_300.exe -runonce
StartupFolder: C:\Users\CAPTAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\CAPTAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMW~2.LNK - C:\Users\Captain Ron\AppData\Local\StormWatch\StormWatch.exe
StartupFolder: C:\Users\CAPTAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMW~1.LNK - C:\Users\Captain Ron\AppData\Local\StormWatch\StormWatchApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Windows\System32\ProtectMe.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D633E88-4581-4842-A5BC-EE8DC56E8DDC} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D633E88-4581-4842-A5BC-EE8DC56E8DDC}\249676F54416E6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D633E88-4581-4842-A5BC-EE8DC56E8DDC}\84F4D454D203838383 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D633E88-4581-4842-A5BC-EE8DC56E8DDC}\84F4D454D283931423 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Browsers+Apps+1.1: {11111111-1111-1111-1111-110611501155} - C:\Program Files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-bho64.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-11 55280]
S1 {054bd1e4-abee-467e-ab51-8ab276684243}w64;{054bd1e4-abee-467e-ab51-8ab276684243}w64;C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys [2014-10-25 48832]
S1 {255a824a-3cde-4dee-9785-284605606456}w64;{255a824a-3cde-4dee-9785-284605606456}w64;C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys [2014-10-28 48832]
S1 {46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64;{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64;C:\Windows\System32\drivers\{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64.sys [2014-10-24 48832]
S1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}w64;{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64;C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys [2014-10-25 48784]
S1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64;{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64;C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys [2014-10-24 48784]
S1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-10-6 46376]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-20 98208]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-10-13 36936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 consumerinput_update;ConsumerInput Update Service (consumerinput_update);C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-10-28 106296]
S2 CouponArificService64;CouponArificService64;C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1\kwcwagadsn64.exe [2014-10-6 172544]
S2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177136]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 DictionaryBossService;DictionaryBossService;C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe --> C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe [?]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-28 68608]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-20 13336]
S2 Internet Enhancer Service;Internet Enhancer Service;C:\Program Files (x86)\WajaIE\WajaIE Internet Enhancer\InternetEnhancerService.exe [2014-10-21 305664]
S2 LPTSystemUpdater;LPT System Updater Service;C:\Program Files (x86)\LPT\srpts.exe [2014-9-21 32800]
S2 lxdv_device;lxdv_device;C:\Windows\System32\lxdvcoms.exe -service --> C:\Windows\System32\lxdvcoms.exe -service [?]
S2 MaintainerSvc1.20.7247763;MaintainerSvc1.20.7247763;C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe [2014-10-27 123632]
S2 MaintainerSvc3.32.7672459;MaintainerSvc3.32.7672459;C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\maintainer.exe [2014-10-27 123680]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 Orbiter;Orbiter;C:\Windows\System32\svchost.exe -k ORBTR [2009-7-13 27136]
S2 rcores;rcores;C:\Windows\rcore.exe [2014-10-28 1318912]
S2 ReimageRealTimeProtector;Reimage Real Time Protector;C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-7-28 7101288]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-20 1692480]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Update AdvanceElite;Update AdvanceElite;C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [2014-10-22 523552]
S2 Update neurowise;Update neurowise;C:\Program Files (x86)\neurowise\updateneurowise.exe [2014-10-22 523552]
S2 Util AdvanceElite;Util AdvanceElite;C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [2014-10-22 523552]
S2 Util neurowise;Util neurowise;C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [2014-10-22 523552]
S2 webinstrNew;webinstrNew;C:\Windows\System32\drivers\webinstrNew.sys [2014-10-28 58040]
S3 consumerinput_updatem;ConsumerInput Update Service (consumerinput_updatem);C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-10-28 106296]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-4-20 172704]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-28 68608]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 76912]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 ProtectMe;ProtectMe;C:\Program Files (x86)\PCTRunner\ProtectMe.exe [2014-10-9 1323408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-4-20 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-12 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-05 08:27:21 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{674C2270-9DA1-4A52-9414-EF28BF24AF8D}\offreg.dll
2014-11-04 11:42:23 -------- d-----w- C:\Windows\pss
2014-10-29 01:36:42 -------- d-----w- C:\Users\Captain Ron\AppData\Local\OneSoftperDay
2014-10-29 00:36:27 48832 ----a-w- C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys
2014-10-28 23:27:48 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{674C2270-9DA1-4A52-9414-EF28BF24AF8D}\mpengine.dll
2014-10-28 11:15:34 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\Super Optimizer
2014-10-28 11:15:19 -------- d-----w- C:\Program Files (x86)\LPT
2014-10-28 11:13:16 -------- d-----w- C:\Program Files (x86)\Setup Support for Consumer Input
2014-10-28 11:12:56 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\Compete
2014-10-28 11:12:29 -------- d-----w- C:\ProgramData\Reimage Protector
2014-10-28 11:12:18 -------- d-----w- C:\Program Files\Reimage
2014-10-28 11:12:13 -------- d-----w- C:\rei
2014-10-28 11:11:51 1495456 ----a-w- C:\Users\Captain Ron\AppData\Roaming\AO.exe
2014-10-28 11:11:34 -------- d-----w- C:\Users\Captain Ron\AppData\Local\LPT
2014-10-28 11:11:33 -------- d-----w- C:\Users\Captain Ron\AppData\Local\Smartbar
2014-10-28 11:11:26 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\VOPackage
2014-10-28 11:11:00 1979296 ----a-w- C:\Users\Captain Ron\AppData\Roaming\DYRA.exe
2014-10-28 11:09:54 -------- d-----w- C:\Program Files (x86)\PepperZip
2014-10-28 11:09:41 -------- d-----w- C:\Program Files (x86)\PCTRunner
2014-10-28 11:09:39 2451 ----a-w- C:\Windows\patsearch.bin
2014-10-28 11:09:38 58040 ----a-w- C:\Windows\System32\drivers\webinstrNew.sys
2014-10-28 11:09:35 -------- d-----w- C:\Program Files (x86)\ver7NewPlayer
2014-10-28 11:09:29 -------- d-----w- C:\Users\Captain Ron\AppData\Local\JFileManager
2014-10-28 11:09:29 -------- d-----w- C:\Program Files (x86)\JFileManager
2014-10-28 11:03:18 -------- d-----w- C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056
2014-10-28 11:03:18 -------- d-----w- C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
2014-10-26 16:07:16 -------- d-----w- C:\Users\Captain Ron\AppData\Local\{CE00CCF2-CB89-4C46-BD15-C89BA41B0771}
2014-10-26 13:39:40 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\Astromenda
2014-10-26 02:42:32 -------- d-----w- C:\Users\Captain Ron\AppData\Local\{2D7F940E-6882-4440-B353-030392526421}
2014-10-25 22:48:46 48832 ----a-w- C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys
2014-10-25 22:48:40 48784 ----a-w- C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys
2014-10-25 14:28:08 -------- d-----w- C:\Users\Captain Ron\AppData\Local\{F35D8B9B-05CC-4242-9E5F-1F79FEDAF059}
2014-10-25 02:52:43 48784 ----a-w- C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys
2014-10-25 02:50:02 48832 ----a-w- C:\Windows\System32\drivers\{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64.sys
2014-10-25 02:28:49 -------- d-----w- C:\Program Files (x86)\Sony
2014-10-25 02:25:44 -------- d-----w- C:\Users\Captain Ron\AppData\Local\{C7DAFD85-2A52-45C5-96CF-1F045EE8CCA8}
2014-10-24 23:54:28 22528 ----a-w- C:\Users\Captain Ron\AppData\Local\162171151dsisetup1621742862.exe
2014-10-23 01:33:12 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\Optimizer Pro
2014-10-23 01:28:12 -------- d-----w- C:\Program Files (x86)\AdvanceElite
2014-10-23 01:28:09 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\WSE_Astromenda
2014-10-23 01:28:09 -------- d-----w- C:\Program Files (x86)\WSE_Astromenda
2014-10-23 01:28:08 -------- d-----w- C:\ProgramData\OEM Links
2014-10-23 01:28:08 -------- d-----w- C:\MININT
2014-10-23 01:28:06 -------- d-----w- C:\Users\Captain Ron\AppData\Roaming\IDMSQ
2014-10-23 01:27:55 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-10-23 01:27:51 -------- d-----w- C:\Users\Captain Ron\AppData\Local\Programs
2014-10-23 01:27:47 -------- d-----w- C:\Program Files (x86)\IDMSQ
2014-10-23 01:25:37 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-10-23 01:25:21 -------- d-----w- C:\Program Files (x86)\Wajam
2014-10-23 01:25:16 -------- d-----w- C:\Program Files (x86)\WajaIE
2014-10-23 01:25:06 -------- d-----w- C:\Program Files\CouponArific
2014-10-23 01:25:05 -------- d-----w- C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1
2014-10-23 01:24:54 -------- d-----w- C:\Program Files (x86)\neurowise
2014-10-23 01:24:30 -------- d-----w- C:\Users\Captain Ron\AppData\Local\SearchProtect
2014-10-23 01:24:21 -------- d-----w- C:\Program Files (x86)\ORBTR
2014-10-23 01:24:20 -------- d-----w- C:\Program Files (x86)\SearchProtect
.
==================== Find3M  ====================
.
2014-10-27 17:51:40 1318912 ----a-w- C:\Windows\rcore.exe
2014-10-09 19:14:04 350768 ----a-w- C:\Windows\System32\ProtectMe64.dll
2014-10-09 19:14:04 304728 ----a-w- C:\Windows\SysWow64\ProtectMe.dll
2014-10-07 01:48:36 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-10-02 19:53:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-02 06:23:02 5515736 ------w- C:\Windows\apppatch\spbin\cltmng.exe
2014-10-02 06:23:02 225752 ----a-w- C:\Windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-09-24 07:51:08 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-24 07:51:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:51:19.44 ===============

Attached Files



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:10 PM

Posted 10 November 2014 - 02:32 PM

Hi Aushin and Welcome to BleepingComputer !

I am currently looking though your logs and will advice you on what to do in my next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 Aushin

Aushin
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 10 November 2014 - 03:30 PM

Hi Aushin and Welcome to BleepingComputer !

I am currently looking though your logs and will advice you on what to do in my next reply.

Awesome, can't wait!  

Semi-related question: I have email notification turned on for 'immediate' but I don't seem to get any emails notifying me of replies.  Any idea what I might be doing wrong?  Just don't want to waste unnecessary time not knowing there are updates while you trying to help resolve this



#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:10 PM

Posted 10 November 2014 - 04:43 PM

Hello Aushin

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

  • Click on Start -> Control Panel -> Add/Remove Programs
  • Uninstall the following Programs:-
    Browsers+Apps+1.1
    Consumer Input
    Coupon Printer for Windows
    CouponARific
    DictionaryBoss Toolbar
    McAfee Security Scan Plus
    NewPlayer
    OneSoftPerDay 025.300
    Optimizer Pro v3.2
    Search Protect
    Snap.Do
    Snap.Do Engine
    Super Optimizer v3.2
    Web Protect for Windows
  • Close the Add/Remove Programs and Control Panel

Restart your computer


Step 2

Please run this in Normal Mode if you can.

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 3

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 Aushin

Aushin
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 10 November 2014 - 05:07 PM

When I tried to uninstall DictionaryBoss Toolbar, I got the error:

 

"There was a problem starting C:\PROGRA~2\DICTIO~2\bar\1.bin\v4Bar.dll 
  The specified module could not be found"

 

When trying to uninstall Snap.do and Snap.Do engine, the computer was completely unresponsive.  I would click the button and nothing would happen.  No hourglass, no indication that any action was performed.

 

Similarly, Web Protect for windows would hourglass briefly, but no uninstallation would happen.  All other programs uninstalled without incident. 

 

I am going to attempt to run the tools in your reply now (in normal mode)



#8 Aushin

Aushin
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 10 November 2014 - 05:20 PM

So Windows Explorer stopped responding the second I tried to click the little Windows-circle-Start Button.  And it hasn't recovered or restarted itself yet. Just letting you know, in case you find it prudent to switch back to Safe Mode.  I will continue trying to do what you suggested in the meantime.



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:10 PM

Posted 11 November 2014 - 04:22 PM

Hi Aushin

As it sound's like you are having issue's let's run FRST from Safe Mode instead.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 Aushin

Aushin
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 11 November 2014 - 04:28 PM

Awesome, thanks for getting back to me!  I will update in a little over an hour (when I get home from work and can follow your next recommendation).



#11 Aushin

Aushin
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 11 November 2014 - 07:06 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Captain Ron (administrator) on CAPTAINRON-PC on 11-11-2014 19:04:00
Running from C:\Users\Captain Ron\Desktop
Loaded Profile: Captain Ron (Available profiles: Captain Ron)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ospd_us_300] => [X]
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-11] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-07-16] (The Weather Channel)
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [IDMSQ] => C:\Program Files (x86)\IDMSQ\idmsq.exe [2561088 2013-10-30] ()
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1043968 2014-10-22] ()
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Captain Ron\AppData\Local\Smartbar\Application\SnapDo.exe [28192 2014-09-21] (Smartbar)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Users\Captain Ron\AppData\Local\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Users\Captain Ron\AppData\Local\StormWatch\StormWatchApp.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2771474770-601152397-3368871679-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:50226;https=127.0.0.1:50226
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x77B921C5084CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Idmsq Extension -> {3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} -> C:\Users\Captain Ron\AppData\Roaming\IDMSQ\idmsqext.dll (Or Interactive Ltd)
BHO-x32: AdvanceElite -> {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} -> C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
BHO-x32: Search Assistant BHO -> {58376892-60e7-4f63-aca0-0f686af554d6} -> C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll No File
BHO-x32: Toolbar BHO -> {6eb534fb-2001-45c4-b860-bc904865a379} -> C:\PROGRA~2\DICTIO~2\bar\1.bin\v4bar.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: neurowise -> {d08ab008-0647-4784-8e2c-5769cd4a7c3a} -> C:\Program Files (x86)\neurowise\neurowisebho.dll (neurowise)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll ()
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - DictionaryBoss - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9-x64 01 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 02 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 03 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 04 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 15 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @DictionaryBoss.com/Plugin -> C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll No File
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [v4ffxtbr@DictionaryBoss.com] - C:\Program Files (x86)\DictionaryBoss\bar\1.bin
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=55&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=55&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Profile: C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-15]
CHR Extension: (Google Search) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-15]
CHR Extension: (Consumer Input) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc [2014-10-28]
CHR Extension: (Google Wallet) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Internet Download Manager Squared) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-10-22]
CHR Extension: (Astromenda New Tab) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-10-22]
CHR Extension: (AdvanceElite) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlgmglenofknhllndpffnjmfdglfnng [2014-10-28]
CHR Extension: (Gmail) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-15]
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\Captain Ron\AppData\Roaming\IDMSQ\IDMSQ.crx [2013-09-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 Internet Enhancer Service; C:\Program Files (x86)\WajaIE\WajaIE Internet Enhancer\InternetEnhancerService.exe [305664 2014-10-21] (Wajam Internet Technologies Inc.) [File not signed]
S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32800 2014-09-21] () <==== ATTENTION
S2 lxdv_device; C:\Windows\system32\lxdvcoms.exe [1044136 2007-10-18] ( )
S2 MaintainerSvc1.20.7247763; C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe [123632 2014-10-27] ()
S2 MaintainerSvc3.32.7672459; C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\maintainer.exe [123680 2014-10-27] ()
S3 ProtectMe; C:\Program Files (x86)\PCTRunner\ProtectMe.exe [1323408 2014-10-09] (ProtectMe) [File not signed]
S2 rcores; C:\Windows\rcore.exe [1318912 2014-10-27] () [File not signed]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7101288 2014-07-28] (Reimage®)
S2 Update AdvanceElite; C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [523552 2014-10-28] ()
S2 Update neurowise; C:\Program Files (x86)\neurowise\updateneurowise.exe [523552 2014-10-28] ()
S2 Util AdvanceElite; C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [523552 2014-10-28] ()
S2 Util neurowise; C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [523552 2014-10-28] ()
S2 CouponArificService64; C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1\kwcwagadsn64.exe [X]
S2 DictionaryBossService; C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 {054bd1e4-abee-467e-ab51-8ab276684243}w64; C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys [48832 2014-10-25] (StdLib)
S1 {255a824a-3cde-4dee-9785-284605606456}w64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys [48832 2014-10-28] (StdLib)
S1 {46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64; C:\Windows\System32\drivers\{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64.sys [48832 2014-10-24] (StdLib)
S1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}w64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys [48784 2014-10-25] (StdLib)
S1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64; C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys [48784 2014-10-24] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 19:04 - 2014-11-11 19:04 - 00019587 _____ () C:\Users\Captain Ron\Desktop\FRST.txt
2014-11-11 19:03 - 2014-11-11 19:04 - 00000000 ____D () C:\FRST
2014-11-11 19:03 - 2014-11-10 17:03 - 02116096 _____ (Farbar) C:\Users\Captain Ron\Desktop\FRST64.exe
2014-11-10 19:20 - 2014-11-10 19:22 - 00000000 ____D () C:\AdwCleaner
2014-11-10 19:19 - 2014-11-10 17:02 - 02140160 _____ () C:\Users\Captain Ron\Desktop\AdwCleaner.exe
2014-11-10 16:58 - 2014-11-10 16:58 - 00000000 ____D () C:\ProgramData\374311380
2014-11-10 16:58 - 2014-11-10 16:58 - 00000000 ____D () C:\Program Files (x86)\predm
2014-11-10 12:52 - 2014-11-10 12:52 - 00021675 _____ () C:\Users\Captain Ron\Desktop\DDS 11-10-2014.txt
2014-11-10 12:52 - 2014-11-10 12:52 - 00014156 _____ () C:\Users\Captain Ron\Desktop\Attach 11-10-2014.txt
2014-11-10 12:51 - 2014-11-10 12:51 - 00021675 _____ () C:\Users\Captain Ron\Desktop\dds.txt
2014-11-04 18:24 - 2014-11-10 12:51 - 00014156 _____ () C:\Users\Captain Ron\Desktop\attach.txt
2014-11-04 18:12 - 2014-11-04 18:11 - 05591672 ____R (Swearware) C:\Users\Captain Ron\Desktop\randomnamehere.exe
2014-11-04 18:09 - 2014-11-03 19:35 - 05591672 ____R (Swearware) C:\Users\Captain Ron\Desktop\random.exe
2014-11-04 18:05 - 2014-11-04 18:15 - 00000000 ____D () C:\32788R22FWJFW
2014-11-04 06:42 - 2014-11-04 06:42 - 00000000 ____D () C:\Windows\pss
2014-11-03 20:16 - 2014-11-03 20:16 - 00003352 ____N () C:\bootsqm.dat
2014-10-28 20:36 - 2014-10-28 20:36 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\OneSoftperDay
2014-10-28 19:36 - 2014-10-28 11:37 - 00048832 _____ (StdLib) C:\Windows\system32\Drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys
2014-10-28 18:17 - 2014-10-28 18:17 - 00139488 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2014-10-28 06:17 - 2014-10-28 06:17 - 00003468 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-10-28 06:16 - 2014-11-03 20:17 - 00003282 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2014-10-28 06:15 - 2014-10-28 06:15 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-10-28 06:13 - 2014-10-28 06:13 - 00004296 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2014-10-28 06:13 - 2014-10-28 06:13 - 00002638 _____ () C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-28 06:13 - 2014-10-28 06:13 - 00002591 _____ () C:\Users\Captain Ron\Desktop\Search.lnk
2014-10-28 06:12 - 2014-10-28 06:17 - 00000000 ____D () C:\rei
2014-10-28 06:12 - 2014-10-28 06:13 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-10-28 06:12 - 2014-10-28 06:12 - 00005480 _____ () C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5
2014-10-28 06:12 - 2014-10-28 06:12 - 00003298 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-2771474770-601152397-3368871679-1001
2014-10-28 06:12 - 2014-10-28 06:12 - 00001903 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-10-28 06:12 - 2014-10-28 06:12 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-28 06:12 - 2014-10-28 06:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-10-28 06:12 - 2014-10-28 06:12 - 00000000 ____D () C:\Program Files\Reimage
2014-10-28 06:11 - 2014-11-10 17:48 - 00001358 _____ () C:\Windows\Tasks\DYRA.job
2014-10-28 06:11 - 2014-11-10 17:48 - 00001354 _____ () C:\Windows\Tasks\AO.job
2014-10-28 06:11 - 2014-10-28 06:11 - 01979296 _____ (app) C:\Users\Captain Ron\AppData\Roaming\DYRA.exe
2014-10-28 06:11 - 2014-10-28 06:11 - 01495456 _____ (app) C:\Users\Captain Ron\AppData\Roaming\AO.exe
2014-10-28 06:11 - 2014-10-28 06:11 - 00008218 _____ () C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-11
2014-10-28 06:11 - 2014-10-28 06:11 - 00007192 _____ () C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-4
2014-10-28 06:11 - 2014-10-28 06:11 - 00007190 _____ () C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-6
2014-10-28 06:11 - 2014-10-28 06:11 - 00006848 _____ () C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-7
2014-10-28 06:11 - 2014-10-28 06:11 - 00006492 _____ () C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-1
2014-10-28 06:11 - 2014-10-28 06:11 - 00005144 _____ () C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-2
2014-10-28 06:11 - 2014-10-28 06:11 - 00004406 _____ () C:\Windows\System32\Tasks\DYRA
2014-10-28 06:11 - 2014-10-28 06:11 - 00004402 _____ () C:\Windows\System32\Tasks\AO
2014-10-28 06:11 - 2014-10-28 06:11 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\VOPackage
2014-10-28 06:11 - 2014-10-28 06:11 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-10-28 06:11 - 2014-10-28 06:11 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\Smartbar
2014-10-28 06:11 - 2014-10-28 06:11 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\LPT
2014-10-28 06:10 - 2014-10-28 06:10 - 00007528 _____ () C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-3
2014-10-28 06:10 - 2014-10-28 06:10 - 00004440 _____ () C:\Windows\SysWOW64\ProtectMe.ini
2014-10-28 06:10 - 2014-10-28 06:10 - 00003976 _____ () C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2014-10-28 06:10 - 2014-10-28 06:10 - 00003724 _____ () C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2014-10-28 06:10 - 2014-10-28 06:10 - 00003646 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-10-28 06:10 - 2014-10-28 06:10 - 00002368 _____ () C:\Windows\SysWOW64\ProtectMeOff.ini
2014-10-28 06:10 - 2014-10-28 06:10 - 00002368 _____ () C:\Windows\system32\ProtectMeOff.ini
2014-10-28 06:10 - 2014-10-28 06:10 - 00001021 _____ () C:\Users\Captain Ron\Desktop\PepperZip.lnk
2014-10-28 06:10 - 2014-10-28 06:10 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2014-10-28 06:10 - 2014-10-28 06:10 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\Weather_Protector_LLC
2014-10-28 06:10 - 2014-10-28 06:10 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\StormWatch
2014-10-28 06:10 - 2014-10-28 06:10 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\globalUpdate
2014-10-28 06:10 - 2014-10-28 06:10 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-28 06:10 - 2014-10-27 12:51 - 01318912 _____ () C:\Windows\rcore.exe
2014-10-28 06:10 - 2014-10-09 14:14 - 00350768 _____ (ProtectMe) C:\Windows\system32\ProtectMe64.dll
2014-10-28 06:10 - 2014-10-09 14:14 - 00304728 _____ (ProtectMe) C:\Windows\SysWOW64\ProtectMe.dll
2014-10-28 06:09 - 2014-11-10 17:01 - 00000000 ____D () C:\Program Files (x86)\PCTRunner
2014-10-28 06:09 - 2014-11-03 06:59 - 00002451 _____ () C:\Windows\patsearch.bin
2014-10-28 06:09 - 2014-10-28 06:17 - 00000137 _____ () C:\Windows\Reimage.ini
2014-10-28 06:09 - 2014-10-28 06:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-10-28 06:09 - 2014-10-28 06:10 - 00000000 ____D () C:\Program Files (x86)\PepperZip
2014-10-28 06:09 - 2014-10-28 06:09 - 00003078 _____ () C:\Windows\System32\Tasks\NewPlayer Update
2014-10-28 06:09 - 2014-10-28 06:09 - 00001163 _____ () C:\Users\Public\Desktop\JFileManager.lnk
2014-10-28 06:09 - 2014-10-28 06:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-28 06:09 - 2014-10-28 06:09 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-10-28 06:09 - 2014-10-28 06:09 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\JFileManager
2014-10-28 06:09 - 2014-10-28 06:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
2014-10-28 06:09 - 2014-10-28 06:09 - 00000000 ____D () C:\Program Files (x86)\JFileManager
2014-10-28 06:07 - 2014-10-28 06:07 - 00386504 _____ () C:\Users\Captain Ron\Downloads\Setup.exe
2014-10-28 06:03 - 2014-10-28 06:03 - 00000000 ____D () C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056
2014-10-28 06:03 - 2014-10-28 06:03 - 00000000 ____D () C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
2014-10-26 19:38 - 2014-10-26 19:38 - 00569040 _____ (Downloadius) C:\Users\Captain Ron\Downloads\HD_Player__CD5MTCD13050_47b722b22e886fb629fc493c54e12401.exe
2014-10-26 19:38 - 2014-10-26 19:38 - 00569040 _____ (Downloadius) C:\Users\Captain Ron\Downloads\HD_Player__CD5MTCD13050_47b722b22e886fb629fc493c54e12401 (1).exe
2014-10-26 11:07 - 2014-10-26 11:07 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\{CE00CCF2-CB89-4C46-BD15-C89BA41B0771}
2014-10-26 08:57 - 2014-10-26 08:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-26 08:39 - 2014-10-26 08:39 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\Astromenda
2014-10-25 21:42 - 2014-10-25 21:42 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\{2D7F940E-6882-4440-B353-030392526421}
2014-10-25 17:48 - 2014-10-25 13:33 - 00048832 _____ (StdLib) C:\Windows\system32\Drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys
2014-10-25 17:48 - 2014-10-25 12:33 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys
2014-10-25 09:28 - 2014-10-25 09:28 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\{F35D8B9B-05CC-4242-9E5F-1F79FEDAF059}
2014-10-24 21:52 - 2014-10-24 15:39 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys
2014-10-24 21:50 - 2014-10-24 16:35 - 00048832 _____ (StdLib) C:\Windows\system32\Drivers\{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64.sys
2014-10-24 21:28 - 2014-10-24 21:28 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-10-24 21:27 - 2014-10-24 21:27 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\InstallShield
2014-10-24 21:26 - 2014-10-24 21:26 - 07793096 _____ (Sony Corporation ) C:\Users\Captain Ron\Downloads\SRD20_Installer0810a.exe
2014-10-24 21:25 - 2014-10-24 21:25 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\{C7DAFD85-2A52-45C5-96CF-1F045EE8CCA8}
2014-10-24 18:54 - 2014-10-24 18:54 - 00022528 _____ () C:\Users\Captain Ron\AppData\Local\162171151dsisetup1621742862.exe
2014-10-24 18:54 - 2014-10-24 18:54 - 00000001 _____ () C:\Users\Captain Ron\AppData\Local\DSI.DAT
2014-10-22 21:28 - 2014-10-28 05:58 - 00000127 _____ () C:\Users\Captain Ron\AppData\Roaming\WB.CFG
2014-10-22 20:33 - 2014-11-01 20:44 - 00003278 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-10-22 20:33 - 2014-10-22 20:33 - 00000000 ____D () C:\Users\Captain Ron\Documents\Optimizer Pro
2014-10-22 20:28 - 2014-11-10 17:51 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\IDMSQ
2014-10-22 20:28 - 2014-11-03 21:29 - 00000310 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-10-22 20:28 - 2014-10-28 20:45 - 00000000 ____D () C:\Program Files (x86)\AdvanceElite
2014-10-22 20:28 - 2014-10-22 20:28 - 00003272 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-10-22 20:28 - 2014-10-22 20:28 - 00000271 _____ () C:\Users\Captain Ron\Desktop\Cut the Rope.url
2014-10-22 20:28 - 2014-10-22 20:28 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\WSE_Astromenda
2014-10-22 20:28 - 2014-10-22 20:28 - 00000000 ____D () C:\Program Files (x86)\WSE_Astromenda
2014-10-22 20:28 - 2014-10-22 20:28 - 00000000 ____D () C:\MININT
2014-10-22 20:27 - 2014-10-22 20:28 - 00000000 ____D () C:\Program Files (x86)\IDMSQ
2014-10-22 20:26 - 2014-10-22 20:26 - 00715920 _____ ( ) C:\Users\Captain Ron\Downloads\IDM2-Win-EN.exe
2014-10-22 20:26 - 2014-10-22 20:26 - 00004048 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-10-22 20:26 - 2014-10-22 20:26 - 00001971 _____ () C:\Users\Captain Ron\Desktop\Sync Folder.lnk
2014-10-22 20:25 - 2014-10-28 20:35 - 00000000 ____D () C:\Program Files\CouponArific
2014-10-22 20:25 - 2014-10-24 21:39 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-10-22 20:25 - 2014-10-22 20:25 - 00001089 _____ () C:\Users\Captain Ron\Desktop\MyPC Backup.lnk
2014-10-22 20:25 - 2014-10-22 20:25 - 00000000 ____D () C:\Users\Captain Ron\Downloads\PhotoViewerzip
2014-10-22 20:25 - 2014-10-22 20:25 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-10-22 20:25 - 2014-10-22 20:25 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-10-22 20:25 - 2014-10-22 20:25 - 00000000 ____D () C:\Program Files (x86)\WajaIE
2014-10-22 20:24 - 2014-10-28 20:41 - 00000000 ____D () C:\Program Files (x86)\neurowise
2014-10-22 20:24 - 2014-10-28 19:31 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\SearchProtect
2014-10-22 20:24 - 2014-10-28 06:12 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-10-22 20:23 - 2014-10-22 20:23 - 00656864 _____ () C:\Users\Captain Ron\Downloads\photoviewer-setup.exe
2014-10-22 20:23 - 2014-10-22 20:23 - 00656864 _____ () C:\Users\Captain Ron\Downloads\photoviewer-setup (1).exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 02:28 - 2011-04-20 07:20 - 01706615 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 19:09 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 17:51 - 2012-08-31 18:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 17:51 - 2009-07-13 23:51 - 00084410 _____ () C:\Windows\setupact.log
2014-11-10 17:48 - 2013-07-15 11:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 17:48 - 2011-08-07 15:54 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-10 17:48 - 2011-08-07 15:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-10 17:48 - 2011-04-20 07:58 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-10 17:47 - 2013-07-15 11:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 17:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 17:46 - 2011-08-07 15:35 - 00227882 _____ () C:\Windows\PFRO.log
2014-11-01 21:20 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 21:20 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 20:44 - 2009-07-13 21:34 - 00000732 _____ () C:\Windows\win.ini
2014-10-28 20:39 - 2013-11-27 03:01 - 01040905 _____ () C:\Windows\IE11_main.log
2014-10-28 20:11 - 2011-09-15 18:39 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BDC16089-80B0-45C7-BFDB-658DA3E5BA9D}
2014-10-28 06:01 - 2013-07-15 11:01 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-26 08:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-10-25 15:45 - 2014-04-07 16:50 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\Windows Live
2014-10-25 02:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-25 00:08 - 2013-07-15 11:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 00:08 - 2013-07-15 11:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 21:28 - 2011-04-20 07:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-22 20:46 - 2011-08-07 15:44 - 00060064 _____ () C:\Users\Captain Ron\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-22 20:43 - 2009-07-13 23:45 - 00275992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-22 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-10-22 19:46 - 2013-10-07 09:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-15 16:55 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:42 - 2012-10-08 07:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Captain Ron\AppData\Local\Temp\-udxvfgo.dll
C:\Users\Captain Ron\AppData\Local\Temp\1hzku_ib.dll
C:\Users\Captain Ron\AppData\Local\Temp\2B1F438B-F370-9B00-3C96-2A770B9FC1D6.exe
C:\Users\Captain Ron\AppData\Local\Temp\30zzimcu.dll
C:\Users\Captain Ron\AppData\Local\Temp\3yb9nnco.dll
C:\Users\Captain Ron\AppData\Local\Temp\6457CD15-9585-5B3B-7134-7B04C2B5FC76.dll
C:\Users\Captain Ron\AppData\Local\Temp\6457CD15-9585-5B3B-7134-7B04C2B5FC76.exe
C:\Users\Captain Ron\AppData\Local\Temp\6lz8-zvf.dll
C:\Users\Captain Ron\AppData\Local\Temp\8nib2xt7.dll
C:\Users\Captain Ron\AppData\Local\Temp\BackupSetup.exe
C:\Users\Captain Ron\AppData\Local\Temp\Compete_setup.exe
C:\Users\Captain Ron\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Captain Ron\AppData\Local\Temp\dnuh2pvw.dll
C:\Users\Captain Ron\AppData\Local\Temp\eya2mjxo.dll
C:\Users\Captain Ron\AppData\Local\Temp\hncgxyrx.dll
C:\Users\Captain Ron\AppData\Local\Temp\install_flashplayer11x32axau_gtbd_chrd_dn_aih.exe
C:\Users\Captain Ron\AppData\Local\Temp\lxgvcotz.dll
C:\Users\Captain Ron\AppData\Local\Temp\m2wz7cir.dll
C:\Users\Captain Ron\AppData\Local\Temp\q7msg3qn.dll
C:\Users\Captain Ron\AppData\Local\Temp\qini6sky.dll
C:\Users\Captain Ron\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Captain Ron\AppData\Local\Temp\SpOrder.dll
C:\Users\Captain Ron\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Captain Ron\AppData\Local\Temp\w-rjlyhs.dll
C:\Users\Captain Ron\AppData\Local\Temp\wwb9w-rs.dll
C:\Users\Captain Ron\AppData\Local\Temp\xmoqemgi.dll
C:\Users\Captain Ron\AppData\Local\Temp\_rcsjft5.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-23 02:48
 
==================== End Of Log ============================
 
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Captain Ron at 2014-11-11 19:04:51
Running from C:\Users\Captain Ron\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2201.41622 - ABBYY Software House)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AdvanceElite (HKLM\...\AdvanceElite) (Version: 2014.10.22.232628 - AdvanceElite) <==== ATTENTION
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Canon MX410 series User Registration (HKLM-x32\...\Canon MX410 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DictionaryBoss Toolbar (HKLM-x32\...\DictionaryBossbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1994 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Internet Download Manager² 1.0 (HKLM-x32\...\IDMSQ) (Version: 1.0 - OR Interactive Ltd)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
JFileManager (HKLM-x32\...\JFileManager) (Version: v1.0.0.1 - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
MahJongg Master 3 (HKLM-x32\...\MahJongg Master 3) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
neurowise (HKLM\...\neurowise) (Version: 2014.10.22.212703 - neurowise)
PepperZip 1.0 (HKLM-x32\...\PepperZip) (Version: 1.0 - PepperWare Co.) <==== ATTENTION
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.0 - Reimage)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\{d8b94da5-fc9a-42df-9dea-597e0e101b9e}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
StormWatch (HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\StormWatch) (Version: 1.0.1.27 - StormWatch)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
The Weather Channel Toolbar (HKLM-x32\...\The Weather Channel Toolbar) (Version:  - )
Wajam (HKLM-x32\...\WajaIE) (Version: 2.13 (i2.5) - Wajam) <==== ATTENTION
Web Protect for Windows (HKLM-x32\...\wp-dcollect-tgu) (Version: 10.0.0 - PC Publishing) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version:  - WSE_Astromenda) <==== ATTENTION
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-11-2014 07:00:12 Windows Update
02-11-2014 08:00:12 Windows Update
03-11-2014 08:00:36 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-10-22 20:28 - 00000070 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 d3oxij66pru1i3.cloudfront.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {056F6E96-8D62-427E-9CF8-6059060A320F} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5_user => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-5.exe
Task: {07E4CB1E-833E-4AD6-AE43-7EEAF65BEA79} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-11 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-11.exe
Task: {0A3E0A23-BC75-4B45-89F1-7386EF8EE8E2} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-5.exe
Task: {1280EF5D-EDEF-4396-8B1B-D9788255B4EA} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-1 => C:\Program Files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-codedownloader.exe
Task: {130E607E-02AA-4E83-82AF-1966B45D5038} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {143416EC-DD65-4798-BA68-E703565F0297} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-7 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-7.exe
Task: {17B47991-2343-4DD0-ACDB-A49383270BC5} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {28F2DDB5-C989-424E-A66F-1213E38F1ABF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {366D152B-E16D-42DD-AC60-A4BC548CA251} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-3 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-3.exe
Task: {3E23B265-B0E6-4A7B-8AB9-33FD6E4B76AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {3F4D88B8-F237-4981-A334-96B67ECA7310} - System32\Tasks\DYRA => C:\Users\Captain Ron\AppData\Roaming\DYRA.exe [2014-10-28] (app) <==== ATTENTION
Task: {464D6B9D-63A8-422B-97E1-317F0F79AFAD} - System32\Tasks\CIMT_S-1-5-21-2771474770-601152397-3368871679-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {6139ACCC-B1EE-4511-8E21-194923454C09} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {617A2E41-F008-4462-90E7-A9B996D9217A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28] (Reimage®)
Task: {64C0E5C0-0281-4996-B3DF-B485CB93D071} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-28] (globalUpdate) <==== ATTENTION
Task: {7F1F6333-C53E-46F0-ADD5-E3805C607A95} - System32\Tasks\AO => C:\Users\Captain Ron\AppData\Roaming\AO.exe [2014-10-28] (app) <==== ATTENTION
Task: {8332D24C-1CB0-4793-93AB-95C344AE6BF9} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-10-23] ()
Task: {91761BC8-AE81-4164-834E-937C91A97128} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {96BBA39D-23BB-4430-BF4F-51ADA027DDB3} - System32\Tasks\WSE_Astromenda => C:\Users\Captain Ron\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-10-22] () <==== ATTENTION
Task: {A3A19BBC-34AE-45EF-B0F9-52EF289B5F9B} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-2 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-2.exe
Task: {CDD0C314-061A-463C-AF9C-0BD99FA7BE53} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Task: {D0A9554C-0209-44AA-BC5F-009133DB566A} - System32\Tasks\NewPlayer Update => C:\Program Files (x86)\ver7NewPlayer\T3NewPlayerX28.exe
Task: {EE2FA7F1-A8E2-4B2F-BC84-A25C55C4EA6E} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-6 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-6.exe
Task: {F0706A87-868A-431B-8CA1-85F91BDA80B5} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
Task: {F6B07564-F1AB-456C-8752-8170C06ED666} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-4 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-4.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AO.job => C:\Users\Captain Ron\AppData\Roaming\AO.exe <==== ATTENTION
Task: C:\Windows\Tasks\DYRA.job => C:\Users\Captain Ron\AppData\Roaming\DYRA.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\CAPTAI~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtectMe => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DictionaryBoss Browser Plugin Loader => C:\PROGRA~2\DICTIO~2\bar\1.bin\v4brmon.exe
MSCONFIG\startupreg: DictionaryBoss Search Scope Monitor => "C:\PROGRA~2\DICTIO~2\bar\1.bin\v4srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SelectRebates => C:\Program Files (x86)\SelectRebates\SelectRebates.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2771474770-601152397-3368871679-500 - Administrator - Disabled)
Captain Ron (S-1-5-21-2771474770-601152397-3368871679-1001 - Administrator - Enabled) => C:\Users\Captain Ron
Guest (S-1-5-21-2771474770-601152397-3368871679-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2771474770-601152397-3368871679-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/10/2014 05:49:02 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/10/2014 05:08:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/03/2014 08:19:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/01/2014 06:58:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TWCApp.exe, version: 7.5.3.0, time stamp: 0x51c84ddd
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0xe0434352
Fault offset: 0x0000c41f
Faulting process id: 0x1328
Faulting application start time: 0xTWCApp.exe0
Faulting application path: TWCApp.exe1
Faulting module path: TWCApp.exe2
Report Id: TWCApp.exe3
 
Error: (11/01/2014 06:58:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
 
Error: (11/01/2014 06:55:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/01/2014 06:27:03 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\pnidui.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.
 
Program: Windows Explorer
File: C:\Windows\System32\pnidui.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C00000B5
Disk type: 3
 
Error: (11/01/2014 06:08:24 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\gpapi.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Google Chrome because of this error.
 
Program: Google Chrome
File: C:\Windows\SysWOW64\gpapi.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C00000B5
Disk type: 3
 
Error: (11/01/2014 06:08:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.111, time stamp: 0x5447163b
Faulting module name: GPAPI.dll, version: 6.1.7600.16385, time stamp: 0x4a5bd9e0
Exception code: 0xc0000006
Fault offset: 0x00009e9c
Faulting process id: 0x4d4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (11/01/2014 06:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000006
Fault offset: 0x0000000000029c42
Faulting process id: 0x408
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
 
System errors:
=============
Error: (11/11/2014 02:28:23 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (11/10/2014 07:20:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:20:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:20:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ProtectMe-Service{94B83936-77EA-4708-8FC5-F3BBC55C2A32}
 
Error: (11/10/2014 07:06:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (11/10/2014 07:05:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:05:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:05:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:05:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:05:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (11/10/2014 05:49:02 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/10/2014 05:08:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/03/2014 08:19:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/01/2014 06:58:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TWCApp.exe7.5.3.051c84dddKERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41f132801cff62fa3cb3312C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exeC:\Windows\syswow64\KERNELBASE.dllf7f0749c-6222-11e4-8da3-782bcbe52ede
 
Error: (11/01/2014 06:58:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
 
Error: (11/01/2014 06:55:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/01/2014 06:27:03 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\pnidui.dllWindows ExplorerC00000B53
 
Error: (11/01/2014 06:08:24 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\SysWOW64\gpapi.dllGoogle ChromeC00000B53
 
Error: (11/01/2014 06:08:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1115447163bGPAPI.dll6.1.7600.163854a5bd9e0c000000600009e9c4d401cff61e1701bc32C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\GPAPI.dllfa70c6d9-621b-11e4-87ee-9f6d3df41b8b
 
Error: (11/01/2014 06:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.1822951fb164ac00000060000000000029c4240801cff5f81f4afe81C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll963d21ef-621b-11e4-87ee-9f6d3df41b8b
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-02-07 18:28:31.767
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-07 18:28:31.461
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 12%
Total physical RAM: 6106.36 MB
Available physical RAM: 5326.57 MB
Total Pagefile: 12210.91 MB
Available Pagefile: 11479.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:220.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:7.35 GB) (Free:7.33 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7E945E68)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:10 PM

Posted 14 November 2014 - 12:19 PM

Hi Aushin

Step 1
 
Boot into safe mode

Click Start then type in CMD, Right click CMD and left click Run as Administrator

 At the command prompt, issue the following command and press Enter:

reg add HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer

Next, issue the following command and press Enter:

sc start MSIServer
 
 Exit the command prompt.

 

Click on Start -> Control Panel -> Add/Remove Programs

Uninstall the following Programs:-

  • AdvanceElite
  • DictionaryBoss Toolbar
  • MyPC Backup
  • neurowise
  • PepperZip 1.0
  • Reimage Repair
  • Remote Desktop Access
  • Snap.Do Engine
  • Web Protect for Windows
  • WSE_Astromenda

Note if one fail's please move on to the next program

Close the Add/Remove Programs and Control Panel

Restart your computer

 

Step 2
 
Start up on Safe Mode

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt




CloseProcesses:
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Captain Ron\AppData\Local\Smartbar\Application\SnapDo.exe [28192 2014-09-21] (Smartbar)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2771474770-601152397-3368871679-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:50226;https=127.0.0.1:50226
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=55&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SSPV=
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=58&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=58&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&q={searchTerms}&SSPV=
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: AdvanceElite -> {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} -> C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
BHO-x32: Search Assistant BHO -> {58376892-60e7-4f63-aca0-0f686af554d6} -> C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll No File
BHO-x32: Toolbar BHO -> {6eb534fb-2001-45c4-b860-bc904865a379} -> C:\PROGRA~2\DICTIO~2\bar\1.bin\v4bar.dll No File
BHO-x32: neurowise -> {d08ab008-0647-4784-8e2c-5769cd4a7c3a} -> C:\Program Files (x86)\neurowise\neurowisebho.dll (neurowise)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - DictionaryBoss - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll No File
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9-x64 01 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 02 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 03 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 04 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 15 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
FF Plugin-x32: @DictionaryBoss.com/Plugin -> C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll No File
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF HKLM-x32\...\Firefox\Extensions: [v4ffxtbr@DictionaryBoss.com] - C:\Program Files (x86)\DictionaryBoss\bar\1.bin
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=55&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=55&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=58&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (Astromenda New Tab) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-10-22]
CHR Extension: (AdvanceElite) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlgmglenofknhllndpffnjmfdglfnng [2014-10-28]
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\Captain Ron\AppData\Roaming\IDMSQ\IDMSQ.crx [2013-09-24]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32800 2014-09-21] () <==== ATTENTION
S2 MaintainerSvc1.20.7247763; C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe [123632 2014-10-27] ()
S2 MaintainerSvc3.32.7672459; C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\maintainer.exe [123680 2014-10-27] ()
S3 ProtectMe; C:\Program Files (x86)\PCTRunner\ProtectMe.exe [1323408 2014-10-09] (ProtectMe) [File not signed]
S2 rcores; C:\Windows\rcore.exe [1318912 2014-10-27] () [File not signed]
S2 Update AdvanceElite; C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [523552 2014-10-28] ()
S2 Update neurowise; C:\Program Files (x86)\neurowise\updateneurowise.exe [523552 2014-10-28] ()
S2 Util AdvanceElite; C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [523552 2014-10-28] ()
S2 Util neurowise; C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [523552 2014-10-28] ()
S2 CouponArificService64; C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1\kwcwagadsn64.exe [X]
S2 DictionaryBossService; C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe [X]
S1 {054bd1e4-abee-467e-ab51-8ab276684243}w64; C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys [48832 2014-10-25] (StdLib)
S1 {255a824a-3cde-4dee-9785-284605606456}w64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys [48832 2014-10-28] (StdLib)
S1 {46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys [48832 2014-10-24] (StdLib)
S1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}w64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys [48784 2014-10-25] (StdLib)
S1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64; C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys [48784 2014-10-24] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
Task: {056F6E96-8D62-427E-9CF8-6059060A320F} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5_user => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-5.exe
Task: {07E4CB1E-833E-4AD6-AE43-7EEAF65BEA79} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-11 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-11.exe
Task: {0A3E0A23-BC75-4B45-89F1-7386EF8EE8E2} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-5.exe
Task: {1280EF5D-EDEF-4396-8B1B-D9788255B4EA} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-1 => C:\Program Files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-codedownloader.exe
Task: {130E607E-02AA-4E83-82AF-1966B45D5038} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {143416EC-DD65-4798-BA68-E703565F0297} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-7 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-7.exe
Task: {17B47991-2343-4DD0-ACDB-A49383270BC5} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {366D152B-E16D-42DD-AC60-A4BC548CA251} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-3 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-3.exe
Task: {3F4D88B8-F237-4981-A334-96B67ECA7310} - System32\Tasks\DYRA => C:\Users\Captain Ron\AppData\Roaming\DYRA.exe [2014-10-28] (app) <==== ATTENTION
Task: {464D6B9D-63A8-422B-97E1-317F0F79AFAD} - System32\Tasks\CIMT_S-1-5-21-2771474770-601152397-3368871679-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {6139ACCC-B1EE-4511-8E21-194923454C09} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {617A2E41-F008-4462-90E7-A9B996D9217A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28] (Reimage®)
Task: {64C0E5C0-0281-4996-B3DF-B485CB93D071} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-28] (globalUpdate) <==== ATTENTION
Task: {7F1F6333-C53E-46F0-ADD5-E3805C607A95} - System32\Tasks\AO => C:\Users\Captain Ron\AppData\Roaming\AO.exe [2014-10-28] (app) <==== ATTENTION
Task: {8332D24C-1CB0-4793-93AB-95C344AE6BF9} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-10-23] ()
Task: {96BBA39D-23BB-4430-BF4F-51ADA027DDB3} - System32\Tasks\WSE_Astromenda => C:\Users\Captain Ron\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-10-22] () <==== ATTENTION
Task: {A3A19BBC-34AE-45EF-B0F9-52EF289B5F9B} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-2 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-2.exe
Task: {CDD0C314-061A-463C-AF9C-0BD99FA7BE53} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Task: {D0A9554C-0209-44AA-BC5F-009133DB566A} - System32\Tasks\NewPlayer Update => C:\Program Files (x86)\ver7NewPlayer\T3NewPlayerX28.exe
Task: {EE2FA7F1-A8E2-4B2F-BC84-A25C55C4EA6E} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-6 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-6.exe
Task: {F0706A87-868A-431B-8CA1-85F91BDA80B5} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
Task: {F6B07564-F1AB-456C-8752-8170C06ED666} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-4 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-7
Task: C:\Windows\Tasks\AO.job => C:\Users\Captain Ron\AppData\Roaming\AO.exe <==== ATTENTION
Task: C:\Windows\Tasks\DYRA.job => C:\Users\Captain Ron\AppData\Roaming\DYRA.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\CAPTAI~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Captain Ron\AppData\Local\Smartbar\
C:\PROGRA~2\SearchProtect\
C:\Windows\system32\mscoree.dll
C:\Windows\SysWOW64\mscoree.dll
C:\Program Files (x86)\AdvanceElite\
C:\Program Files (x86)\DictionaryBoss\
C:\Program Files (x86)\neurowise\
C:\Program Files (x86)\Coupons.com CouponBar\
C:\Windows\SysWOW64\ProtectMe.dll
C:\Windows\system32\ProtectMe64.dll
C:\Program Files (x86)\MyPC Backup\
C:\Program Files (x86)\LPT\
C:\Program Files (x86)\ver7NewPlayer\
C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\
C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\
C:\Program Files (x86)\PCTRunner\
C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1
C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys
C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys
C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys
C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys
C:\Windows\system32\drivers\SPPD.sys
C:\ProgramData\374311380
C:\Program Files (x86)\predm
C:\Users\Captain Ron\AppData\Local\OneSoftperDay
C:\Windows\System32\Tasks\Reimage Reminder
C:\Windows\System32\Tasks\Super Optimizer Schedule
C:\Windows\System32\Tasks\ReimageUpdater
C:\ProgramData\Reimage Protector
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5
C:\Windows\System32\Tasks\CIMT_S-1-5-21-2771474770-601152397-3368871679-1001
C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
C:\Program Files\Reimage
C:\Windows\Tasks\DYRA.job
C:\Windows\Tasks\AO.job
C:\Users\Captain Ron\AppData\Roaming\DYRA.exe
C:\Users\Captain Ron\AppData\Roaming\AO.exe
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-11
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-4
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-6
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-7
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-1
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-2
C:\Windows\System32\Tasks\DYRA
C:\Windows\System32\Tasks\AO
C:\Users\Captain Ron\AppData\Roaming\VOPackage
C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
C:\Users\Captain Ron\AppData\Local\Smartbar
C:\Users\Captain Ron\AppData\Local\LPT
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-3
C:\Windows\SysWOW64\ProtectMe.ini
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
C:\Windows\SysWOW64\ProtectMeOff.ini
C:\Windows\system32\ProtectMeOff.ini
C:\Users\Captain Ron\Desktop\PepperZip.lnk
C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
C:\Users\Captain Ron\AppData\Local\Weather_Protector_LLC
C:\Users\Captain Ron\AppData\Local\StormWatch
C:\Users\Captain Ron\AppData\Local\globalUpdate
C:\Program Files (x86)\globalUpdate
C:\Windows\patsearch.bin
C:\Windows\Reimage.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
C:\Program Files (x86)\PepperZip
C:\Windows\System32\Tasks\NewPlayer Update
C:\Users\Public\Desktop\JFileManager.lnk
C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
C:\Users\Captain Ron\AppData\Local\JFileManager
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
C:\Program Files (x86)\JFileManager
C:\Program Files (x86)\Browsers+Apps+1.1\
C:\Program Files (x86)\globalUpdate\
C:\Users\Captain Ron\Downloads\Setup.exe
C:\Users\Captain Ron\Downloads\HD_Player__CD5MTCD13050_47b722b22e886fb629fc493c54e12401.exe
C:\Users\Captain Ron\Downloads\HD_Player__CD5MTCD13050_47b722b22e886fb629fc493c54e12401 (1).exe
C:\Users\Captain Ron\AppData\Local\162171151dsisetup1621742862.exe
C:\Users\CAPTAI~1\AppData\Roaming\WSE_AS~1\
C:\Users\Captain Ron\AppData\Local\Temp\-udxvfgo.dll
C:\Users\Captain Ron\AppData\Local\Temp\1hzku_ib.dll
C:\Users\Captain Ron\AppData\Local\Temp\2B1F438B-F370-9B00-3C96-2A770B9FC1D6.exe
C:\Users\Captain Ron\AppData\Local\Temp\30zzimcu.dll
C:\Users\Captain Ron\AppData\Local\Temp\3yb9nnco.dll
C:\Users\Captain Ron\AppData\Local\Temp\6457CD15-9585-5B3B-7134-7B04C2B5FC76.dll
C:\Users\Captain Ron\AppData\Local\Temp\6457CD15-9585-5B3B-7134-7B04C2B5FC76.exe
C:\Users\Captain Ron\AppData\Local\Temp\6lz8-zvf.dll
C:\Users\Captain Ron\AppData\Local\Temp\8nib2xt7.dll
C:\Users\Captain Ron\AppData\Local\Temp\BackupSetup.exe
C:\Users\Captain Ron\AppData\Local\Temp\Compete_setup.exe
C:\Users\Captain Ron\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Captain Ron\AppData\Local\Temp\dnuh2pvw.dll
C:\Users\Captain Ron\AppData\Local\Temp\eya2mjxo.dll
C:\Users\Captain Ron\AppData\Local\Temp\hncgxyrx.dll
C:\Users\Captain Ron\AppData\Local\Temp\install_flashplayer11x32axau_gtbd_chrd_dn_aih.exe
C:\Users\Captain Ron\AppData\Local\Temp\lxgvcotz.dll
C:\Users\Captain Ron\AppData\Local\Temp\m2wz7cir.dll
C:\Users\Captain Ron\AppData\Local\Temp\q7msg3qn.dll
C:\Users\Captain Ron\AppData\Local\Temp\qini6sky.dll
C:\Users\Captain Ron\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Captain Ron\AppData\Local\Temp\SpOrder.dll
C:\Users\Captain Ron\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Captain Ron\AppData\Local\Temp\w-rjlyhs.dll
C:\Users\Captain Ron\AppData\Local\Temp\wwb9w-rs.dll
C:\Users\Captain Ron\AppData\Local\Temp\xmoqemgi.dll
C:\Users\Captain Ron\AppData\Local\Temp\_rcsjft5.dll
cmd: netsh winsock reset
Hosts:
EmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 3

I would like you to try and boot into Normal mode and run AdwCleaner and FRST scan. Information about this can be found in my last post.


Edited by seedy21, 14 November 2014 - 12:20 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 Aushin

Aushin
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 15 November 2014 - 12:08 PM

Fixlog.txt below, going to try to run FRST in normal mode now

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Captain Ron at 2014-11-15 11:43:13 Run:1
Running from C:\Users\Captain Ron\Desktop
Loaded Profile: Captain Ron (Available profiles: Captain Ron)
Boot Mode: Safe Mode (minimal)
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Captain Ron\AppData\Local\Smartbar\Application\SnapDo.exe [28192 2014-09-21] (Smartbar)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2771474770-601152397-3368871679-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:50226;https=127.0.0.1:50226
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: AdvanceElite -> {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} -> C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
BHO-x32: Search Assistant BHO -> {58376892-60e7-4f63-aca0-0f686af554d6} -> C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll No File
BHO-x32: Toolbar BHO -> {6eb534fb-2001-45c4-b860-bc904865a379} -> C:\PROGRA~2\DICTIO~2\bar\1.bin\v4bar.dll No File
BHO-x32: neurowise -> {d08ab008-0647-4784-8e2c-5769cd4a7c3a} -> C:\Program Files (x86)\neurowise\neurowisebho.dll (neurowise)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - DictionaryBoss - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll No File
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9-x64 01 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 02 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 03 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 04 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 15 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
FF Plugin-x32: @DictionaryBoss.com/Plugin -> C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll No File
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF HKLM-x32\...\Firefox\Extensions: [v4ffxtbr@DictionaryBoss.com] - C:\Program Files (x86)\DictionaryBoss\bar\1.bin
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=55&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=55&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Extension: (Astromenda New Tab) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-10-22]
CHR Extension: (AdvanceElite) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlgmglenofknhllndpffnjmfdglfnng [2014-10-28]
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\Captain Ron\AppData\Roaming\IDMSQ\IDMSQ.crx [2013-09-24]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32800 2014-09-21] () <==== ATTENTION
S2 MaintainerSvc1.20.7247763; C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe [123632 2014-10-27] ()
S2 MaintainerSvc3.32.7672459; C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\maintainer.exe [123680 2014-10-27] ()
S3 ProtectMe; C:\Program Files (x86)\PCTRunner\ProtectMe.exe [1323408 2014-10-09] (ProtectMe) [File not signed]
S2 rcores; C:\Windows\rcore.exe [1318912 2014-10-27] () [File not signed]
S2 Update AdvanceElite; C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [523552 2014-10-28] ()
S2 Update neurowise; C:\Program Files (x86)\neurowise\updateneurowise.exe [523552 2014-10-28] ()
S2 Util AdvanceElite; C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [523552 2014-10-28] ()
S2 Util neurowise; C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [523552 2014-10-28] ()
S2 CouponArificService64; C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1\kwcwagadsn64.exe [X]
S2 DictionaryBossService; C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe [X]
S1 {054bd1e4-abee-467e-ab51-8ab276684243}w64; C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys [48832 2014-10-25] (StdLib)
S1 {255a824a-3cde-4dee-9785-284605606456}w64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys [48832 2014-10-28] (StdLib)
S1 {46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys [48832 2014-10-24] (StdLib)
S1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}w64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys [48784 2014-10-25] (StdLib)
S1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64; C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys [48784 2014-10-24] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
Task: {056F6E96-8D62-427E-9CF8-6059060A320F} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5_user => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-5.exe
Task: {07E4CB1E-833E-4AD6-AE43-7EEAF65BEA79} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-11 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-11.exe
Task: {0A3E0A23-BC75-4B45-89F1-7386EF8EE8E2} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-5.exe
Task: {1280EF5D-EDEF-4396-8B1B-D9788255B4EA} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-1 => C:\Program Files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-codedownloader.exe
Task: {130E607E-02AA-4E83-82AF-1966B45D5038} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {143416EC-DD65-4798-BA68-E703565F0297} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-7 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-7.exe
Task: {17B47991-2343-4DD0-ACDB-A49383270BC5} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {366D152B-E16D-42DD-AC60-A4BC548CA251} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-3 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-3.exe
Task: {3F4D88B8-F237-4981-A334-96B67ECA7310} - System32\Tasks\DYRA => C:\Users\Captain Ron\AppData\Roaming\DYRA.exe [2014-10-28] (app) <==== ATTENTION
Task: {464D6B9D-63A8-422B-97E1-317F0F79AFAD} - System32\Tasks\CIMT_S-1-5-21-2771474770-601152397-3368871679-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {6139ACCC-B1EE-4511-8E21-194923454C09} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {617A2E41-F008-4462-90E7-A9B996D9217A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28] (Reimage®)
Task: {64C0E5C0-0281-4996-B3DF-B485CB93D071} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-28] (globalUpdate) <==== ATTENTION
Task: {7F1F6333-C53E-46F0-ADD5-E3805C607A95} - System32\Tasks\AO => C:\Users\Captain Ron\AppData\Roaming\AO.exe [2014-10-28] (app) <==== ATTENTION
Task: {8332D24C-1CB0-4793-93AB-95C344AE6BF9} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-10-23] ()
Task: {96BBA39D-23BB-4430-BF4F-51ADA027DDB3} - System32\Tasks\WSE_Astromenda => C:\Users\Captain Ron\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-10-22] () <==== ATTENTION
Task: {A3A19BBC-34AE-45EF-B0F9-52EF289B5F9B} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-2 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-2.exe
Task: {CDD0C314-061A-463C-AF9C-0BD99FA7BE53} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Task: {D0A9554C-0209-44AA-BC5F-009133DB566A} - System32\Tasks\NewPlayer Update => C:\Program Files (x86)\ver7NewPlayer\T3NewPlayerX28.exe
Task: {EE2FA7F1-A8E2-4B2F-BC84-A25C55C4EA6E} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-6 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-754545cbeb71-6.exe
Task: {F0706A87-868A-431B-8CA1-85F91BDA80B5} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
Task: {F6B07564-F1AB-456C-8752-8170C06ED666} - System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-4 => C:\Program Files (x86)\Browsers+Apps+1.1\717dcf8a-2633-4d35-b5c9-7
Task: C:\Windows\Tasks\AO.job => C:\Users\Captain Ron\AppData\Roaming\AO.exe <==== ATTENTION
Task: C:\Windows\Tasks\DYRA.job => C:\Users\Captain Ron\AppData\Roaming\DYRA.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\CAPTAI~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Captain Ron\AppData\Local\Smartbar\
C:\PROGRA~2\SearchProtect\
C:\Windows\system32\mscoree.dll
C:\Windows\SysWOW64\mscoree.dll
C:\Program Files (x86)\AdvanceElite\
C:\Program Files (x86)\DictionaryBoss\
C:\Program Files (x86)\neurowise\
C:\Program Files (x86)\Coupons.com CouponBar\
C:\Windows\SysWOW64\ProtectMe.dll
C:\Windows\system32\ProtectMe64.dll
C:\Program Files (x86)\MyPC Backup\
C:\Program Files (x86)\LPT\
C:\Program Files (x86)\ver7NewPlayer\
C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\
C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\
C:\Program Files (x86)\PCTRunner\
C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1
C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys
C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys
C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys
C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys
C:\Windows\system32\drivers\SPPD.sys
C:\ProgramData\374311380
C:\Program Files (x86)\predm
C:\Users\Captain Ron\AppData\Local\OneSoftperDay
C:\Windows\System32\Tasks\Reimage Reminder
C:\Windows\System32\Tasks\Super Optimizer Schedule
C:\Windows\System32\Tasks\ReimageUpdater
C:\ProgramData\Reimage Protector
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5
C:\Windows\System32\Tasks\CIMT_S-1-5-21-2771474770-601152397-3368871679-1001
C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
C:\Program Files\Reimage
C:\Windows\Tasks\DYRA.job
C:\Windows\Tasks\AO.job
C:\Users\Captain Ron\AppData\Roaming\DYRA.exe
C:\Users\Captain Ron\AppData\Roaming\AO.exe
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-11
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-4
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-6
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-7
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-1
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-2
C:\Windows\System32\Tasks\DYRA
C:\Windows\System32\Tasks\AO
C:\Users\Captain Ron\AppData\Roaming\VOPackage
C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
C:\Users\Captain Ron\AppData\Local\Smartbar
C:\Users\Captain Ron\AppData\Local\LPT
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-3
C:\Windows\SysWOW64\ProtectMe.ini
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
C:\Windows\SysWOW64\ProtectMeOff.ini
C:\Windows\system32\ProtectMeOff.ini
C:\Users\Captain Ron\Desktop\PepperZip.lnk
C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
C:\Users\Captain Ron\AppData\Local\Weather_Protector_LLC
C:\Users\Captain Ron\AppData\Local\StormWatch
C:\Users\Captain Ron\AppData\Local\globalUpdate
C:\Program Files (x86)\globalUpdate
C:\Windows\patsearch.bin
C:\Windows\Reimage.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
C:\Program Files (x86)\PepperZip
C:\Windows\System32\Tasks\NewPlayer Update
C:\Users\Public\Desktop\JFileManager.lnk
C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
C:\Users\Captain Ron\AppData\Local\JFileManager
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
C:\Program Files (x86)\JFileManager
C:\Program Files (x86)\Browsers+Apps+1.1\
C:\Program Files (x86)\globalUpdate\
C:\Users\Captain Ron\Downloads\Setup.exe
C:\Users\Captain Ron\Downloads\HD_Player__CD5MTCD13050_47b722b22e886fb629fc493c54e12401.exe
C:\Users\Captain Ron\Downloads\HD_Player__CD5MTCD13050_47b722b22e886fb629fc493c54e12401 (1).exe
C:\Users\Captain Ron\AppData\Local\162171151dsisetup1621742862.exe
C:\Users\CAPTAI~1\AppData\Roaming\WSE_AS~1\
C:\Users\Captain Ron\AppData\Local\Temp\-udxvfgo.dll
C:\Users\Captain Ron\AppData\Local\Temp\1hzku_ib.dll
C:\Users\Captain Ron\AppData\Local\Temp\2B1F438B-F370-9B00-3C96-2A770B9FC1D6.exe
C:\Users\Captain Ron\AppData\Local\Temp\30zzimcu.dll
C:\Users\Captain Ron\AppData\Local\Temp\3yb9nnco.dll
C:\Users\Captain Ron\AppData\Local\Temp\6457CD15-9585-5B3B-7134-7B04C2B5FC76.dll
C:\Users\Captain Ron\AppData\Local\Temp\6457CD15-9585-5B3B-7134-7B04C2B5FC76.exe
C:\Users\Captain Ron\AppData\Local\Temp\6lz8-zvf.dll
C:\Users\Captain Ron\AppData\Local\Temp\8nib2xt7.dll
C:\Users\Captain Ron\AppData\Local\Temp\BackupSetup.exe
C:\Users\Captain Ron\AppData\Local\Temp\Compete_setup.exe
C:\Users\Captain Ron\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Captain Ron\AppData\Local\Temp\dnuh2pvw.dll
C:\Users\Captain Ron\AppData\Local\Temp\eya2mjxo.dll
C:\Users\Captain Ron\AppData\Local\Temp\hncgxyrx.dll
C:\Users\Captain Ron\AppData\Local\Temp\install_flashplayer11x32axau_gtbd_chrd_dn_aih.exe
C:\Users\Captain Ron\AppData\Local\Temp\lxgvcotz.dll
C:\Users\Captain Ron\AppData\Local\Temp\m2wz7cir.dll
C:\Users\Captain Ron\AppData\Local\Temp\q7msg3qn.dll
C:\Users\Captain Ron\AppData\Local\Temp\qini6sky.dll
C:\Users\Captain Ron\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Captain Ron\AppData\Local\Temp\SpOrder.dll
C:\Users\Captain Ron\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Captain Ron\AppData\Local\Temp\w-rjlyhs.dll
C:\Users\Captain Ron\AppData\Local\Temp\wwb9w-rs.dll
C:\Users\Captain Ron\AppData\Local\Temp\xmoqemgi.dll
C:\Users\Captain Ron\AppData\Local\Temp\_rcsjft5.dll
cmd: netsh winsock reset
Hosts:
EmptyTemp:
*****************
 
Processes closed successfully.
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2771474770-601152397-3368871679-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2771474770-601152397-3368871679-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" => Key not found.
"HKCR\Wow6432Node\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58376892-60e7-4f63-aca0-0f686af554d6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{58376892-60e7-4f63-aca0-0f686af554d6}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6eb534fb-2001-45c4-b860-bc904865a379}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6eb534fb-2001-45c4-b860-bc904865a379}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08ab008-0647-4784-8e2c-5769cd4a7c3a}" => Key not found.
"HKCR\Wow6432Node\CLSID\{d08ab008-0647-4784-8e2c-5769cd4a7c3a}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3042df7a-e900-4389-9b94-923df0daa57e} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{3042df7a-e900-4389-9b94-923df0daa57e}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value deleted successfully.
"HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}" => Key not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@DictionaryBoss.com/Plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\v4ffxtbr@DictionaryBoss.com => value deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlgmglenofknhllndpffnjmfdglfnng => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ohenffmfbnoidogjgebadealdkecjdal" => Key deleted successfully.
C:\Users\Captain Ron\AppData\Roaming\IDMSQ\IDMSQ.crx => Moved successfully.
BackupStack => Service not found.
LPTSystemUpdater => Service deleted successfully.
MaintainerSvc1.20.7247763 => Service deleted successfully.
MaintainerSvc3.32.7672459 => Service deleted successfully.
ProtectMe => Service deleted successfully.
rcores => Service deleted successfully.
Update AdvanceElite => Service deleted successfully.
Update neurowise => Service not found.
Util AdvanceElite => Service not found.
Util neurowise => Service not found.
CouponArificService64 => Service deleted successfully.
DictionaryBossService => Service deleted successfully.
{054bd1e4-abee-467e-ab51-8ab276684243}w64 => Service deleted successfully.
{255a824a-3cde-4dee-9785-284605606456}w64 => Service deleted successfully.
{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64 => Service deleted successfully.
{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64 => Service deleted successfully.
{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64 => Service deleted successfully.
catchme => Service deleted successfully.
SPPD => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{056F6E96-8D62-427E-9CF8-6059060A320F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{056F6E96-8D62-427E-9CF8-6059060A320F}" => Key deleted successfully.
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\717dcf8a-2633-4d35-b5c9-754545cbeb71-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07E4CB1E-833E-4AD6-AE43-7EEAF65BEA79}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07E4CB1E-833E-4AD6-AE43-7EEAF65BEA79}" => Key deleted successfully.
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\717dcf8a-2633-4d35-b5c9-754545cbeb71-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A3E0A23-BC75-4B45-89F1-7386EF8EE8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A3E0A23-BC75-4B45-89F1-7386EF8EE8E2}" => Key deleted successfully.
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\717dcf8a-2633-4d35-b5c9-754545cbeb71-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1280EF5D-EDEF-4396-8B1B-D9788255B4EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1280EF5D-EDEF-4396-8B1B-D9788255B4EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\717dcf8a-2633-4d35-b5c9-754545cbeb71-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{130E607E-02AA-4E83-82AF-1966B45D5038}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{130E607E-02AA-4E83-82AF-1966B45D5038}" => Key deleted successfully.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{143416EC-DD65-4798-BA68-E703565F0297}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{143416EC-DD65-4798-BA68-E703565F0297}" => Key deleted successfully.
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\717dcf8a-2633-4d35-b5c9-754545cbeb71-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17B47991-2343-4DD0-ACDB-A49383270BC5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17B47991-2343-4DD0-ACDB-A49383270BC5}" => Key deleted successfully.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{366D152B-E16D-42DD-AC60-A4BC548CA251}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{366D152B-E16D-42DD-AC60-A4BC548CA251}" => Key deleted successfully.
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\717dcf8a-2633-4d35-b5c9-754545cbeb71-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F4D88B8-F237-4981-A334-96B67ECA7310}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F4D88B8-F237-4981-A334-96B67ECA7310}" => Key deleted successfully.
C:\Windows\System32\Tasks\DYRA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DYRA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{464D6B9D-63A8-422B-97E1-317F0F79AFAD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{464D6B9D-63A8-422B-97E1-317F0F79AFAD}" => Key deleted successfully.
C:\Windows\System32\Tasks\CIMT_S-1-5-21-2771474770-601152397-3368871679-1001 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-2771474770-601152397-3368871679-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6139ACCC-B1EE-4511-8E21-194923454C09}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6139ACCC-B1EE-4511-8E21-194923454C09}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{617A2E41-F008-4462-90E7-A9B996D9217A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617A2E41-F008-4462-90E7-A9B996D9217A}" => Key deleted successfully.
C:\Windows\System32\Tasks\ReimageUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64C0E5C0-0281-4996-B3DF-B485CB93D071}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64C0E5C0-0281-4996-B3DF-B485CB93D071}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F1F6333-C53E-46F0-ADD5-E3805C607A95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F1F6333-C53E-46F0-ADD5-E3805C607A95}" => Key deleted successfully.
C:\Windows\System32\Tasks\AO => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AO" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8332D24C-1CB0-4793-93AB-95C344AE6BF9}" => Key not found.
C:\Windows\System32\Tasks\Reimage Reminder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96BBA39D-23BB-4430-BF4F-51ADA027DDB3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96BBA39D-23BB-4430-BF4F-51ADA027DDB3}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Astromenda => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3A19BBC-34AE-45EF-B0F9-52EF289B5F9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3A19BBC-34AE-45EF-B0F9-52EF289B5F9B}" => Key deleted successfully.
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\717dcf8a-2633-4d35-b5c9-754545cbeb71-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDD0C314-061A-463C-AF9C-0BD99FA7BE53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDD0C314-061A-463C-AF9C-0BD99FA7BE53}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0A9554C-0209-44AA-BC5F-009133DB566A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0A9554C-0209-44AA-BC5F-009133DB566A}" => Key deleted successfully.
C:\Windows\System32\Tasks\NewPlayer Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NewPlayer Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE2FA7F1-A8E2-4B2F-BC84-A25C55C4EA6E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE2FA7F1-A8E2-4B2F-BC84-A25C55C4EA6E}" => Key deleted successfully.
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\717dcf8a-2633-4d35-b5c9-754545cbeb71-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0706A87-868A-431B-8CA1-85F91BDA80B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0706A87-868A-431B-8CA1-85F91BDA80B5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Super Optimizer Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6B07564-F1AB-456C-8752-8170C06ED666}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6B07564-F1AB-456C-8752-8170C06ED666}" => Key deleted successfully.
C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\717dcf8a-2633-4d35-b5c9-754545cbeb71-4" => Key deleted successfully.
C:\Windows\Tasks\AO.job => Moved successfully.
C:\Windows\Tasks\DYRA.job => Moved successfully.
C:\Windows\Tasks\WSE_Astromenda.job => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Smartbar => Moved successfully.
C:\PROGRA~2\SearchProtect => Moved successfully.
C:\Windows\system32\mscoree.dll => Moved successfully.
C:\Windows\SysWOW64\mscoree.dll => Moved successfully.
C:\Program Files (x86)\AdvanceElite => Moved successfully.
C:\Program Files (x86)\DictionaryBoss => Moved successfully.
"C:\Program Files (x86)\neurowise" => File/Directory not found.
"C:\Program Files (x86)\Coupons.com CouponBar" => File/Directory not found.
C:\Windows\SysWOW64\ProtectMe.dll => Moved successfully.
C:\Windows\system32\ProtectMe64.dll => Moved successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
C:\Program Files (x86)\LPT => Moved successfully.
"C:\Program Files (x86)\ver7NewPlayer" => File/Directory not found.
C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b => Moved successfully.
C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056 => Moved successfully.
C:\Program Files (x86)\PCTRunner => Moved successfully.
"C:\Program Files (x86)\92B36EB2-53CA-4C72-9832-65CCF55DEDB1" => File/Directory not found.
C:\Windows\System32\drivers\{054bd1e4-abee-467e-ab51-8ab276684243}w64.sys => Moved successfully.
C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys => Moved successfully.
C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys => Moved successfully.
C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys => Moved successfully.
"C:\Windows\system32\drivers\SPPD.sys" => File/Directory not found.
C:\ProgramData\374311380 => Moved successfully.
C:\Program Files (x86)\predm => Moved successfully.
C:\Users\Captain Ron\AppData\Local\OneSoftperDay => Moved successfully.
"C:\Windows\System32\Tasks\Reimage Reminder" => File/Directory not found.
"C:\Windows\System32\Tasks\Super Optimizer Schedule" => File/Directory not found.
"C:\Windows\System32\Tasks\ReimageUpdater" => File/Directory not found.
"C:\ProgramData\Reimage Protector" => File/Directory not found.
"C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-5" => File/Directory not found.
"C:\Windows\System32\Tasks\CIMT_S-1-5-21-2771474770-601152397-3368871679-1001" => File/Directory not found.
"C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair" => File/Directory not found.
"C:\Program Files\Reimage" => File/Directory not found.
"C:\Windows\Tasks\DYRA.job" => File/Directory not found.
"C:\Windows\Tasks\AO.job" => File/Directory not found.
C:\Users\Captain Ron\AppData\Roaming\DYRA.exe => Moved successfully.
C:\Users\Captain Ron\AppData\Roaming\AO.exe => Moved successfully.
"C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-11" => File/Directory not found.
"C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-4" => File/Directory not found.
"C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-6" => File/Directory not found.
"C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-7" => File/Directory not found.
"C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-1" => File/Directory not found.
"C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-2" => File/Directory not found.
"C:\Windows\System32\Tasks\DYRA" => File/Directory not found.
"C:\Windows\System32\Tasks\AO" => File/Directory not found.
"C:\Users\Captain Ron\AppData\Roaming\VOPackage" => File/Directory not found.
"C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage" => File/Directory not found.
"C:\Users\Captain Ron\AppData\Local\Smartbar" => File/Directory not found.
C:\Users\Captain Ron\AppData\Local\LPT => Moved successfully.
"C:\Windows\System32\Tasks\717dcf8a-2633-4d35-b5c9-754545cbeb71-3" => File/Directory not found.
C:\Windows\SysWOW64\ProtectMe.ini => Moved successfully.
"C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA" => File/Directory not found.
"C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore" => File/Directory not found.
"C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore" => File/Directory not found.
C:\Windows\SysWOW64\ProtectMeOff.ini => Moved successfully.
C:\Windows\system32\ProtectMeOff.ini => Moved successfully.
"C:\Users\Captain Ron\Desktop\PepperZip.lnk" => File/Directory not found.
C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Weather_Protector_LLC => Moved successfully.
C:\Users\Captain Ron\AppData\Local\StormWatch => Moved successfully.
C:\Users\Captain Ron\AppData\Local\globalUpdate => Moved successfully.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\Windows\patsearch.bin => Moved successfully.
C:\Windows\Reimage.ini => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip => Moved successfully.
"C:\Program Files (x86)\PepperZip" => File/Directory not found.
"C:\Windows\System32\Tasks\NewPlayer Update" => File/Directory not found.
C:\Users\Public\Desktop\JFileManager.lnk => Moved successfully.
C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf => Moved successfully.
"C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip" => File/Directory not found.
C:\Users\Captain Ron\AppData\Local\JFileManager => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager => Moved successfully.
C:\Program Files (x86)\JFileManager => Moved successfully.
"C:\Program Files (x86)\Browsers+Apps+1.1" => File/Directory not found.
"C:\Program Files (x86)\globalUpdate" => File/Directory not found.
C:\Users\Captain Ron\Downloads\Setup.exe => Moved successfully.
C:\Users\Captain Ron\Downloads\HD_Player__CD5MTCD13050_47b722b22e886fb629fc493c54e12401.exe => Moved successfully.
C:\Users\Captain Ron\Downloads\HD_Player__CD5MTCD13050_47b722b22e886fb629fc493c54e12401 (1).exe => Moved successfully.
C:\Users\Captain Ron\AppData\Local\162171151dsisetup1621742862.exe => Moved successfully.
C:\Users\CAPTAI~1\AppData\Roaming\WSE_AS~1 => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\-udxvfgo.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\1hzku_ib.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\2B1F438B-F370-9B00-3C96-2A770B9FC1D6.exe => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\30zzimcu.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\3yb9nnco.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\6457CD15-9585-5B3B-7134-7B04C2B5FC76.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\6457CD15-9585-5B3B-7134-7B04C2B5FC76.exe => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\6lz8-zvf.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\8nib2xt7.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\Compete_setup.exe => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\ConsumerInputSetup.exe => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\dnuh2pvw.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\eya2mjxo.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\hncgxyrx.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\install_flashplayer11x32axau_gtbd_chrd_dn_aih.exe => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\lxgvcotz.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\m2wz7cir.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\q7msg3qn.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\qini6sky.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\w-rjlyhs.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\wwb9w-rs.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\xmoqemgi.dll => Moved successfully.
C:\Users\Captain Ron\AppData\Local\Temp\_rcsjft5.dll => Moved successfully.
 
=========  netsh winsock reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#14 Aushin

Aushin
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 15 November 2014 - 12:32 PM

ADW Report from Normal Mode:

 

# AdwCleaner v4.101 - Report created 15/11/2014 at 12:19:24
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Captain Ron - CAPTAINRON-PC
# Running from : C:\Users\Captain Ron\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\IDMSQ
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Users\Captain Ron\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Captain Ron\AppData\Local\StormWatch
Folder Deleted : C:\Users\Captain Ron\AppData\LocalLow\iac
Folder Deleted : C:\Users\Captain Ron\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Captain Ron\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Captain Ron\AppData\Roaming\IDMSQ
Folder Deleted : C:\Users\Captain Ron\Documents\Optimizer Pro
File Deleted : C:\Windows\rcore.exe
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
File Deleted : C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
File Deleted : C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Captain Ron\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4623a8c4-150d-4983-8982-68c01e7d6541}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B2CB4C8-72AB-4B25-8FA1-219B36A60BED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4623a8c4-150d-4983-8982-68c01e7d6541}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623a8c4-150d-4983-8982-68c01e7d6541}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\PCTRunner
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\JFileManager
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\PCDRunner
Key Deleted : HKLM\SOFTWARE\PCTRunner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JFileManager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wp-dcollect-tgu
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XQxdm003YYus&ptnrS=XQxdm003YYus&si=CK_jwYrV17ACFUOo4AoduAxZ1g&ptb=8878D944-C2FA-4791-BE3D-5C47A185F23C&psa=&ind=2012061807&st=sb&n=77eda06f&searchfor={searchTerms}
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XQxdm003YYus&ptnrS=XQxdm003YYus&si=CK_jwYrV17ACFUOo4AoduAxZ1g&ptb=8878D944-C2FA-4791-BE3D-5C47A185F23C&psa=&ind=2012061807&st=sb&n=77eda06f&searchfor={searchTerms}
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=WCL2&o=100000082&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AA2&apn_dtid=^YYYYYY^CL^US&apn_uid=63415D1F-C006-49A3-9304-32CF509638C9&apn_sauid=91AD71E6-29CB-403A-975D-35782BDBC1A2
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=WCL2&o=100000082&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AA2&apn_dtid=^YYYYYY^CL^US&apn_uid=63415D1F-C006-49A3-9304-32CF509638C9&apn_sauid=91AD71E6-29CB-403A-975D-35782BDBC1A2
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.wayfair.com/keyword.php?keyword={searchTerms}&ust=&command=dosearch&new_keyword_search=true
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=58&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&q={searchTerms}&SSPV=
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M53C2279E-B520-4556-A269-9FD865D6D335&SearchSource=58&CUI=&UM=6&UP=SP13823638-4BE5-4721-9445-6A5ABA180EBA&q={searchTerms}&SSPV=
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EyEtCyCtC0BtBzzyC0DyEtN0D0Tzu0StCtDtByCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyC0FtDzy0CyE0DtGtD0ByByCtGtCzyyC0BtGyE0CyByCtGtBtB0AzytByC0B0BtB0D0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0BtA0DtC0BzytGyCzz0EtAtGyE0A0FyDtGzztC0AtBtG0E0E0Dzz0D0E0CzytB0D0ByC2Q&cr=126201995&ir=
[C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&publisher=tuguu&country=us&feedid=infospace&st=dn&dpid=us&lan=en&start=1
 
*************************
 
AdwCleaner[R0].txt - [35924 octets] - [10/11/2014 19:20:41]
AdwCleaner[R1].txt - [24711 octets] - [15/11/2014 12:13:33]
AdwCleaner[S0].txt - [23866 octets] - [15/11/2014 12:19:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23927 octets] ##########

FRST Scan report from normal mode

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Captain Ron (administrator) on CAPTAINRON-PC on 15-11-2014 12:26:28
Running from C:\Users\Captain Ron\Desktop
Loaded Profile: Captain Ron (Available profiles: Captain Ron)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\WajaIE\WajaIE Internet Enhancer\InternetEnhancerService.exe
( ) C:\Windows\System32\lxdvcoms.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ospd_us_300] => [X]
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-11] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-07-16] (The Weather Channel)
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2771474770-601152397-3368871679-1001\...\Run: [IDMSQ] => C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x77B921C5084CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll ()
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-15]
CHR Extension: (Google Search) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-15]
CHR Extension: (Consumer Input) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc [2014-10-28]
CHR Extension: (Google Wallet) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Internet Download Manager Squared) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-10-22]
CHR Extension: (Gmail) - C:\Users\Captain Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Internet Enhancer Service; C:\Program Files (x86)\WajaIE\WajaIE Internet Enhancer\InternetEnhancerService.exe [305664 2014-10-21] (Wajam Internet Technologies Inc.) [File not signed]
R2 lxdv_device; C:\Windows\system32\lxdvcoms.exe [1044136 2007-10-18] ( )
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-15 11:56 - 2014-11-15 11:56 - 00000000 __SHD () C:\found.000
2014-11-11 19:04 - 2014-11-15 12:26 - 00012771 _____ () C:\Users\Captain Ron\Desktop\FRST.txt
2014-11-11 19:04 - 2014-11-11 19:05 - 00032517 _____ () C:\Users\Captain Ron\Desktop\Addition.txt
2014-11-11 19:03 - 2014-11-15 12:26 - 00000000 ____D () C:\FRST
2014-11-11 19:03 - 2014-11-10 17:03 - 02116096 _____ (Farbar) C:\Users\Captain Ron\Desktop\FRST64.exe
2014-11-10 19:20 - 2014-11-15 12:19 - 00000000 ____D () C:\AdwCleaner
2014-11-10 19:19 - 2014-11-10 17:02 - 02140160 _____ () C:\Users\Captain Ron\Desktop\AdwCleaner.exe
2014-11-10 12:52 - 2014-11-10 12:52 - 00021675 _____ () C:\Users\Captain Ron\Desktop\DDS 11-10-2014.txt
2014-11-10 12:52 - 2014-11-10 12:52 - 00014156 _____ () C:\Users\Captain Ron\Desktop\Attach 11-10-2014.txt
2014-11-10 12:51 - 2014-11-10 12:51 - 00021675 _____ () C:\Users\Captain Ron\Desktop\dds.txt
2014-11-04 18:24 - 2014-11-10 12:51 - 00014156 _____ () C:\Users\Captain Ron\Desktop\attach.txt
2014-11-04 18:12 - 2014-11-04 18:11 - 05591672 ____R (Swearware) C:\Users\Captain Ron\Desktop\randomnamehere.exe
2014-11-04 18:09 - 2014-11-03 19:35 - 05591672 ____R (Swearware) C:\Users\Captain Ron\Desktop\random.exe
2014-11-04 18:05 - 2014-11-04 18:15 - 00000000 ____D () C:\32788R22FWJFW
2014-11-04 06:42 - 2014-11-04 06:42 - 00000000 ____D () C:\Windows\pss
2014-11-03 20:16 - 2014-11-03 20:16 - 00006576 ____N () C:\bootsqm.dat
2014-10-28 18:17 - 2014-10-28 18:17 - 00139488 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2014-10-28 06:13 - 2014-11-15 12:19 - 00001278 _____ () C:\Users\Captain Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-28 06:13 - 2014-11-15 12:19 - 00001248 _____ () C:\Users\Captain Ron\Desktop\Search.lnk
2014-10-28 06:12 - 2014-10-28 06:12 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-26 11:07 - 2014-10-26 11:07 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\{CE00CCF2-CB89-4C46-BD15-C89BA41B0771}
2014-10-26 08:57 - 2014-11-15 12:09 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-25 21:42 - 2014-10-25 21:42 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\{2D7F940E-6882-4440-B353-030392526421}
2014-10-25 09:28 - 2014-10-25 09:28 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\{F35D8B9B-05CC-4242-9E5F-1F79FEDAF059}
2014-10-24 21:50 - 2014-10-24 16:35 - 00048832 _____ (StdLib) C:\Windows\system32\Drivers\{46e267d7-2aad-4738-adaf-d4d0a8fac9ea}w64.sys
2014-10-24 21:28 - 2014-10-24 21:28 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-10-24 21:27 - 2014-10-24 21:27 - 00000000 ____D () C:\Users\Captain Ron\AppData\Roaming\InstallShield
2014-10-24 21:26 - 2014-10-24 21:26 - 07793096 _____ (Sony Corporation ) C:\Users\Captain Ron\Downloads\SRD20_Installer0810a.exe
2014-10-24 21:25 - 2014-10-24 21:25 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\{C7DAFD85-2A52-45C5-96CF-1F045EE8CCA8}
2014-10-24 18:54 - 2014-10-24 18:54 - 00000001 _____ () C:\Users\Captain Ron\AppData\Local\DSI.DAT
2014-10-22 21:28 - 2014-10-28 05:58 - 00000127 _____ () C:\Users\Captain Ron\AppData\Roaming\WB.CFG
2014-10-22 20:28 - 2014-10-22 20:28 - 00000271 _____ () C:\Users\Captain Ron\Desktop\Cut the Rope.url
2014-10-22 20:28 - 2014-10-22 20:28 - 00000000 ____D () C:\MININT
2014-10-22 20:26 - 2014-10-22 20:26 - 00715920 _____ ( ) C:\Users\Captain Ron\Downloads\IDM2-Win-EN.exe
2014-10-22 20:25 - 2014-10-28 20:35 - 00000000 ____D () C:\Program Files\CouponArific
2014-10-22 20:25 - 2014-10-22 20:25 - 00000000 ____D () C:\Users\Captain Ron\Downloads\PhotoViewerzip
2014-10-22 20:25 - 2014-10-22 20:25 - 00000000 ____D () C:\Program Files (x86)\WajaIE
2014-10-22 20:23 - 2014-10-22 20:23 - 00656864 _____ () C:\Users\Captain Ron\Downloads\photoviewer-setup.exe
2014-10-22 20:23 - 2014-10-22 20:23 - 00656864 _____ () C:\Users\Captain Ron\Downloads\photoviewer-setup (1).exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-15 12:26 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 12:22 - 2011-08-07 15:54 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-15 12:22 - 2011-08-07 15:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-15 12:22 - 2011-04-20 07:58 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-15 12:21 - 2013-07-15 11:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 12:21 - 2011-08-07 15:35 - 00231448 _____ () C:\Windows\PFRO.log
2014-11-15 12:21 - 2011-04-20 07:20 - 01759673 _____ () C:\Windows\WindowsUpdate.log
2014-11-15 12:21 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-15 12:21 - 2009-07-13 23:51 - 00084522 _____ () C:\Windows\setupact.log
2014-11-15 12:18 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 12:18 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 12:14 - 2013-07-15 11:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 11:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-10 17:51 - 2012-08-31 18:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 20:44 - 2009-07-13 21:34 - 00000732 _____ () C:\Windows\win.ini
2014-10-28 20:39 - 2013-11-27 03:01 - 01040905 _____ () C:\Windows\IE11_main.log
2014-10-28 20:11 - 2011-09-15 18:39 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BDC16089-80B0-45C7-BFDB-658DA3E5BA9D}
2014-10-28 06:01 - 2013-07-15 11:01 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 15:45 - 2014-04-07 16:50 - 00000000 ____D () C:\Users\Captain Ron\AppData\Local\Windows Live
2014-10-25 02:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-25 00:08 - 2013-07-15 11:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 00:08 - 2013-07-15 11:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 21:28 - 2011-04-20 07:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-22 20:46 - 2011-08-07 15:44 - 00060064 _____ () C:\Users\Captain Ron\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-22 20:43 - 2009-07-13 23:45 - 00275992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-22 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-10-22 19:46 - 2013-10-07 09:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 
Some content of TEMP:
====================
C:\Users\Captain Ron\AppData\Local\Temp\Quarantine.exe
C:\Users\Captain Ron\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-23 02:48
 
==================== End Of Log ============================


#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:10 PM

Posted 16 November 2014 - 02:30 PM

Hi Aushin

Step 1

No Anti-virus Detected

Your logs indicate that you don't have any anti-virus protection on your machine. This opens it to malware threats.

Here is some examples of FREE Anti-virus. Please note this is for personnal use only.

http://free.avg.com/gb-en/homepage

http://www.avast.com/free-antivirus-download
http://windows.microsoft.com/en-US/windows/security-essentials-download

Step 2

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
autoclean;
emptyclsid;
emptyfolderscheck;delete
startupall;
services_list;
installer-list;
standardsearch;
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users