Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help - emsisoft cannot remove thinstall


  • This topic is locked This topic is locked
9 replies to this topic

#1 pulaskimike

pulaskimike

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 10 December 2014 - 09:53 AM

Hello!  I have found many helpful posts on this site before and generally am competent enough to solve my problems, but this time I need help. I have a major problem with pop-ups and redirects.  At one point I got the blue screen, and had to do a system restore before I could even start windows again.   I performed full scans with spybot and malwarebytes, quarantined or removed all identified issues, but the problem remains.  I then downloaded and ran Emsisoft anti-malware, which removed lots more but finished by informing me that   "C:\Users\Tamie\AppData\Roaming\thinstall"  could not be removed and to consult with the folks here about removal.  Note: I ran rkill prior to all scans, as I have found that to be useful in the past.  All scans were full scans.  I am providing the report from Emsisoft;  please let me know what other information would be useful.

My sincere thanks in advance for any help!

Mike

 

Emsisoft Anti-Malware - Version 9.0
Last update: 12/7/2014 10:40:37 PM
User account: Tamie-PC\Tamie

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, F:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    12/7/2014 10:56:08 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}     detected: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}     detected: Application.InstallNews (A)
C:\Users\Tamie\AppData\Local\Mobogenie     detected: Application.AdGenie (A)
C:\Users\Tamie\My Documents\Mobogenie     detected: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MOBOGENIEADD     detected: Application.AdGenie (A)
C:\Users\Tamie\AppData\Roaming\performersoft     detected: Application.AppInstall (A)
C:\Users\Tamie\AppData\Roaming\systweak     detected: Application.AppInstall (A)
C:\Users\Mike n Tamie\AppData\Roaming\systweak     detected: Application.AppInstall (A)
C:\Users\Tamie\AppData\Roaming\thinstall     detected: Application.AppInstall (A)
C:\ProgramData\blekko toolbars     detected: Application.AppInstall (A)
C:\ProgramData\blekkotb_sa5     detected: Application.AppInstall (A)
C:\ProgramData\trymedia     detected: Application.AppInstall (A)
C:\Users\Tamie\AppData\Local\ilivid player     detected: Application.AppInstall (A)
C:\Users\Tamie\AppData\Local\thinstall     detected: Application.AppInstall (A)
C:\Program Files (x86)\gametap web player     detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPLICATIONS\ILIVIDSETUPV1.EXE     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.BANDOBJECTATTRIBUTE     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.DOCKINGPANEL     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.IESMARTBAR     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.IESMARTBARBANDOBJECT     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.SMARTBARDISPLAYSTATE     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.SMARTBARMENUFORM     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\FEATURES\A28B4D68DEBAA244EB686953B7074FEF     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\A28B4D68DEBAA244EB686953B7074FEF     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SMBARBROKER.SMBARDEALER     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SMBARBROKER.SMBARDEALER.1     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{02478D38-C3F9-4EFB-9B51-7695ECA05670}     detected: Application.BHO (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\APN     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1003\SOFTWARE\APN     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\ILIVID     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\INCREDIBAR     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\STARTSEARCH     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\APN     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FREEZE.COM     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\INFOATOMS     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCH RESULTS TOOLBAR     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\W3I     detected: Application.InstallAd (A)
C:\ProgramData\apn     detected: Application.AppInstall (A)
C:\ProgramData\Ask     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\TRYMEDIA SYSTEMS     detected: Application.Win32.TryAd (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\CONDUIT     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\CONDUIT     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\CONDUIT     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}     detected: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SPEEDUPMYPC     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32     detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS     detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASAPI32     detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASMANCS     detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASAPI32     detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASMANCS     detected: Application.Win32.InstallExt (A)
C:\Program Files (x86)\PrivateVPN\gpup.exe     detected: Trojan.Generic.12244577 ( B)
C:\ProgramData\dsgsdgdsgdsgw.js     detected: Trojan.Script.480412 ( B)
C:\Users\Mike n Tamie\AppData\Local\Temp\hfvm7c0b.exe.part     detected: Backdoor.Hupigon.283295 ( B)
C:\Users\Tamie\AppData\Local\{3a1b787d-1b9b-ccda-f786-73092e8957e0}\L\00000004.@     detected: Trojan.Win32.ZAccess (A)
C:\Users\Tamie\AppData\Local\{3a1b787d-1b9b-ccda-f786-73092e8957e0}\U\00000004.@     detected: Trojan.Sirefef.GY ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4ac86851-1cccc7bc     detected: Trojan.Script.8027 ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5f84b211-2180122c     detected: Trojan.Script.609558 ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\63197955-7c4bb6d9 -> BNvttyro.class     detected: Java.Exploit.CVE-2013-2423.A ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\63197955-7c4bb6d9 -> OPpp.class     detected: Java.Exploit.CVE-2013-2423.A ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\1e1a0de8-49ef8a82 -> r_ota/r_otb.class     detected: Exploit.Java.CVE-2012-0507.AQ ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\1e1a0de8-49ef8a82 -> r_ota/r_otc.class     detected: Exploit.Java.CVE-2012-0507.AQ ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\1e1a0de8-49ef8a82 -> r_ota/r_ota.class     detected: Exploit.Java.CVE-2012-0507.AQ ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\279a8f2d-485338b6 -> BNvttyro.class     detected: Java.Exploit.CVE-2013-2423.A ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\279a8f2d-485338b6 -> Mak.class     detected: Java.Exploit.CVE-2013-2423.A ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\279a8f2d-485338b6 -> Tagma.class     detected: Java.Exploit.CVE-2013-2423.A ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\56e1cee-1cbbc4a4 -> ewjvaiwebvhtuai124a.class     detected: Exploit.Java.CVE.Z ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\56e1cee-1cbbc4a4 -> test.class     detected: Exploit.Java.CVE.Z ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\6c39fa2e-7019b7a5 -> ewjvaiwebvhtuai124a.class     detected: Exploit.Java.CVE.Z ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\6c39fa2e-7019b7a5 -> test.class     detected: Exploit.Java.CVE.Z ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\3d02e378-53baec11 -> test2.class     detected: Exploit.Java.CVE.AO ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b79f27e-65956b8c     detected: Trojan.Script.8027 ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\528e4687-3a3817b8     detected: Trojan.Script.609558 ( B)
C:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll     detected: Adware.Linkury.B ( B)

Scanned    316035
Found    88

Scan end:    12/8/2014 12:47:03 AM
Scan time:    1:50:55

C:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll    Quarantined Adware.Linkury.B ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\3d02e378-53baec11    Quarantined Exploit.Java.CVE.AO ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\56e1cee-1cbbc4a4    Quarantined Exploit.Java.CVE.Z ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\6c39fa2e-7019b7a5    Quarantined Exploit.Java.CVE.Z ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\1e1a0de8-49ef8a82    Quarantined Exploit.Java.CVE-2012-0507.AQ ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\63197955-7c4bb6d9    Quarantined Java.Exploit.CVE-2013-2423.A ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\279a8f2d-485338b6    Quarantined Java.Exploit.CVE-2013-2423.A ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5f84b211-2180122c    Quarantined Trojan.Script.609558 ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\528e4687-3a3817b8    Quarantined Trojan.Script.609558 ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4ac86851-1cccc7bc    Quarantined Trojan.Script.8027 ( B)
C:\Users\Tamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b79f27e-65956b8c    Quarantined Trojan.Script.8027 ( B)
C:\Users\Tamie\AppData\Local\{3a1b787d-1b9b-ccda-f786-73092e8957e0}\U\00000004.@    Quarantined Trojan.Sirefef.GY ( B)
C:\Users\Tamie\AppData\Local\{3a1b787d-1b9b-ccda-f786-73092e8957e0}\L\00000004.@    Quarantined Trojan.Win32.ZAccess (A)
C:\Users\Mike n Tamie\AppData\Local\Temp\hfvm7c0b.exe.part    Quarantined Backdoor.Hupigon.283295 ( B)
C:\ProgramData\dsgsdgdsgdsgw.js    Quarantined Trojan.Script.480412 ( B)
C:\Program Files (x86)\PrivateVPN\gpup.exe    Quarantined Trojan.Generic.12244577 ( B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32    Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS    Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASAPI32    Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASMANCS    Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASAPI32    Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASMANCS    Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}    Quarantined Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}    Quarantined Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\TRYMEDIA SYSTEMS    Quarantined Application.Win32.TryAd (A)
C:\ProgramData\Ask    Quarantined Application.Win32.WebToolbar (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\APN    Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1003\SOFTWARE\APN    Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\ILIVID    Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\INCREDIBAR    Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\STARTSEARCH    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\APN    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FREEZE.COM    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\INFOATOMS    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCH RESULTS TOOLBAR    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\W3I    Quarantined Application.InstallAd (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\CONDUIT    Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\CONDUIT    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{02478D38-C3F9-4EFB-9B51-7695ECA05670}    Quarantined Application.BHO (A)
C:\Users\Tamie\AppData\Roaming\performersoft    Quarantined Application.AppInstall (A)
C:\Users\Tamie\AppData\Roaming\systweak    Quarantined Application.AppInstall (A)
C:\Users\Mike n Tamie\AppData\Roaming\systweak    Quarantined Application.AppInstall (A)
C:\ProgramData\blekko toolbars    Quarantined Application.AppInstall (A)
C:\ProgramData\blekkotb_sa5    Quarantined Application.AppInstall (A)
C:\ProgramData\trymedia    Quarantined Application.AppInstall (A)
C:\Users\Tamie\AppData\Local\ilivid player    Quarantined Application.AppInstall (A)
C:\Users\Tamie\AppData\Local\thinstall    Quarantined Application.AppInstall (A)
C:\Program Files (x86)\gametap web player    Quarantined Application.AppInstall (A)
C:\ProgramData\apn    Quarantined Application.AppInstall (A)
C:\Users\Tamie\AppData\Local\Mobogenie    Quarantined Application.AdGenie (A)
C:\Users\Tamie\My Documents\Mobogenie    Quarantined Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MOBOGENIEADD    Quarantined Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}    Quarantined Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}    Quarantined Application.InstallNews (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPLICATIONS\ILIVIDSETUPV1.EXE    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.BANDOBJECTATTRIBUTE    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.DOCKINGPANEL    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.IESMARTBAR    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.IESMARTBARBANDOBJECT    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.SMARTBARDISPLAYSTATE    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IESMARTBAR.SMARTBARMENUFORM    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\FEATURES\A28B4D68DEBAA244EB686953B7074FEF    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\A28B4D68DEBAA244EB686953B7074FEF    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SMBARBROKER.SMBARDEALER    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SMBARBROKER.SMBARDEALER.1    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SPEEDUPMYPC    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}    Quarantined Application.InstallTool (A)

Quarantined    79
 



BC AdBot (Login to Remove)

 


#2 pulaskimike

pulaskimike
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 10 December 2014 - 09:59 AM

I probably should also tell you that I am using a Dell Inspiron N4010, 64 bit, runnng Windows 7 with Service Pack 1.

Thanks again!



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 15 December 2014 - 09:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#4 pulaskimike

pulaskimike
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 19 December 2014 - 10:18 PM

Hello and thank you for offering your assistance.  Per your directions, I ran both programs; here are the results:

 

# AdwCleaner v4.105 - Report created 19/12/2014 at 21:22:12
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tamie - TAMIE-PC
# Running from : C:\Users\Tamie\Downloads\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Users\Tamie\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Tamie\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Tamie\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Tamie\AppData\LocalLow\Conduit
File Deleted : C:\Users\Tamie\daemonprocess.txt
File Deleted : C:\Users\Tamie\AppData\Roaming\Mozilla\Firefox\Profiles\msts5tfb.default-1377031052097\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Advanced System Protector
Task Deleted : RegClean Pro
Task Deleted : Scheduled Update for Ask Toolbar
Task Deleted : RunAsStdUser Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKCU\Software\5f538888e03fb843
Key Deleted : HKLM\SOFTWARE\5f538888e03fb843
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3158970
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3241284
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28725C03-CBA1-4CF7-ACBE-586DC13286A0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9581658-20F7-405B-B487-5CC26902E218}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F81A9A20-F851-46A7-AD69-C2780DBC377C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F85503FF-ED21-4493-9A4A-B6765EB45D94}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FEEAF56C-C91B-4D1C-9FC8-BAFD85F5F2B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7007FA4C-E372-4485-ADFA-213B9E38D87F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AE769DF-F151-4541-B820-031726E76E06}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{844C2331-94DF-431E-9A67-426ED861D27F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93A55DA3-83ED-4090-91B6-904C44647639}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{966430CC-2097-45CA-8626-2C3F454C3297}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3DD0D1C6-7A78-4F9A-A701-ED5A104CD445}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{64FE627E-0DE4-4B4F-A8B5-3B4FDE46A303}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EBBB65D0-9F8E-4A76-A9A7-12B53D0DFF64}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\iLividSRTB
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)

[o0503aa6.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[o0503aa6.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[o0503aa6.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
[o0503aa6.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=OVO2&o=2159&locale=en_US&apn_uid=792a0b29-3d83-44db-a150-099ecdc09078&apn_ptnrs=%5EA2E&apn_sauid=F136DBD9-C72F-401E-A46D[...]

-\\ Google Chrome v

[C:\Users\kids\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\kids\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://blekkosearch.mystart.com/blekkotb_sa5/?source=f06b8e24&tbp=rbox&toolbarid=blekkotb_sa5&u=0A1527D943C1A05F95FE41505F2A1EBA&q={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://blekkosearch.mystart.com/blekkotb_sa5/?source=f06b8e24&tbp=rbox&toolbarid=blekkotb_sa5&u=0A1527D943C1A05F95FE41505F2A1EBA&q={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=368&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6330444433164423&q={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://home.myplaycity.com/results.php?category=web&s={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPCCA11702-E9DE-4D53-9535-5A32C61EB821&q={searchTerms}&SSPV=
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPCCA11702-E9DE-4D53-9535-5A32C61EB821&q={searchTerms}&SSPV=
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGyyyyyyYYus&ptnrS=RGyyyyyyYYus&ptb=67654F64-0766-46FE-9971-67A0CA681C30&ind=2012033111&n=77ed3057&psa=&st=sb&searchfor={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGyyyyyyYYus&ptnrS=RGyyyyyyYYus&ptb=67654F64-0766-46FE-9971-67A0CA681C30&ind=2012033111&n=77ed3057&psa=&st=sb&searchfor={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchou.com/?q={searchTerms}&id=4efad3d200000000000070f1a16ec4ac&r=760
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^YY^US&apn_uid=792a0b29-3d83-44db-a150-099ecdc09078&apn_sauid=F136DBD9-C72F-401E-A46D-A9FC623EF47B
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^YY^US&apn_uid=792a0b29-3d83-44db-a150-099ecdc09078&apn_sauid=F136DBD9-C72F-401E-A46D-A9FC623EF47B
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&%20user_id=%userid&tool_id=60231&qkw={searchTerms}
[C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=118658&tt=0113_3&babsrc=SP_ss&mntrId=4efad3d200000000000070f1a16ec4ac

*************************

AdwCleaner[R0].txt - [16988 octets] - [19/12/2014 21:14:23]
AdwCleaner[S0].txt - [15951 octets] - [19/12/2014 21:22:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16012 octets] ##########
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Tamie (administrator) on TAMIE-PC on 19-12-2014 21:31:54
Running from C:\Users\Tamie\Downloads
Loaded Profile: Tamie (Available profiles: Tamie & Mike n Tamie & kids)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\WINDOWS\System32\lxbkcoms.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3178064 2010-01-05] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-11-12] (Synaptics Incorporated)
HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe [74408 2008-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-07-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4954576 2014-12-07] (Emsisoft GmbH)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-12-02] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\Run: [Uniblue ProcessQuickLink 2] => "C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\Run: [Facebook Update] => "C:\Users\Tamie\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\RunOnce: [Adobe Speed Launcher] => 1419042394
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\...\MountPoints2: {8cc9e475-eb4a-11e2-8369-b8ac6f6b7e84} - G:\MotoCastSetup.exe -a
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mike n Tamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Tamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * bootdeletesdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 - (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} - No File
SearchScopes: HKLM -> {06406E3E-896A-4078-AD52-8E7BFC2EB035} URL = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -> {DD317547-2991-4AA9-A7EB-4F8096D94E2E} URL = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 -> {9116E451-166E-452C-A8AC-1BCCE07236CF} URL = http://findgala.com/?&uid=8050&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 -> {DD317547-2991-4AA9-A7EB-4F8096D94E2E} URL =
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1FBC9016-E128-4C37-AFE9-3DC69AA1DD1D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{51EEC50F-7109-46CE-9707-F16359DBD290}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AFC55F24-5F59-44A2-B189-662BD5AC19DE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BADAAD1E-D460-4396-9633-7F5382A6105E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E53EA64A-AF06-4228-A542-B42BF8964F91}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Tamie\AppData\Roaming\Mozilla\Firefox\Profiles\msts5tfb.default-1377031052097
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.aol.com/?icid=aolcomlogorefresh5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2441871948-3768005810-3075255544-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tamie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-12-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-14]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\1dbd5effa041e2817221c26303724259 [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-11]

Chrome:
=======
CHR Profile: C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08]
CHR Extension: (Google Drive) - C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-08]
CHR Extension: (YouTube) - C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08]
CHR Extension: (Google Search) - C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-01-08]
CHR Extension: (Google Wallet) - C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-07] (Emsisoft GmbH)
R2 Cleaner_Validator; C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [371648 2010-12-09] ()
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( )
R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [79552 2010-12-09] (Windows ® Win 7 DDK provider)
R1 CFRPD; C:\Windows\System32\DRIVERS\CFRPD.sys [41472 2010-12-09] (Windows ® Win 7 DDK provider)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-05-14] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 21:31 - 2014-12-19 21:32 - 00020803 _____ () C:\Users\Tamie\Downloads\FRST.txt
2014-12-19 21:31 - 2014-12-19 21:31 - 00000000 ____D () C:\FRST
2014-12-19 21:14 - 2014-12-19 21:22 - 00000000 ____D () C:\AdwCleaner
2014-12-19 21:11 - 2014-12-19 21:11 - 02121216 _____ (Farbar) C:\Users\Tamie\Downloads\FRST64.exe
2014-12-19 21:09 - 2014-12-19 21:10 - 02166272 _____ () C:\Users\Tamie\Downloads\adwcleaner_4.105.exe
2014-12-18 07:38 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 07:38 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 06:25 - 2014-12-19 21:24 - 00003340 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2441871948-3768005810-3075255544-1001
2014-12-17 06:25 - 2014-12-19 21:24 - 00003206 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2441871948-3768005810-3075255544-1001
2014-12-16 12:58 - 2014-12-16 12:58 - 00000044 _____ () C:\Users\Tamie\jagex_cl_oldschool_LIVE.dat
2014-12-13 11:02 - 2014-12-13 11:02 - 00003136 _____ () C:\Windows\System32\Tasks\{20966D99-31E8-42D9-AC2C-7D8F864A11CB}
2014-12-13 11:00 - 2014-12-13 11:00 - 00638888 _____ (Oracle Corporation) C:\Users\Tamie\Downloads\jxpiinstall(1).exe
2014-12-13 10:44 - 2014-12-13 10:45 - 23810048 _____ () C:\Users\Tamie\Downloads\RuneScape.msi
2014-12-11 03:19 - 2014-12-11 03:19 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:01 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:01 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 10:08 - 2014-12-10 10:08 - 00002889 _____ () C:\ProgramData\dsgsdgdsgdsgw.js
2014-12-10 06:31 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 06:31 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 06:31 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 06:31 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 06:31 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 06:31 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 06:31 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 06:31 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 06:30 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 06:30 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 06:30 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 06:30 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 06:30 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 06:30 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 06:30 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 06:30 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 06:30 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 06:30 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 06:30 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 06:30 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 06:30 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 06:30 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 06:30 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 06:30 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:30 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 06:30 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 06:30 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 06:30 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:30 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 06:30 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 06:30 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 06:30 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 06:30 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 06:30 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 06:30 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:30 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 06:30 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 06:30 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 06:30 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 06:30 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 06:30 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 06:30 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 06:30 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 06:30 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 06:30 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 06:30 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 06:30 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:30 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 06:30 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 06:30 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 06:30 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 06:30 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 06:30 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 06:30 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 06:30 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 06:30 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 06:30 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 06:30 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 06:30 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 06:30 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 06:30 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 06:30 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 06:30 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:30 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 06:29 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 06:28 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 06:28 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 06:28 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 06:28 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 06:28 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 06:28 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 06:28 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 06:28 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 06:28 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 06:28 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 06:28 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 06:28 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 06:28 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 06:28 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 21:39 - 2014-12-09 21:39 - 00000000 ____D () C:\Users\Mike n Tamie\My Backup Files
2014-12-08 00:47 - 2014-12-08 00:47 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-07 22:23 - 2014-12-07 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-12-07 22:22 - 2014-12-19 21:26 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-12-07 22:13 - 2014-12-07 22:19 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Tamie\Downloads\EmsisoftAntiMalwareSetup.exe
2014-12-07 17:37 - 2014-12-07 17:37 - 00007597 _____ () C:\Users\Tamie\AppData\Local\Resmon.ResmonCfg
2014-12-03 20:42 - 2014-12-04 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-03 20:39 - 2014-12-03 21:43 - 00000000 ____D () C:\Users\Tamie\Desktop\mbar
2014-12-03 20:36 - 2014-12-03 20:37 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Tamie\Downloads\mbar-1.08.2.1001.exe
2014-12-02 22:02 - 2014-12-06 07:58 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-12-01 22:02 - 2014-12-10 10:08 - 00000000 ____D () C:\Program Files (x86)\PrivateVPN
2014-11-25 14:26 - 2014-11-25 14:26 - 00266576 _____ () C:\Windows\Minidump\112514-22838-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 21:30 - 2012-02-09 12:43 - 01183947 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 21:24 - 2012-08-12 05:39 - 00032526 _____ () C:\Windows\setupact.log
2014-12-19 21:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-19 21:23 - 2012-02-23 19:33 - 02199142 _____ () C:\Windows\PFRO.log
2014-12-19 21:23 - 2012-02-07 03:17 - 00021825 _____ () C:\Windows\cscmondump.bin
2014-12-19 21:22 - 2012-02-01 11:07 - 00000000 ____D () C:\Users\Tamie
2014-12-19 21:00 - 2014-10-23 13:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-19 18:59 - 2014-08-29 08:54 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2441871948-3768005810-3075255544-1001UA.job
2014-12-19 17:19 - 2012-02-06 17:19 - 00000464 _____ () C:\Windows\Tasks\COMODO Updater.job
2014-12-19 09:59 - 2014-08-29 08:54 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2441871948-3768005810-3075255544-1001Core.job
2014-12-19 03:06 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-19 03:06 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 19:41 - 2012-12-14 06:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-18 07:27 - 2009-07-14 00:13 - 00782336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 06:20 - 2012-02-07 03:17 - 03635494 _____ () C:\Windows\CSC_ActiveCleanLog.dat
2014-12-17 06:20 - 2012-02-07 03:17 - 02024238 _____ () C:\Windows\CSC_ServiceDump.dat
2014-12-17 06:19 - 2012-12-21 16:57 - 00000024 _____ () C:\Users\Tamie\random.dat
2014-12-16 13:09 - 2012-12-21 16:57 - 00000044 _____ () C:\Users\Tamie\jagex_cl_runescape_LIVE.dat
2014-12-16 12:58 - 2012-12-21 16:57 - 00000000 ____D () C:\Users\Tamie\jagexcache
2014-12-15 08:06 - 2013-01-22 21:27 - 00000000 ____D () C:\Users\Tamie\AppData\Roaming\vlc
2014-12-14 21:11 - 2014-06-03 19:26 - 00002994 _____ () C:\Users\Tamie\Desktop\Rkill.txt
2014-12-12 15:40 - 2014-03-29 15:52 - 00003338 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2441871948-3768005810-3075255544-1006
2014-12-12 15:40 - 2013-12-22 17:13 - 00003202 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2441871948-3768005810-3075255544-1006
2014-12-11 11:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:19 - 2014-06-19 05:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:03 - 2012-02-05 20:42 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 23:00 - 2014-10-23 13:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 23:00 - 2012-06-06 18:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 23:00 - 2012-02-01 22:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 16:05 - 2012-06-21 08:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-09 21:39 - 2012-02-06 16:46 - 00000000 ____D () C:\Users\Mike n Tamie\AppData\Local\SoftThinks
2014-12-09 21:39 - 2012-02-06 16:46 - 00000000 ____D () C:\Users\Mike n Tamie
2014-12-09 21:39 - 2010-05-22 01:38 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-07 19:00 - 2014-06-17 19:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-07 18:04 - 2014-06-17 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 18:04 - 2014-06-17 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-07 17:40 - 2014-06-03 19:26 - 00000000 ____D () C:\Users\Tamie\Desktop\rkill
2014-12-06 16:52 - 2012-02-06 16:48 - 00076704 _____ () C:\Users\Mike n Tamie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-06 16:52 - 2012-02-06 16:47 - 00001419 _____ () C:\Users\Mike n Tamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 16:51 - 2013-05-16 07:17 - 00000632 __RSH () C:\Users\Mike n Tamie\ntuser.pol
2014-12-06 08:11 - 2013-05-16 09:13 - 00000000 ____D () C:\Users\kids\AppData\Roaming\KidZui
2014-12-05 13:31 - 2012-02-06 09:57 - 00000646 _____ () C:\Users\Tamie\AppData\Roaming\wklnhst.dat
2014-12-03 21:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
2014-12-03 12:43 - 2012-02-02 09:01 - 00000000 ____D () C:\Users\Tamie\AppData\Roaming\BitTorrent
2014-12-03 11:27 - 2012-02-05 19:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-02 10:13 - 2013-05-16 07:19 - 00000000 ____D () C:\Users\kids
2014-11-25 15:24 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-25 15:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-25 14:26 - 2014-03-18 07:38 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 14:04 - 2012-02-05 18:30 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 06:14 - 2014-06-17 19:05 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-06-17 19:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2012-02-02 07:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

ZeroAccess:
C:\Users\Tamie\AppData\Local\{3a1b787d-1b9b-ccda-f786-73092e8957e0}
C:\Users\Tamie\AppData\Local\{3a1b787d-1b9b-ccda-f786-73092e8957e0}\@
C:\Users\Tamie\AppData\Local\{3a1b787d-1b9b-ccda-f786-73092e8957e0}\U\00000004.@

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.js
C:\Users\Tamie\jagex_cl_oldschool_LIVE.dat
C:\Users\Tamie\jagex_cl_runescape_LIVE.dat
C:\Users\Tamie\random.dat


Some content of TEMP:
====================
C:\Users\kids\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mike n Tamie\AppData\Local\Temp\rtdrvmon.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 00:20

==================== End Of Log ============================

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 20 December 2014 - 09:30 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 - (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} - No File
SearchScopes: HKLM -> {06406E3E-896A-4078-AD52-8E7BFC2EB035} URL = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -> {DD317547-2991-4AA9-A7EB-4F8096D94E2E} URL = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 -> {9116E451-166E-452C-A8AC-1BCCE07236CF} URL = http://findgala.com/?&uid=8050&q={searchTerms}
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2441871948-3768005810-3075255544-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tamie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-12-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-14]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\1dbd5effa041e2817221c26303724259 [2014-12-02]
CHR Extension: (Google Wallet) - C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
AlternateDataStreams: C:\ProgramData\TEMP:00258EE7
AlternateDataStreams: C:\ProgramData\TEMP:081C5B23
AlternateDataStreams: C:\ProgramData\TEMP:9EDCE563
AlternateDataStreams: C:\ProgramData\TEMP:A2FC7F08
AlternateDataStreams: C:\ProgramData\TEMP:E0F2FC9A
C:\Users\kids\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mike n Tamie\AppData\Local\Temp\rtdrvmon.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

How is the computer running now?

#6 pulaskimike

pulaskimike
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 20 December 2014 - 10:14 PM

Thank you!  The computer is noticeably faster, and I have not seen a pop-up or re-direct since following your directions.  I neglected to click report before closing, and cannot locate the log.  Will be happy to provide it if you can suggest a file name to look for; RKreport does not exist.   Is there anything more I should do?

Again, I am grateful for your assistance.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014
Ran by Tamie at 2014-12-20 21:06:52 Run:1
Running from C:\Users\Tamie\Downloads
Loaded Profile: Tamie (Available profiles: Tamie & Mike n Tamie & kids)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 - (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} - No File
SearchScopes: HKLM -> {06406E3E-896A-4078-AD52-8E7BFC2EB035} URL = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -> {DD317547-2991-4AA9-A7EB-4F8096D94E2E} URL = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 -> {9116E451-166E-452C-A8AC-1BCCE07236CF} URL = http://findgala.com/?&uid=8050&q={searchTerms}
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKU\S-1-5-21-2441871948-3768005810-3075255544-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2441871948-3768005810-3075255544-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tamie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-12-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-14]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\1dbd5effa041e2817221c26303724259 [2014-12-02]
CHR Extension: (Google Wallet) - C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
AlternateDataStreams: C:\ProgramData\TEMP:00258EE7
AlternateDataStreams: C:\ProgramData\TEMP:081C5B23
AlternateDataStreams: C:\ProgramData\TEMP:9EDCE563
AlternateDataStreams: C:\ProgramData\TEMP:A2FC7F08
AlternateDataStreams: C:\ProgramData\TEMP:E0F2FC9A
C:\Users\kids\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mike n Tamie\AppData\Local\Temp\rtdrvmon.exe

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06406E3E-896A-4078-AD52-8E7BFC2EB035}" => Key deleted successfully.
HKCR\CLSID\{06406E3E-896A-4078-AD52-8E7BFC2EB035} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DD317547-2991-4AA9-A7EB-4F8096D94E2E}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DD317547-2991-4AA9-A7EB-4F8096D94E2E} => Key could not be deleted. Error: -1073741772
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9116E451-166E-452C-A8AC-1BCCE07236CF}" => Key deleted successfully.
HKCR\CLSID\{9116E451-166E-452C-A8AC-1BCCE07236CF} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key could not be deleted. Error: -1073741772
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key deleted successfully.
HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => Moved successfully.
"HKU\S-1-5-21-2441871948-3768005810-3075255544-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => Key deleted successfully.
C:\Users\Tamie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\1dbd5effa041e2817221c26303724259 => Moved successfully.
C:\Users\Tamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\ProgramData\TEMP => ":00258EE7" ADS removed successfully.
C:\ProgramData\TEMP => ":081C5B23" ADS removed successfully.
C:\ProgramData\TEMP => ":9EDCE563" ADS removed successfully.
C:\ProgramData\TEMP => ":A2FC7F08" ADS removed successfully.
C:\ProgramData\TEMP => ":E0F2FC9A" ADS removed successfully.
C:\Users\kids\AppData\Local\Temp\rtdrvmon.exe => Moved successfully.
C:\Users\Mike n Tamie\AppData\Local\Temp\rtdrvmon.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 21 December 2014 - 08:48 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 pulaskimike

pulaskimike
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 21 December 2014 - 08:19 PM

Downloaded and ran securitycheck as directed.  When run I see a window open for a fraction of a second before it disappears.  Nothing after that.  Otherwise the computer appears to belong to me again.  Normal speed, no pop-ups or redirects.  Many thanks.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 22 December 2014 - 08:46 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 28 December 2014 - 08:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users