Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Unknown Virus/Browser Redirector or Hijacker


  • This topic is locked This topic is locked
14 replies to this topic

#1 bsbeasley

bsbeasley

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 08 January 2015 - 06:12 PM

Hello,

 

My computer is infected with a virus of some type and I have not been able to remove it using all types of scanning tools (some of which I probably shouldn't have run). Anything I have tried hasn't worked.  Please help.  When I click on any website it opens another window with some bogus ads.  Please help.  The requested logs are attached.

 

Thanks

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16599  BrowserJavaVersion: 10.71.2
Run by Shayne at 17:49:18 on 2015-01-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2045.473 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I08295839-D2A9-4A8B-89E5-B6E5B9D0CF20&SearchSource=55&CUI=&UM=8&UP=SP58186874-EC9A-40D9-9808-8D4772FC4094&SSPV=
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070927
mStart Page = hxxp://websearch.searchoholic.info/?pid=20495&r=2015/01/02&hid=6725472678769918110&lg=EN&cc=US&unqvl=72
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070927
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: unnIsauLEs: {0544960f-2f89-47d0-afbb-0181753e5f6e} - c:\program files\unnisaules\2HlDWwG2npOKVG.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\program files\mcafee\msk\mskapbho.dll
BHO: uniSialles: {51762d10-792f-4685-80a9-f94e07c03abe} - c:\program files\unisialles\nC662cf6zPGjHy.dll
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: OptOOn: {77152ce4-fc91-4325-b70f-25f03abf6245} - c:\program files\optoon\PHCGpLCLFFNPr5.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100809095334.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: youtubeadblocker: {bd1364ab-43b5-4845-9e65-2e7c70fbc482} - c:\program files\youtubeadblocker\2wREOjgifCSwIZ.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [NETGEARGenie] "c:\program files\netgear genie\bin\NETGEARGenie.exe" -mini -redirect
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeimage.resources\pl.lproj\quicktimeresourcesquicktimeresources.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: tjlwxynhebspxfbzyjfdTaskMgr = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\wpclsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.nbt-cpa.com/XTSAC.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{541F07E2-7521-4103-A4B3-6AB8A1377315} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg wsauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-9 385880]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 CouponPrinterService;Coupon Printer Service;c:\program files\coupons\CouponPrinterService.exe [2014-2-13 154096]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-9-7 87992]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-20 21504]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2012-12-20 6656]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2009-8-11 132392]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-11-15 137528]
R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2014-11-6 195840]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2014-8-9 35088]
S2 24c54e38;DeltaFix;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2013-3-20 6272]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-26 30192]
S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2011-1-16 52432]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-30 114904]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-9 152320]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-9 51688]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2013-3-26 26240]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2013-3-19 21376]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2013-3-19 23936]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
.
=============== File Associations ===============
.
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
2015-01-05 23:24:59 -------- d-----w- c:\programdata\RogueKiller
2015-01-05 22:57:23 -------- d-----w- c:\programdata\HitmanPro
2015-01-05 04:18:09 -------- d-----w- c:\users\shayne\appdata\local\temp(829)
2015-01-05 01:50:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-02 01:50:26 -------- d-----w- c:\program files\uniSialles
2015-01-02 01:50:19 -------- d-----w- c:\programdata\golmdcfkcabffiiljfnjpmafbjlbhhho
2015-01-02 01:49:05 -------- d-----w- c:\program files\OptOOn
2015-01-02 01:48:56 -------- d-----w- c:\programdata\andbmcggnlemhcaomjondafndioccoen
2015-01-02 01:48:37 18872 ----a-w- c:\windows\system32\drivers\SPPD.sys
2015-01-02 01:44:27 -------- d-----w- c:\program files\DeltaFix
2015-01-02 01:44:14 -------- d-----w- c:\program files\Share the Wealth
2015-01-02 01:43:58 -------- d-----w- c:\program files\youtubeadblocker
2015-01-02 01:43:46 -------- d-----w- c:\program files\unnIsauLEs
2015-01-02 01:43:36 -------- d-----w- c:\programdata\13904208859109274752
2015-01-02 01:43:35 -------- d-----w- c:\program files\uniSalles
2015-01-02 01:43:18 -------- d-----w- c:\programdata\eibghaeplockpjieimjdlaogelfkliia
2014-12-11 08:11:35 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-11 08:11:14 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-11 08:00:45 278528 ----a-w- c:\windows\system32\schannel.dll
.
==================== Find3M  ====================
.
2014-12-29 14:17:36 96784 ----a-w- c:\windows\system32\packet.dll
2014-12-29 14:17:36 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2014-12-29 14:17:36 281104 ----a-w- c:\windows\system32\wpcap.dll
2014-12-10 11:56:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 11:56:04 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-30 20:31:45 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-24 20:44:32 367104 ----a-w- c:\windows\system32\html.iec
2014-11-24 20:40:49 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-11-24 20:35:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-24 20:33:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-11-24 20:32:47 11776 ----a-w- c:\windows\system32\mshta.exe
2014-11-24 20:32:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-18 19:56:48 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-02 20:40:25 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-24 01:04:29 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-24 01:03:40 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-12 23:34:54 2054656 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:51:15.36 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:15 AM

Posted 08 January 2015 - 11:30 PM

Hello bsbeasley,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 bsbeasley

bsbeasley
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 January 2015 - 12:51 PM

Here are the requested logs.  Thanks for helping.

 

# AdwCleaner v4.107 - Report created 10/01/2015 at 12:31:30
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Shayne - OFFICE-PC
# Running from : C:\Users\Shayne\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : YahooAUService
[#] Service Deleted : Skype C2C Service
[#] Service Deleted : 24c54e38
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\13904208859109274752
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\DeltaFix
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Debra\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Debra\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Debra\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Shayne\AppData\Local\Obrona Block Ads
Folder Deleted : C:\Users\Shayne\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Shayne\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Shayne\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Shayne\AppData\Roaming\catalina – print savings
Folder Deleted : C:\Users\Shayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
Folder Deleted : C:\Users\Debra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Classes\P0544960f_2f89_47d0_afbb_0181753e5f6e_.P0544960f_2f89_47d0_afbb_0181753e5f6e_
Key Deleted : HKLM\SOFTWARE\Classes\P0544960f_2f89_47d0_afbb_0181753e5f6e_.P0544960f_2f89_47d0_afbb_0181753e5f6e_.9
Key Deleted : HKLM\SOFTWARE\Classes\P51762d10_792f_4685_80a9_f94e07c03abe_.P51762d10_792f_4685_80a9_f94e07c03abe_
Key Deleted : HKLM\SOFTWARE\Classes\P51762d10_792f_4685_80a9_f94e07c03abe_.P51762d10_792f_4685_80a9_f94e07c03abe_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pbd1364ab_43b5_4845_9e65_2e7c70fbc482_.Pbd1364ab_43b5_4845_9e65_2e7c70fbc482_
Key Deleted : HKLM\SOFTWARE\Classes\Pbd1364ab_43b5_4845_9e65_2e7c70fbc482_.Pbd1364ab_43b5_4845_9e65_2e7c70fbc482_.9
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2642709
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856416
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0544960f-2f89-47d0-afbb-0181753e5f6e}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51762d10-792f-4685-80a9-f94e07c03abe}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bd1364ab-43b5-4845-9e65-2e7c70fbc482}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0544960f-2f89-47d0-afbb-0181753e5f6e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51762d10-792f-4685-80a9-f94e07c03abe}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd1364ab-43b5-4845-9e65-2e7c70fbc482}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0544960f-2f89-47d0-afbb-0181753e5f6e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{51762d10-792f-4685-80a9-f94e07c03abe}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd1364ab-43b5-4845-9e65-2e7c70fbc482}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Red Sky
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\bflixtoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\bflixtoolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.3
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Debra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aaaaojmikegpiepcfdkkjaplodkpfmlo
[C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
*************************
 
AdwCleaner[R0].txt - [16449 octets] - [10/01/2015 12:29:30]
AdwCleaner[S0].txt - [15962 octets] - [10/01/2015 12:31:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16023 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by Shayne (administrator) on OFFICE-PC on 10-01-2015 12:45:17
Running from C:\Users\Shayne\Desktop
Loaded Profiles: Shayne & UpdatusUser (Available profiles: Shayne & Debra & Daniel & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296056 2012-01-24] (RealNetworks, Inc.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\RunServices: [QuickTimeResourcesQuickTimeResources] => c:\program files\quicktime\qtsystem\quicktimeimage.resources\pl.lproj\quicktimeresourcesquicktimeresources.exe
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Run: [OpenDNS Updater] => C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Policies\system: [tjlwxynhebspxfbzyjfdTaskMgr] 0
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\MountPoints2: {3fb9344a-86c2-11e4-a9e7-001aa0958126} - L:\MotoCastSetup.exe -a
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\MountPoints2: {863c855b-e3b5-11e1-9cba-001aa0958126} - L:\MotoCastSetup.exe -a
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\MountPoints2: {bd81b022-b98f-11e1-885f-001aa0958126} - K:\MotoCastSetup.exe -a
HKU\S-1-5-21-3147829691-642228916-3244577132-1006\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3147829691-642228916-3244577132-1006\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-18] (Google)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3147829691-642228916-3244577132-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:54872
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070927
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070927
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3147829691-642228916-3244577132-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: OptOOn -> {77152ce4-fc91-4325-b70f-25f03abf6245} -> C:\Program Files\OptOOn\PHCGpLCLFFNPr5.dll ()
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100809095334.dll (McAfee, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {1E7E4DE1-5EF4-4BAA-9250-C26258DC499A} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3147829691-642228916-3244577132-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3147829691-642228916-3244577132-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3147829691-642228916-3244577132-1000 -> No Name - {F29557FD-78AA-40E6-ABA8-9FA219764018} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://remote.nbt-cpa.com/XTSAC.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @doubletwist.com/NPPodcast -> C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=15.0.1.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.1.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.1.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3147829691-642228916-3244577132-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Shayne\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF Plugin HKU\S-1-5-21-3147829691-642228916-3244577132-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Shayne\AppData\Roaming\CATALI~2\NPBCSK~1.DLL No File
FF Plugin HKU\S-1-5-21-3147829691-642228916-3244577132-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
FF HKLM\...\Firefox\Extensions: [{E783F80B-9F53-4DA7-B366-0812300DF932}] - C:\Users\Shayne\AppData\Local\{E783F80B-9F53-4DA7-B366-0812300DF932}
FF Extension: XULRunner - C:\Users\Shayne\AppData\Local\{E783F80B-9F53-4DA7-B366-0812300DF932} [2010-08-03]
FF HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Shayne\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Shayne\AppData\Roaming\Move Networks [2008-09-19]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Move Streaming Media Player) - C:\Users\Shayne\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-27]
CHR Extension: (Google Search) - C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-27]
CHR Extension: (Google Wallet) - C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Shayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-27]
CHR Extension: (OptOOn) - C:\ProgramData\andbmcggnlemhcaomjondafndioccoen\ [2012-09-27]
CHR Extension: (uniSalles) - C:\ProgramData\eibghaeplockpjieimjdlaogelfkliia\ [2012-09-27]
CHR Extension: (uniSialles) - C:\ProgramData\golmdcfkcabffiiljfnjpmafbjlbhhho\ [2012-09-27]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation) [File not signed]
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-10-15] (Coupons.com Inc.)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2007-09-26] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-08-12] (Juniper Networks)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-18] (Google)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [132392 2009-08-11] (Juniper Networks)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [364216 2010-04-15] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MSSQL$SOSHOME309; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-11-20] (VMware, Inc.)
R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2012-12-03] (VMware, Inc.) [File not signed]
R2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [472216 2012-12-08] (VMware, Inc.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" "Start=service" [X]
S2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [X]
S2 McNASvc; "c:\program files\common files\mcafee\mna\mcnasvc.exe" [X]
S2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [X]
S3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [X]
S2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [X]
S2 RoxWatch9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2009-08-12] (Juniper Networks)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-11-20] (VMware, Inc.)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2012-12-20] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 klmd23; C:\Windows\System32\drivers\klmd.sys [52432 2011-01-16] (Kaspersky Lab, SLA)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-30] (Malwarebytes Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [152320 2010-05-31] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [51688 2010-05-31] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [385880 2010-05-31] (McAfee, Inc.)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-12-29] (CACE Technologies, Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-11-20] (VMware, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Shayne\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 mferkdk; system32\drivers\mferkdk.sys [X]
S3 mfesmfk; system32\drivers\mfesmfk.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S1 MPFP; System32\Drivers\Mpfp.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 RDPENCDD; system32\drivers\rdpencdd.sys [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]
U5 sstD1B4; C:\Windows\system32\drivers\sstD1B4.sys [229376 2010-12-08] (Microsoft Corporation) [File not signed]
S0 tclondrv; system32\DRIVERS\tclondrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 12:45 - 2015-01-10 12:46 - 00030778 _____ () C:\Users\Shayne\Desktop\FRST.txt
2015-01-10 12:44 - 2015-01-10 12:45 - 00000000 ____D () C:\FRST
2015-01-10 12:43 - 2015-01-10 12:43 - 01115648 _____ (Farbar) C:\Users\Shayne\Desktop\FRST.exe
2015-01-10 12:29 - 2015-01-10 12:36 - 00000000 ____D () C:\AdwCleaner
2015-01-10 12:29 - 2015-01-10 12:29 - 02191360 _____ () C:\Users\Shayne\Downloads\AdwCleaner.exe
2015-01-08 17:51 - 2015-01-08 17:52 - 00020013 _____ () C:\Users\Shayne\Desktop\dds.txt
2015-01-08 17:51 - 2015-01-08 17:52 - 00015620 _____ () C:\Users\Shayne\Desktop\attach.txt
2015-01-08 17:46 - 2015-01-08 17:45 - 00688992 ____R (Swearware) C:\Users\Shayne\Desktop\dds.com
2015-01-08 17:45 - 2015-01-08 17:45 - 00688992 _____ (Swearware) C:\Users\Shayne\Downloads\dds.com
2015-01-05 20:00 - 2015-01-05 20:00 - 00150496 _____ () C:\Windows\Minidump\Mini010515-01.dmp
2015-01-05 18:24 - 2015-01-05 18:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-05 17:57 - 2015-01-05 18:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-04 23:18 - 2015-01-05 19:03 - 00000000 ____D () C:\Users\Shayne\AppData\Local\temp(829)
2015-01-04 23:18 - 2015-01-04 23:18 - 00014008 _____ () C:\ComboFix.txt
2015-01-04 23:18 - 2015-01-04 23:18 - 00000000 ____D () C:\Users\Debra\AppData\Local\temp(231)
2015-01-04 23:18 - 2015-01-04 23:18 - 00000000 ____D () C:\Users\Daniel\AppData\Local\temp(230)
2015-01-04 20:50 - 2015-01-04 21:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-04 20:48 - 2015-01-04 21:20 - 00000000 ____D () C:\Users\Shayne\Desktop\mbar
2015-01-01 21:30 - 2015-01-05 22:23 - 00000000 ____D () C:\Users\Shayne\Downloads\DROID_RAZR_Utility_Jellybean_XT912_WinMacLin
2015-01-01 20:55 - 2015-01-01 21:26 - 503317180 _____ () C:\Users\Shayne\Downloads\DROID_RAZR_Utility_Jellybean_XT912_WinMacLin.zip
2015-01-01 20:50 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files\uniSialles
2015-01-01 20:50 - 2015-01-01 20:50 - 00000000 ____D () C:\ProgramData\golmdcfkcabffiiljfnjpmafbjlbhhho
2015-01-01 20:49 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files\OptOOn
2015-01-01 20:48 - 2015-01-01 20:54 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-01-01 20:44 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files\Share the Wealth
2015-01-01 20:44 - 2015-01-01 20:44 - 00269640 _____ () C:\Users\Shayne\Downloads\MediaPlayerClassicInstaller.exe
2015-01-01 20:43 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files\youtubeadblocker
2015-01-01 20:43 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files\unnIsauLEs
2015-01-01 20:43 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files\uniSalles
2015-01-01 20:43 - 2015-01-01 20:43 - 00000000 ____D () C:\ProgramData\eibghaeplockpjieimjdlaogelfkliia
2015-01-01 20:42 - 2015-01-01 20:42 - 01341440 _____ () C:\Users\Shayne\Downloads\DROID_RAZR_Utility_Jellybean_XT912_WinMacLin.zip.exe
2015-01-01 19:43 - 2015-01-01 19:43 - 33001984 _____ (Motorola Mobility) C:\Users\Shayne\Downloads\MotorolaDeviceManager_2.3.4.exe
2015-01-01 11:14 - 2015-01-01 11:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Motousbnet_01009.Wdf
2015-01-01 11:14 - 2015-01-01 11:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motfilt_01009.Wdf
2015-01-01 11:13 - 2015-01-01 11:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motccgp_01009.Wdf
2014-12-31 15:47 - 2014-12-31 15:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motoandroid_01009.Wdf
2014-12-31 15:45 - 2014-12-31 15:45 - 00000000 ____D () C:\Users\Shayne\Downloads\motochopper
2014-12-31 15:43 - 2014-12-31 15:43 - 02416819 _____ () C:\Users\Shayne\Downloads\motochopper.zip
2014-12-22 18:07 - 2014-12-22 18:07 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-12-11 03:11 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 03:11 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 03:00 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 12:44 - 2007-09-26 18:07 - 01926302 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 12:42 - 2006-11-02 05:33 - 00843076 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 12:38 - 2012-06-21 19:41 - 00000000 ____D () C:\Temp
2015-01-10 12:38 - 2009-12-24 17:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 12:38 - 2009-09-20 16:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-10 12:38 - 2007-09-26 18:38 - 00280624 _____ () C:\Windows\PFRO.log
2015-01-10 12:38 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 12:38 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 12:38 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 12:37 - 2006-11-02 08:01 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-10 11:56 - 2012-07-12 19:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 11:47 - 2009-12-24 17:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 01:56 - 2012-10-21 20:56 - 00001356 _____ () C:\Users\Debra\AppData\Local\d3d9caps.dat
2015-01-05 22:23 - 2014-08-09 10:40 - 00000000 ____D () C:\Users\Shayne\AppData\Local\NETGEARGenie
2015-01-05 22:23 - 2014-02-12 15:42 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\ICAClient
2015-01-05 22:23 - 2013-06-04 18:37 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\Skype
2015-01-05 22:23 - 2012-10-01 20:08 - 00000000 ____D () C:\Users\Shayne\AppData\Local\InstallAgent
2015-01-05 22:23 - 2012-06-21 18:49 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\MotoCast
2015-01-05 22:23 - 2012-04-10 20:32 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\SmartDraw
2015-01-05 22:23 - 2012-03-11 20:20 - 00000000 ____D () C:\Users\Daniel
2015-01-05 22:23 - 2011-05-02 19:11 - 00000000 ____D () C:\Users\Shayne\Documents\CopyTransv4.640[1]
2015-01-05 22:23 - 2011-04-25 11:05 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Critical Thinking Games
2015-01-05 22:23 - 2011-02-13 17:37 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\vlc
2015-01-05 22:23 - 2011-02-13 17:37 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\playitall
2015-01-05 22:23 - 2011-02-02 15:53 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
2015-01-05 22:23 - 2011-02-02 15:53 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\Catalina Marketing Corp
2015-01-05 22:23 - 2010-08-03 18:01 - 00000000 ____D () C:\Users\Shayne\AppData\Local\{E783F80B-9F53-4DA7-B366-0812300DF932}
2015-01-05 22:23 - 2010-05-29 20:58 - 00000000 ____D () C:\Users\Shayne\Desktop\Clean Up
2015-01-05 22:23 - 2010-01-21 21:29 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
2015-01-05 22:23 - 2008-09-19 07:14 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\Move Networks
2015-01-05 22:23 - 2008-05-01 19:27 - 00000000 ____D () C:\Users\Shayne\AppData\Local\Microsoft Help
2015-01-05 22:23 - 2007-09-30 20:37 - 00000000 ____D () C:\Users\Debra
2015-01-05 22:23 - 2007-09-28 17:07 - 00000000 ___RD () C:\Users\Shayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-05 22:23 - 2007-09-28 17:07 - 00000000 ___RD () C:\Users\Shayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-05 22:23 - 2007-09-28 17:07 - 00000000 ____D () C:\Users\Shayne
2015-01-05 22:23 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2015-01-05 22:23 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-01-05 22:23 - 2006-11-02 05:22 - 63963136 _____ () C:\Windows\system32\config\software_previous
2015-01-05 22:22 - 2014-11-30 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 22:22 - 2014-11-30 15:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-05 22:22 - 2010-03-31 20:06 - 00000000 ____D () C:\32788R22FWJFW
2015-01-05 22:22 - 2010-03-07 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-05 22:22 - 2010-03-07 17:49 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-05 22:22 - 2010-01-21 20:28 - 00000000 ____D () C:\Windows\ERDNT
2015-01-05 22:22 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2015-01-05 22:22 - 2006-11-02 05:22 - 26214400 _____ () C:\Windows\system32\config\system_previous
2015-01-05 22:05 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-01-05 22:05 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-01-05 20:00 - 2009-12-26 04:21 - 182270845 _____ () C:\Windows\MEMORY.DMP
2015-01-05 20:00 - 2009-12-26 04:21 - 00000000 ____D () C:\Windows\Minidump
2015-01-05 18:58 - 2006-11-02 05:22 - 40108032 _____ () C:\Windows\system32\config\components_previous
2015-01-05 18:58 - 2006-11-02 05:22 - 01835008 _____ () C:\Windows\system32\config\default_previous
2015-01-04 23:18 - 2010-01-21 20:27 - 00000000 ____D () C:\Qoobox
2015-01-04 16:20 - 2011-10-26 20:34 - 00013724 _____ () C:\Users\Shayne\Documents\New Budget.xlsx
2015-01-04 15:01 - 2007-09-29 14:39 - 00000000 ____D () C:\Program Files\Microsoft Money
2015-01-01 11:15 - 2006-11-02 07:52 - 00024611 _____ () C:\Windows\setupact.log
2014-12-31 13:39 - 2011-07-02 16:34 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-31 13:39 - 2008-03-15 20:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-29 09:17 - 2014-08-09 10:40 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2014-12-29 09:17 - 2014-08-09 10:40 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2014-12-29 09:17 - 2014-08-09 10:40 - 00035088 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2014-12-29 09:17 - 2014-08-09 10:40 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2014-12-29 09:17 - 2014-08-09 10:40 - 00001833 _____ () C:\Users\Public\Desktop\NETGEAR Genie.lnk
2014-12-26 07:35 - 2014-02-12 16:03 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\VMware
2014-12-22 18:07 - 2014-02-12 15:45 - 00000000 ____D () C:\Users\Shayne\AppData\Roaming\Juniper Networks
2014-12-12 09:49 - 2012-09-27 19:12 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 03:46 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:12 - 2007-09-26 18:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:09 - 2014-11-02 18:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:03 - 2006-11-02 05:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Some content of TEMP:
====================
C:\Users\Debra\AppData\Local\temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Debra\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\7z.dll
C:\Users\Shayne\AppData\Local\temp\7z.exe
C:\Users\Shayne\AppData\Local\temp\APNSetup.exe
C:\Users\Shayne\AppData\Local\temp\APNStub.exe
C:\Users\Shayne\AppData\Local\temp\aqfitrlxi2.exe
C:\Users\Shayne\AppData\Local\temp\brdss.exe
C:\Users\Shayne\AppData\Local\temp\dtkill.exe
C:\Users\Shayne\AppData\Local\temp\Executor.exe
C:\Users\Shayne\AppData\Local\temp\format.exe
C:\Users\Shayne\AppData\Local\temp\GLF21B2.tmp.ConduitEngineSetup.exe
C:\Users\Shayne\AppData\Local\temp\htfad4.exe
C:\Users\Shayne\AppData\Local\temp\install_flashplayer11x32axau_mssd_aaa_aih.exe
C:\Users\Shayne\AppData\Local\temp\install_flashplayer11x32axau_mssd_aaa_aih_1.exe
C:\Users\Shayne\AppData\Local\temp\jna3840533547659010243.dll
C:\Users\Shayne\AppData\Local\temp\jna4283021498371631171.dll
C:\Users\Shayne\AppData\Local\temp\jna4699122582466968465.dll
C:\Users\Shayne\AppData\Local\temp\jna4905797150975016730.dll
C:\Users\Shayne\AppData\Local\temp\jna721666303844498894.dll
C:\Users\Shayne\AppData\Local\temp\jna7686306588193766337.dll
C:\Users\Shayne\AppData\Local\temp\jna8565059922990306782.dll
C:\Users\Shayne\AppData\Local\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Shayne\AppData\Local\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Shayne\AppData\Local\temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\kock.exe
C:\Users\Shayne\AppData\Local\temp\lowproc.exe
C:\Users\Shayne\AppData\Local\temp\MotoCastUpdate_2.0023.exe
C:\Users\Shayne\AppData\Local\temp\MotoCastUpdate_2.0031.exe
C:\Users\Shayne\AppData\Local\temp\MotoCast_Installer_2.0019.exe
C:\Users\Shayne\AppData\Local\temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Shayne\AppData\Local\temp\nsj767C.exe
C:\Users\Shayne\AppData\Local\temp\nsjB548.exe
C:\Users\Shayne\AppData\Local\temp\nsoAC42.exe
C:\Users\Shayne\AppData\Local\temp\nss2FCB.exe
C:\Users\Shayne\AppData\Local\temp\nst718B.exe
C:\Users\Shayne\AppData\Local\temp\ObronaBlockAds.exe
C:\Users\Shayne\AppData\Local\temp\ploper.exe
C:\Users\Shayne\AppData\Local\temp\prxGLF21B2.tmp.tbRadi.dll
C:\Users\Shayne\AppData\Local\temp\Quarantine.exe
C:\Users\Shayne\AppData\Local\temp\rtfme.exe
C:\Users\Shayne\AppData\Local\temp\safe.exe
C:\Users\Shayne\AppData\Local\temp\Setup.exe
C:\Users\Shayne\AppData\Local\temp\SkypeSetup.exe
C:\Users\Shayne\AppData\Local\temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Shayne\AppData\Local\temp\sqlite3.dll
C:\Users\Shayne\AppData\Local\temp\SSUPDATE.EXE
C:\Users\Shayne\AppData\Local\temp\stubhelper.dll
C:\Users\Shayne\AppData\Local\temp\swt-win32-3349.dll
C:\Users\Shayne\AppData\Local\temp\tbRadi.dll
C:\Users\Shayne\AppData\Local\temp\warsddd_w.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-10 12:44
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2015
Ran by Shayne at 2015-01-10 12:46:40
Running from C:\Users\Shayne\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1.29 (HKLM\...\{B91DF289-D36F-40D7-9CD6-1983E3DD0848}_is1) (Version:  - Linksador)
2012 CFE Exam Prep Course (HKLM\...\{8E1DD207-A234-493A-8154-7D8AB492C99C}) (Version: 1.00.0818 - Association of Certified Fraud Examiners)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Algebra 2 Teaching Textbook (HKLM\...\Algebra 2 Teaching Textbook) (Version:  - Teaching Textbooks Inc.)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bible Navigator Deluxe Edition (HKLM\...\Bible Navigator Deluxe Edition) (Version: 1 - WORDsearch Corp)
BondedCore (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}) (Version:  - TrimEngine) <==== ATTENTION
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Driver Download Manager (HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
doubleTwist (HKLM\...\doubleTwist) (Version: 3.2.2.17028 - doubleTwist Corporation)
Editor in Chief® Level C Demo (HKLM\...\Editor in Chief® Level C Demo) (Version:  - )
EphPod (HKLM\...\EphPod) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
Geometry Teaching Textbook (HKLM\...\Geometry Teaching Textbook) (Version:  - Teaching Textbooks Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017F0}) (Version: 7.0.170 - Oracle)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Juniper Installer Service (HKLM\...\{96497EAB-A0B9-409F-B7ED-E9807D21CDB7}) (Version: 2.1.1.4401 - Juniper Networks)
Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.14599 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Juniper_Setup_Client) (Version: 2.1.1.4401 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Terminal Services Client (HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Juniper_Term_Services) (Version: 6.5.0.14599 - Juniper Networks)
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
Learn To Speak Spanish Deluxe 10 (HKLM\...\{D534BAD7-44F7-463F-A756-90D17D547152}) (Version: 10.00 - Individual Software Inc.)
linksadoor 1.29 (HKLM\...\linksadoor_is1) (Version: 1.2.9.0 - linksadoor.com)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing Deluxe 17 (HKLM\...\Mavis Beacon Teaches Typing Deluxe 17) (Version:  - )
McAfee SecurityCenter (HKLM\...\MSC) (Version: 10.5.194 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoCast (HKLM\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Move Media Player (HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Move Media Player) (Version:  - Move Networks)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multiple Choice Quiz Maker 12.8.0 (HKLM\...\Multiple Choice Quiz Maker_is1) (Version: 12.8.0 - TAC Software)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 296.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.16 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 296.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.43 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9728 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenDNS Updater 2.2.1 (HKLM\...\OpenDNS Updater) (Version: 2.2.1 - )
OptOOn (HKLM\...\{44E4311D-BA06-FD43-505E-17DC53F4C22F}) (Version:  - OptOn)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{083988D7-BDA9-4244-983B-409A634BBC09}) (Version: 13.0.1.220 - SAP)
Share the Wealth (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
ShowInfo (HKLM\...\{5701EFCA-EFA0-4109-BB33-BB461F63088A}) (Version: 2.2.9 - linksador)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.12.13601 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.34.0.1000 - SUPERAntiSpyware.com)
Switched-On Schoolhouse 2012 - Home Edition (HKLM\...\{8147B3F9-BB2D-40B0-A7FD-0A95AC393ECB}) (Version: 7.1.0.19 - Alpha Omega Publications)
Switched-On Schoolhouse 2012 - Home Edition Database (HKLM\...\{5292208F-0A8C-4786-AE22-4F3368098486}) (Version: 7.1.0.19 - Alpha Omega Publications)
Switched-On Schoolhouse 2012 - Home Edition Tutorials (HKLM\...\{83FC4AD2-86A7-42DC-9CEF-30A74D98EAB3}) (Version: 7.1.0.19 - Alpha Omega Publications)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version:  - )
TurboTax Basic 2007 (HKLM\...\TurboTax Basic 2007) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
VMware View Client (HKLM\...\{F0069EF8-0A18-4B53-8D18-697594146D59}) (Version: 5.2.1.937772 - VMware, Inc.)
Yahoo! Music Jukebox (HKLM\...\{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}) (Version: 2.2.2.058 - Yahoo!)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3147829691-642228916-3244577132-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-3147829691-642228916-3244577132-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\Shayne\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll No File
CustomCLSID: HKU\S-1-5-21-3147829691-642228916-3244577132-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\Shayne\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3147829691-642228916-3244577132-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\Shayne\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3147829691-642228916-3244577132-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Shayne\AppData\Local\Temp\1744E\temp\DROID_RAZR_Utility_Jellybean_XT912_WinMacLin.zip.exe ()
CustomCLSID: HKU\S-1-5-21-3147829691-642228916-3244577132-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\Shayne\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3147829691-642228916-3244577132-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\Shayne\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
 
==================== Restore Points  =========================
 
03-01-2015 00:00:04 Scheduled Checkpoint
03-01-2015 22:10:25 Scheduled Checkpoint
04-01-2015 23:55:46 Scheduled Checkpoint
05-01-2015 21:21:34 Scheduled Checkpoint
07-01-2015 00:00:04 Scheduled Checkpoint
08-01-2015 00:00:04 Scheduled Checkpoint
09-01-2015 00:00:00 Scheduled Checkpoint
10-01-2015 00:00:01 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2014-12-29 19:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07C42C8E-7E50-4E14-A8A5-6A55C5A2F625} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {099093A5-CF4D-43C8-B7E3-2F8F67FD200C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1299DD6C-945B-4ED0-86E7-7E9312F9DD39} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3147829691-642228916-3244577132-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {250BC5B9-06F7-4FA2-B899-9CA8A7FB2ACF} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {3A07BB26-30A1-457C-8521-078A6E938F59} - System32\Tasks\RealCreateProcessScheduledTask556060337S-1-5-21-3147829691-642228916-3244577132-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-01-24] (RealNetworks, Inc.)
Task: {4699262C-C092-42BC-9194-62BCC39C08AA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {544F3ADF-08A1-4ABD-9904-3F1962DEEE3D} - System32\Tasks\RealCreateProcessScheduledTask616007933S-1-5-21-3147829691-642228916-3244577132-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-01-24] (RealNetworks, Inc.)
Task: {6807580D-09D2-48B9-84A3-6485FEB62B7A} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {75894E45-87D6-4F4E-B73C-E584E9388140} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Shayne => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {9E4B475C-5247-4C8C-9E6E-ADA719DC6C0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {C5EB88B9-5100-4296-BEEF-01CCDBDFB8CF} - System32\Tasks\MotoCast Update => C:\Program Files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {D72DCE9D-6B85-48EC-9C2A-87E95989829A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {EF36D29A-59D3-47EA-B015-4A5EABB41734} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3147829691-642228916-3244577132-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {F45FF9B1-0AA2-4730-9BF5-04A418C02F35} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.)
Task: {F557AF29-A883-4D37-81BF-BDC74ED977E2} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00128960 _____ () C:\Program Files\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00024496 _____ () C:\Program Files\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 21:37 - 2012-09-07 21:37 - 00466256 _____ () C:\Program Files\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00045992 _____ () C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00034752 _____ () C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2007-09-29 09:00 - 2006-10-26 15:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2010-06-16 16:42 - 2010-06-16 16:42 - 00839680 _____ () C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 04:46 - 2014-11-17 04:46 - 00639488 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2014-11-10 04:55 - 2014-11-10 04:55 - 01686016 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 02:36 - 2014-11-05 02:36 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 02:37 - 2014-11-05 02:37 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 05:53 - 2014-11-14 05:53 - 06499840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2014-06-29 21:05 - 2014-06-29 21:05 - 01183232 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll
2014-11-07 04:13 - 2014-11-07 04:13 - 02475520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 15:27 - 2012-10-15 15:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 02:00 - 2014-11-17 02:00 - 01056768 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 03:39 - 2014-09-11 03:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 02:51 - 2014-11-05 02:51 - 01191424 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 01:21 - 2014-11-17 01:21 - 10374656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 01:18 - 2014-11-17 01:18 - 02496512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 04:39 - 2014-11-06 04:39 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 02:58 - 2014-11-05 02:58 - 00889344 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 03:00 - 2014-11-05 03:00 - 00435712 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 03:23 - 2014-11-03 03:23 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-18 21:22 - 2014-06-18 21:22 - 02177405 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 02:59 - 2014-11-05 02:59 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 03:01 - 2014-11-05 03:01 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 21:33 - 2014-06-29 21:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2014-12-12 09:49 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 09:49 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-11-06 10:28 - 2014-11-06 10:28 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmd23.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\klmd23.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\klmdb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk => C:\Windows\pss\ymetray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ECenter => c:\dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MoneyAgent => "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
MSCONFIG\startupreg: MotoCast => "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TuneClone => C:\Program Files\TuneClone\TuneClone.exe /silence
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: VolPanel => "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: WPCUMI => C:\Windows\system32\WpcUmi.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3147829691-642228916-3244577132-500 - Administrator - Disabled)
Daniel (S-1-5-21-3147829691-642228916-3244577132-1002 - Limited - Enabled) => C:\Users\Daniel
Debra (S-1-5-21-3147829691-642228916-3244577132-1001 - Limited - Enabled) => C:\Users\Debra
Guest (S-1-5-21-3147829691-642228916-3244577132-501 - Limited - Enabled)
Shayne (S-1-5-21-3147829691-642228916-3244577132-1000 - Administrator - Enabled) => C:\Users\Shayne
UpdatusUser (S-1-5-21-3147829691-642228916-3244577132-1006 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/10/2015 00:41:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application IntuitUpdateService.exe, version 1.0.24.0, time stamp 0x484f90d7, faulting module mscorwks.dll, version 2.0.50727.4253, time stamp 0x53a12417, exception code 0xc0000005, fault offset 0x000ddd2d,
process id 0x%9, application start time 0xIntuitUpdateService.exe0.
 
Error: (01/10/2015 00:41:56 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.4253 - Fatal Execution Engine Error (6573D92E) (80131506)
 
Error: (01/10/2015 00:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 3.1.168.192.in-addr.arpa. PTR Office-PC.local.
 
Error: (01/10/2015 00:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.3:5353   19 3.1.168.192.in-addr.arpa. PTR Office-PC-2.local.
 
Error: (01/10/2015 00:40:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NOTEPAD.EXE, version 6.0.6001.18000, time stamp 0x47918ea2, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x545c25da, exception code 0xc0000005, fault offset 0x742974b2,
process id 0xb88, application start time 0xNOTEPAD.EXE0.
 
Error: (01/06/2015 04:00:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NETGEARGenie.exe, version 2.3.1.0, time stamp 0x5459d9a3, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x0006657b,
process id 0x510, application start time 0xNETGEARGenie.exe0.
 
Error: (01/05/2015 08:05:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application IntuitUpdateService.exe, version 1.0.24.0, time stamp 0x484f90d7, faulting module mscorwks.dll, version 2.0.50727.4253, time stamp 0x53a12417, exception code 0xc0000005, fault offset 0x000ddd2d,
process id 0x%9, application start time 0xIntuitUpdateService.exe0.
 
Error: (01/05/2015 08:05:12 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.4253 - Fatal Execution Engine Error (66E0D92E) (80131506)
 
Error: (01/05/2015 08:04:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 3.1.168.192.in-addr.arpa. PTR Office-PC.local.
 
Error: (01/05/2015 08:04:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.3:5353   19 3.1.168.192.in-addr.arpa. PTR Office-PC-2.local.
 
 
System errors:
=============
Error: (01/10/2015 00:42:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Network Agent%%2
 
Error: (01/10/2015 00:42:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Services%%2
 
Error: (01/10/2015 00:42:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intuit Update Service1
 
Error: (01/10/2015 00:40:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: MPFP
tclondrv
 
Error: (01/10/2015 00:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee SpamKiller Service%%2
 
Error: (01/10/2015 00:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Personal Firewall Service%%2
 
Error: (01/10/2015 00:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Real-time Scanner%%2
 
Error: (01/10/2015 00:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Proxy Service%%2
 
Error: (01/10/2015 00:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GoToMyPC%%3
 
Error: (01/10/2015 00:36:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SQL Server (SOSHOME309)1
 
 
Microsoft Office Sessions:
=========================
Error: (06/15/2014 02:28:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/15/2014 02:27:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3389 seconds with 3060 seconds of active time.  This session ended with a crash.
 
Error: (06/01/2014 09:05:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/01/2014 09:05:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 122 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (06/01/2014 09:02:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1651 seconds with 1320 seconds of active time.  This session ended with a crash.
 
Error: (04/27/2014 07:29:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2106 seconds with 1980 seconds of active time.  This session ended with a crash.
 
Error: (04/13/2013 02:52:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5171 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (04/10/2013 06:58:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 197 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (04/10/2013 06:53:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 116 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (04/10/2013 06:47:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 96 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-05 20:06:16.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-05 20:06:16.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-05 20:06:16.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-05 20:06:15.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-05 20:06:12.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-05 20:06:12.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-05 20:06:12.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-05 20:06:12.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-04 23:06:07.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-04 23:06:07.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 62%
Total physical RAM: 2045.45 MB
Available physical RAM: 768.13 MB
Total Pagefile: 4325.93 MB
Available Pagefile: 2815.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1874.6 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:133.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.78 GB) NTFS
Drive m: (STORE N GO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 48000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 3.7 GB) (Disk ID: 5B13CFF3)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:15 AM

Posted 10 January 2015 - 06:47 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   18.06KB   3 downloads

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 bsbeasley

bsbeasley
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 January 2015 - 07:59 PM

Requested log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-01-2015
Ran by Shayne at 2015-01-10 19:52:48 Run:1
Running from C:\Users\Shayne\Desktop
Loaded Profiles: Shayne & UpdatusUser (Available profiles: Shayne & Debra & Daniel & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\RunServices: [QuickTimeResourcesQuickTimeResources] => c:\program files\quicktime\qtsystem\quicktimeimage.resources\pl.lproj\quicktimeresourcesquicktimeresources.exe
c:\program files\quicktime\qtsystem
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Policies\system: [tjlwxynhebspxfbzyjfdTaskMgr] 0
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\MountPoints2: {3fb9344a-86c2-11e4-a9e7-001aa0958126} - L:\MotoCastSetup.exe -a
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\MountPoints2: {863c855b-e3b5-11e1-9cba-001aa0958126} - L:\MotoCastSetup.exe -a
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\...\MountPoints2: {bd81b022-b98f-11e1-885f-001aa0958126} - K:\MotoCastSetup.exe -a
GroupPolicyUsers\S-1-5-21-3147829691-642228916-3244577132-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:54872
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3147829691-642228916-3244577132-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO: OptOOn -> {77152ce4-fc91-4325-b70f-25f03abf6245} -> C:\Program Files\OptOOn\PHCGpLCLFFNPr5.dll ()
C:\Program Files\OptOOn
Toolbar: HKU\.DEFAULT -> No Name - {1E7E4DE1-5EF4-4BAA-9250-C26258DC499A} -  No File
Toolbar: HKU\S-1-5-21-3147829691-642228916-3244577132-1000 -> No Name - {F29557FD-78AA-40E6-ABA8-9FA219764018} -  No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin HKU\S-1-5-21-3147829691-642228916-3244577132-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Shayne\AppData\Roaming\CATALI~2\NPBCSK~1.DLL No File
FF Extension: XULRunner - C:\Users\Shayne\AppData\Local\{E783F80B-9F53-4DA7-B366-0812300DF932} [2010-08-03]
CHR Extension: (OptOOn) - C:\ProgramData\andbmcggnlemhcaomjondafndioccoen\ [2012-09-27]
CHR Extension: (uniSalles) - C:\ProgramData\eibghaeplockpjieimjdlaogelfkliia\ [2012-09-27]
CHR Extension: (uniSialles) - C:\ProgramData\golmdcfkcabffiiljfnjpmafbjlbhhho\ [2012-09-27]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
C:\ProgramData\andbmcggnlemhcaomjondafndioccoen
C:\ProgramData\eibghaeplockpjieimjdlaogelfkliia
C:\ProgramData\golmdcfkcabffiiljfnjpmafbjlbhhho
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-10-15] (Coupons.com Inc.)
C:\Program Files\Coupons
S2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" "Start=service" [X]
S2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [X]
S2 McNASvc; "c:\program files\common files\mcafee\mna\mcnasvc.exe" [X]
S2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [X]
S3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [X]
S2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [X]
S2 RoxWatch9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Shayne\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 mferkdk; system32\drivers\mferkdk.sys [X]
S3 mfesmfk; system32\drivers\mfesmfk.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S1 MPFP; System32\Drivers\Mpfp.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 RDPENCDD; system32\drivers\rdpencdd.sys [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]
U5 sstD1B4; C:\Windows\system32\drivers\sstD1B4.sys [229376 2010-12-08] (Microsoft Corporation) [File not signed]
S0 tclondrv; system32\DRIVERS\tclondrv.sys [X]
2015-01-04 23:18 - 2015-01-05 19:03 - 00000000 ____D () C:\Users\Shayne\AppData\Local\temp(829)
2015-01-04 23:18 - 2015-01-04 23:18 - 00000000 ____D () C:\Users\Debra\AppData\Local\temp(231)
2015-01-04 23:18 - 2015-01-04 23:18 - 00000000 ____D () C:\Users\Daniel\AppData\Local\temp(230)
2015-01-01 20:50 - 2015-01-01 20:50 - 00000000 ____D () C:\ProgramData\golmdcfkcabffiiljfnjpmafbjlbhhho
2015-01-01 20:49 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files\OptOOn
2015-01-01 20:43 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files\unnIsauLEs
2015-01-01 20:43 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files\uniSalles
2015-01-01 20:43 - 2015-01-01 20:43 - 00000000 ____D () C:\ProgramData\eibghaeplockpjieimjdlaogelfkliia
C:\Users\Debra\AppData\Local\temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Debra\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\7z.dll
C:\Users\Shayne\AppData\Local\temp\7z.exe
C:\Users\Shayne\AppData\Local\temp\APNSetup.exe
C:\Users\Shayne\AppData\Local\temp\APNStub.exe
C:\Users\Shayne\AppData\Local\temp\aqfitrlxi2.exe
C:\Users\Shayne\AppData\Local\temp\brdss.exe
C:\Users\Shayne\AppData\Local\temp\dtkill.exe
C:\Users\Shayne\AppData\Local\temp\Executor.exe
C:\Users\Shayne\AppData\Local\temp\format.exe
C:\Users\Shayne\AppData\Local\temp\GLF21B2.tmp.ConduitEngineSetup.exe
C:\Users\Shayne\AppData\Local\temp\htfad4.exe
C:\Users\Shayne\AppData\Local\temp\install_flashplayer11x32axau_mssd_aaa_aih.exe
C:\Users\Shayne\AppData\Local\temp\install_flashplayer11x32axau_mssd_aaa_aih_1.exe
C:\Users\Shayne\AppData\Local\temp\jna3840533547659010243.dll
C:\Users\Shayne\AppData\Local\temp\jna4283021498371631171.dll
C:\Users\Shayne\AppData\Local\temp\jna4699122582466968465.dll
C:\Users\Shayne\AppData\Local\temp\jna4905797150975016730.dll
C:\Users\Shayne\AppData\Local\temp\jna721666303844498894.dll
C:\Users\Shayne\AppData\Local\temp\jna7686306588193766337.dll
C:\Users\Shayne\AppData\Local\temp\jna8565059922990306782.dll
C:\Users\Shayne\AppData\Local\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Shayne\AppData\Local\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Shayne\AppData\Local\temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Shayne\AppData\Local\temp\kock.exe
C:\Users\Shayne\AppData\Local\temp\lowproc.exe
C:\Users\Shayne\AppData\Local\temp\MotoCastUpdate_2.0023.exe
C:\Users\Shayne\AppData\Local\temp\MotoCastUpdate_2.0031.exe
C:\Users\Shayne\AppData\Local\temp\MotoCast_Installer_2.0019.exe
C:\Users\Shayne\AppData\Local\temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Shayne\AppData\Local\temp\nsj767C.exe
C:\Users\Shayne\AppData\Local\temp\nsjB548.exe
C:\Users\Shayne\AppData\Local\temp\nsoAC42.exe
C:\Users\Shayne\AppData\Local\temp\nss2FCB.exe
C:\Users\Shayne\AppData\Local\temp\nst718B.exe
C:\Users\Shayne\AppData\Local\temp\ObronaBlockAds.exe
C:\Users\Shayne\AppData\Local\temp\ploper.exe
C:\Users\Shayne\AppData\Local\temp\prxGLF21B2.tmp.tbRadi.dll
C:\Users\Shayne\AppData\Local\temp\Quarantine.exe
C:\Users\Shayne\AppData\Local\temp\rtfme.exe
C:\Users\Shayne\AppData\Local\temp\safe.exe
C:\Users\Shayne\AppData\Local\temp\Setup.exe
C:\Users\Shayne\AppData\Local\temp\SkypeSetup.exe
C:\Users\Shayne\AppData\Local\temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Shayne\AppData\Local\temp\sqlite3.dll
C:\Users\Shayne\AppData\Local\temp\SSUPDATE.EXE
C:\Users\Shayne\AppData\Local\temp\stubhelper.dll
C:\Users\Shayne\AppData\Local\temp\swt-win32-3349.dll
C:\Users\Shayne\AppData\Local\temp\tbRadi.dll
C:\Users\Shayne\AppData\Local\temp\warsddd_w.exe
CustomCLSID: HKU\S-1-5-21-3147829691-642228916-3244577132-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\Shayne\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
 
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\\QuickTimeResourcesQuickTimeResources => value deleted successfully.
c:\program files\quicktime\qtsystem => Moved successfully.
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\tjlwxynhebspxfbzyjfdTaskMgr => value deleted successfully.
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
"HKU\S-1-5-21-3147829691-642228916-3244577132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fb9344a-86c2-11e4-a9e7-001aa0958126}" => Key deleted successfully.
HKCR\CLSID\{3fb9344a-86c2-11e4-a9e7-001aa0958126} => Key not found. 
"HKU\S-1-5-21-3147829691-642228916-3244577132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{863c855b-e3b5-11e1-9cba-001aa0958126}" => Key deleted successfully.
HKCR\CLSID\{863c855b-e3b5-11e1-9cba-001aa0958126} => Key not found. 
"HKU\S-1-5-21-3147829691-642228916-3244577132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd81b022-b98f-11e1-885f-001aa0958126}" => Key deleted successfully.
HKCR\CLSID\{bd81b022-b98f-11e1-885f-001aa0958126} => Key not found. 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3147829691-642228916-3244577132-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3147829691-642228916-3244577132-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3147829691-642228916-3244577132-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77152ce4-fc91-4325-b70f-25f03abf6245}" => Key deleted successfully.
"HKCR\CLSID\{77152ce4-fc91-4325-b70f-25f03abf6245}" => Key deleted successfully.
C:\Program Files\OptOOn => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1E7E4DE1-5EF4-4BAA-9250-C26258DC499A} => value deleted successfully.
HKCR\CLSID\{1E7E4DE1-5EF4-4BAA-9250-C26258DC499A} => Key not found. 
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F29557FD-78AA-40E6-ABA8-9FA219764018} => value deleted successfully.
HKCR\CLSID\{F29557FD-78AA-40E6-ABA8-9FA219764018} => Key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found. 
"HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\Shayne\AppData\Roaming\CATALI~2\NPBCSK~1.DLL not found.
C:\Users\Shayne\AppData\Local\{E783F80B-9F53-4DA7-B366-0812300DF932} => Moved successfully.
C:\ProgramData\andbmcggnlemhcaomjondafndioccoen\ => Moved successfully.
C:\ProgramData\eibghaeplockpjieimjdlaogelfkliia\ => Moved successfully.
C:\ProgramData\golmdcfkcabffiiljfnjpmafbjlbhhho\ => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
"C:\ProgramData\andbmcggnlemhcaomjondafndioccoen" => File/Directory not found.
"C:\ProgramData\eibghaeplockpjieimjdlaogelfkliia" => File/Directory not found.
"C:\ProgramData\golmdcfkcabffiiljfnjpmafbjlbhhho" => File/Directory not found.
CouponPrinterService => Service stopped successfully.
CouponPrinterService => Service deleted successfully.
C:\Program Files\Coupons => Moved successfully.
GoToMyPC => Service deleted successfully.
mcmscsvc => Service deleted successfully.
McNASvc => Service deleted successfully.
McProxy => Service deleted successfully.
McShield => Service deleted successfully.
McSysmon => Service deleted successfully.
MpfService => Service deleted successfully.
MSK80Service => Service deleted successfully.
RoxWatch9 => Service deleted successfully.
blbdrive => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
mferkdk => Service deleted successfully.
mfesmfk => Service deleted successfully.
motccgpfl => Service deleted successfully.
MPFP => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
RDPENCDD => Service deleted successfully.
rootrepeal => Service deleted successfully.
sstD1B4 => Service deleted successfully.
tclondrv => Service deleted successfully.
C:\Users\Shayne\AppData\Local\temp(829) => Moved successfully.
C:\Users\Debra\AppData\Local\temp(231) => Moved successfully.
C:\Users\Daniel\AppData\Local\temp(230) => Moved successfully.
"C:\ProgramData\golmdcfkcabffiiljfnjpmafbjlbhhho" => File/Directory not found.
"C:\Program Files\OptOOn" => File/Directory not found.
C:\Program Files\unnIsauLEs => Moved successfully.
C:\Program Files\uniSalles => Moved successfully.
"C:\ProgramData\eibghaeplockpjieimjdlaogelfkliia" => File/Directory not found.
C:\Users\Debra\AppData\Local\temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Debra\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\7z.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\7z.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\APNSetup.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\APNStub.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\aqfitrlxi2.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\brdss.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\dtkill.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\Executor.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\format.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\GLF21B2.tmp.ConduitEngineSetup.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\htfad4.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\install_flashplayer11x32axau_mssd_aaa_aih.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\install_flashplayer11x32axau_mssd_aaa_aih_1.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jna3840533547659010243.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jna4283021498371631171.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jna4699122582466968465.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jna4905797150975016730.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jna721666303844498894.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jna7686306588193766337.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jna8565059922990306782.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\kock.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\lowproc.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\MotoCastUpdate_2.0023.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\MotoCastUpdate_2.0031.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\MotoCast_Installer_2.0019.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\MotorolaDeviceManager_2.0405.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\nsj767C.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\nsjB548.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\nsoAC42.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\nss2FCB.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\nst718B.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\ObronaBlockAds.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\ploper.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\prxGLF21B2.tmp.tbRadi.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\rtfme.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\safe.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\Setup.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\SkypeSetup.exe => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\sqlite-3.6.20-sqlitejdbc.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\sqlite3.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\SSUPDATE.EXE => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\stubhelper.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\tbRadi.dll => Moved successfully.
C:\Users\Shayne\AppData\Local\temp\warsddd_w.exe => Moved successfully.
"HKU\S-1-5-21-3147829691-642228916-3244577132-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}" => Key deleted successfully.
C:\ProgramData\TEMP => ":0B174FAE" ADS removed successfully.
"HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-21-3147829691-642228916-3244577132-1000\Software\Classes\exefile => Key not found. 
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:53:02 ====


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:15 AM

Posted 10 January 2015 - 08:25 PM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 bsbeasley

bsbeasley
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 January 2015 - 08:32 PM

Everything appears to be normal.  No redirects or bogus ad windows.

 

Thank you very much.



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:15 AM

Posted 10 January 2015 - 11:02 PM

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:15 AM

Posted 12 January 2015 - 06:10 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 bsbeasley

bsbeasley
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 12 January 2015 - 09:15 PM

Hi,

 

I am still here.  I just haven't been able to be at the computer long enough to complete the instructions. I lost power over night while the ESET scan was running so I had to restart it this morning.

 

The ESET scan found no threats so there is no log to post.  The MBAM log is below.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/11/2015
Scan Time: 8:13:06 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.11.05
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Shayne

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 463021
Time Elapsed: 11 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}, Quarantined, [b56cf7ff7d0cc0762892f99153b030d0],
PUP.Optional.RadioTV.A, HKU\S-1-5-21-3147829691-642228916-3244577132-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Radio_TV_1, Quarantined, [33eed521aadf58ded6cc6ffd20e335cb],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.Multiplug, C:\Program Files\youtubeadblocker, Quarantined, [948d985e2d5cc472b17394a1c93abd43],
PUP.Optional.MultiPlug, C:\Users\Debra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbalnpbcmecdckpghgacibglihkgamkl, Quarantined, [eb36a056b6d3f541b55b2f2509fa7090],
PUP.Optional.MultiPlug, C:\Users\Debra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbalnpbcmecdckpghgacibglihkgamkl\142, Quarantined, [eb36a056b6d3f541b55b2f2509fa7090],

Files: 13
PUP.Optional.MultiPlug.A, C:\Users\Shayne\AppData\Local\temp\1744E\temp\DROID_RAZR_Utility_Jellybean_XT912_WinMacLin.zip.exe, Quarantined, [061b44b2afda82b4527fe52162a0847c],
PUP.Optional.MultiPlug.A, C:\Users\Shayne\AppData\Local\temp\D90a997087\temp\DROID_RAZR_Utility_Jellybean_XT912_WinMacLin.zip.exe, Quarantined, [3ce5ea0c0188181e9d348b7b32d01fe1],
PUP.Optional.EZDownloader.A, C:\Users\Shayne\AppData\Local\temp\D90a997087\temp\EzDownloader_setup.exe, Quarantined, [140d0fe7deab82b442b7b76859a7dc24],
PUP.Optional.MultiPlug.A, C:\Users\Shayne\AppData\Local\temp\D90a997087\temp\hpds_setup.exe, Quarantined, [33ee46b0880178be465543d637cb38c8],
PUP.Optional.MultiPlug.A, C:\Users\Shayne\AppData\Local\temp\e6007\temp\DROID_RAZR_Utility_Jellybean_XT912_WinMacLin.zip.exe, Quarantined, [6ab72dc935549d9910c1f61039c959a7],
PUP.Optional.WeCan.A, C:\Users\Shayne\Downloads\MediaPlayerClassicInstaller.exe, Quarantined, [51d045b1aedbcb6bbd5e0e7227de659b],
PUP.Optional.MultiPlug.A, C:\Users\Shayne\Downloads\DROID_RAZR_Utility_Jellybean_XT912_WinMacLin.zip.exe, Quarantined, [b9682fc7a6e3ae88f9d81cea748e43bd],
PUP.Optional.Multiplug, C:\Program Files\youtubeadblocker\2wREOjgifCSwIZ.dll, Quarantined, [948d985e2d5cc472b17394a1c93abd43],
PUP.Optional.Multiplug, C:\Program Files\youtubeadblocker\2wREOjgifCSwIZ.exe, Quarantined, [948d985e2d5cc472b17394a1c93abd43],
PUP.Optional.Multiplug, C:\Program Files\youtubeadblocker\2wREOjgifCSwIZ.tlb, Quarantined, [948d985e2d5cc472b17394a1c93abd43],
PUP.Optional.MultiPlug, C:\Users\Debra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbalnpbcmecdckpghgacibglihkgamkl\142\content.js, Quarantined, [eb36a056b6d3f541b55b2f2509fa7090],
PUP.Optional.MultiPlug, C:\Users\Debra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbalnpbcmecdckpghgacibglihkgamkl\142\DDE7I.js, Quarantined, [eb36a056b6d3f541b55b2f2509fa7090],
PUP.Optional.MultiPlug, C:\Users\Debra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbalnpbcmecdckpghgacibglihkgamkl\142\lsdb.js, Quarantined, [eb36a056b6d3f541b55b2f2509fa7090],

Physical Sectors: 0
(No malicious items detected)

(end)



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:15 AM

Posted 12 January 2015 - 09:28 PM

Please run MBAM again we like to see all 0's.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 bsbeasley

bsbeasley
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 12 January 2015 - 10:11 PM

Here is the latest.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/12/2015
Scan Time: 9:55:25 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.13.02
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Shayne

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 463302
Time Elapsed: 14 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:15 AM

Posted 12 January 2015 - 11:22 PM

Hello, bsbeasley.

Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

 

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 bsbeasley

bsbeasley
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 13 January 2015 - 07:01 AM

The computer is running normally.  Requested files are below.

 

# AdwCleaner v4.107 - Report created 13/01/2015 at 06:49:09
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Shayne - OFFICE-PC
# Running from : C:\Users\Shayne\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [16449 octets] - [10/01/2015 12:29:30]
AdwCleaner[R1].txt - [954 octets] - [13/01/2015 06:44:58]
AdwCleaner[S0].txt - [16104 octets] - [10/01/2015 12:31:30]
AdwCleaner[S1].txt - [878 octets] - [13/01/2015 06:49:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [937 octets] ##########
 
 
# DelFix v10.8 - Logfile created 13/01/2015 at 06:55:51
# Updated 29/07/2014 by Xplode
# Username : Shayne - OFFICE-PC
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\Qoobox
Deleted : C:\32788R22FWJFW
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Shayne\Desktop\mbar
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.2.2.2_07.03.2010_16.12.25_log.txt
Deleted : C:\TDSSKiller.2.2.2_18.03.2010_21.06.51_log.txt
Deleted : C:\TDSSKiller.2.2.2_19.03.2010_19.59.29_log.txt
Deleted : C:\TDSSKiller.2.2.2_31.03.2010_20.33.15_log.txt
Deleted : C:\TDSSKiller.2.2.2_31.03.2010_20.45.00_log.txt
Deleted : C:\TDSSKiller.2.2.2_31.03.2010_20.45.44_log.txt
Deleted : C:\TDSSKiller.2.2.2_31.03.2010_20.48.31_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_04.01.2015_20.33.37_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_09.12.2010_20.05.56_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_09.12.2010_20.06.26_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_18.07.2010_13.27.40_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_18.07.2010_13.47.07_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_18.07.2010_14.48.45_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_18.07.2010_14.52.17_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_19.07.2010_21.06.52_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_19.07.2010_21.27.02_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_19.07.2010_21.31.41_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_19.07.2010_21.41.00_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_31.03.2010_20.53.15_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_31.03.2010_20.57.33_log.txt
Deleted : C:\TDSSKiller.2.2.8.1_31.03.2010_21.06.27_log.txt
Deleted : C:\TDSSKiller.2.3.1.0_19.07.2010_21.42.33_log.txt
Deleted : C:\TDSSKiller.2.3.1.0_29.05.2010_15.10.44_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_01.08.2010_18.31.02_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_10.08.2010_20.18.19_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_10.08.2010_20.25.02_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_16.01.2011_18.00.27_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_19.07.2010_21.40.32_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_19.07.2010_21.40.50_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_19.07.2010_21.41.50_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_19.07.2010_21.43.09_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_19.07.2010_21.47.43_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_19.07.2010_21.51.08_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_20.07.2010_19.01.27_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_20.07.2010_19.10.11_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_21.07.2010_19.11.30_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_29.07.2010_21.23.34_log.txt
Deleted : C:\TDSSKiller.2.3.2.2_29.09.2010_18.49.38_log.txt
Deleted : C:\TDSSKiller.2.4.11.0_09.12.2010_20.13.18_log.txt
Deleted : C:\TDSSKiller.3.0.0.42_04.01.2015_20.45.34_log.txt
Deleted : C:\TDSSKiller.3.0.0.42_05.01.2015_17.46.42_log.txt
Deleted : C:\TDSSKiller.txt
Deleted : C:\Users\Shayne\Desktop\Addition.txt
Deleted : C:\Users\Shayne\Desktop\AdwCleaner.exe
Deleted : C:\Users\Shayne\Desktop\dds.com
Deleted : C:\Users\Shayne\Desktop\dds.txt
Deleted : C:\Users\Shayne\Desktop\Fixlog.txt
Deleted : C:\Users\Shayne\Desktop\FRST.exe
Deleted : C:\Users\Shayne\Desktop\FRST.txt
Deleted : C:\Users\Shayne\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\Shayne\Downloads\dds.com
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfxxe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Classes\.cfxxe
Deleted : HKLM\SOFTWARE\Classes\cfxxefile
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
 
~ Cleaning system restore ...
 
Deleted : RP #2837 [Scheduled Checkpoint | 01/04/2015 03:10:25]
Deleted : RP #2838 [Scheduled Checkpoint | 01/05/2015 04:55:46]
Deleted : RP #2839 [Scheduled Checkpoint | 01/06/2015 02:21:34]
Deleted : RP #2840 [Scheduled Checkpoint | 01/07/2015 05:00:04]
Deleted : RP #2841 [Scheduled Checkpoint | 01/08/2015 05:00:04]
Deleted : RP #2842 [Scheduled Checkpoint | 01/09/2015 05:00:00]
Deleted : RP #2843 [Scheduled Checkpoint | 01/10/2015 05:00:01]
Deleted : RP #2844 [Scheduled Checkpoint | 01/10/2015 21:41:28]
Deleted : RP #2845 [Scheduled Checkpoint | 01/11/2015 13:59:52]
Deleted : RP #2846 [Scheduled Checkpoint | 01/12/2015 05:00:03]
Deleted : RP #2847 [Scheduled Checkpoint | 01/13/2015 08:13:40]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:15 AM

Posted 14 January 2015 - 12:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users