Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 proxy server issues


  • This topic is locked This topic is locked
10 replies to this topic

#1 wjaymccarthy

wjaymccarthy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 08 January 2015 - 06:32 PM

I have a HP Pavillion with Windows 8.1that was seriously infected with Malware. I have run many of the tools from this site and it seems that I have flushed them out.

 

I do have one more serious problem. The proxy settings cannot be changed. No matter what I have done, it continues to revert back to the box under LAN connections being checked.

 

How do I go about fission this?

 

HELP!



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 10 January 2015 - 11:03 AM

Hey my friend. :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 wjaymccarthy

wjaymccarthy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 10 January 2015 - 11:47 AM

First.txt log:

 

**********************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2015

Ran by mike (administrator) on MIKEYMULZZ on 10-01-2015 11:42:27
Running from F:\
Loaded Profile: mike (Available profiles: mike)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-04] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\RunOnce: [Application Restart #5] => C:\Users\mike\AppData\Local\Pokki\Engine\HostAppService.exe [7546184 2014-03-26] (Pokki)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:64089;https=127.0.0.1:64089
ProxyServer: [HKLM-x32] => http=127.0.0.1:64089;https=127.0.0.1:64089
ProxyServer: [S-1-5-21-3218940405-2724877453-2731614028-1002] => http=127.0.0.1:14004;https=127.0.0.1:14004
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\Firefox\Extensions: [{5ECBF158-7053-DEB4-491A-590F9EBC1AE2}] - C:\Program Files (x86)\ver6SpeeditUp\183.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Gmail) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-15] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-04] (Hewlett-Packard Development Company, L.P.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-01] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-21] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 c915db48; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\amazingaccel\GiantDiscount.dll",serv
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-06] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3379416 2014-03-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-21] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-21] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftAEAE.tmp\amifldrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 11:42 - 2015-01-10 11:42 - 00000000 ____D () C:\FRST
2015-01-09 18:02 - 2015-01-09 18:02 - 00000000 ____D () C:\SUPERDelete
2015-01-09 18:01 - 2015-01-09 18:50 - 00000530 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 718c011d-65b2-4a2e-a704-2d75d6620d61.job
2015-01-09 18:01 - 2015-01-09 18:01 - 00003586 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 718c011d-65b2-4a2e-a704-2d75d6620d61
2015-01-09 18:00 - 2015-01-09 18:50 - 00000530 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c5afd56-b618-4c1b-b4ca-48ac03e05490.job
2015-01-09 18:00 - 2015-01-09 18:00 - 00003504 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9c5afd56-b618-4c1b-b4ca-48ac03e05490
2015-01-09 18:00 - 2015-01-09 18:00 - 00001827 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-08 18:20 - 2015-01-08 18:22 - 00002244 _____ () C:\Users\mike\Desktop\Rkill.txt
2015-01-06 22:42 - 2015-01-06 22:42 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-06 22:34 - 2015-01-06 22:34 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-06 22:33 - 2015-01-06 22:33 - 00007190 _____ () C:\Windows\system32\.crusader
2015-01-06 22:23 - 2015-01-06 22:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-06 21:21 - 2015-01-06 21:21 - 00000000 ____D () C:\ProgramData\nacbhacipplioillpmfdilbckfkjmkdm
2015-01-06 21:21 - 2015-01-06 21:21 - 00000000 ____D () C:\ProgramData\b68c88518ad03ef6
2015-01-06 21:09 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 20:38 - 2015-01-06 20:42 - 00000000 ____D () C:\AdwCleaner
2015-01-06 20:29 - 2015-01-06 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-01-06 20:20 - 2014-11-27 16:40 - 109818608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2015-01-06 20:16 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 20:16 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-02 16:48 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-01-02 16:48 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-01-02 16:03 - 2015-01-10 11:23 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-02 16:03 - 2015-01-10 11:22 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 16:03 - 2015-01-09 18:08 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 16:03 - 2015-01-02 16:03 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-02 16:03 - 2015-01-02 16:03 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-02 16:03 - 2015-01-02 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 16:03 - 2015-01-02 16:03 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-02 15:33 - 2015-01-02 15:33 - 00003196 _____ () C:\Windows\System32\Tasks\{D5BA848D-3BCB-47CD-B57C-CE32B6950BE6}
2015-01-02 15:27 - 2015-01-02 15:27 - 00003126 _____ () C:\Windows\System32\Tasks\{26C7CEBA-B0C7-48C2-B561-D179F3547CFF}
2015-01-02 15:05 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-02 15:05 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-02 14:29 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-02 14:29 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-02 14:29 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-02 14:29 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-02 14:29 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-02 14:29 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-02 14:29 - 2014-10-12 21:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-01-02 14:29 - 2014-10-12 21:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-01-02 14:29 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-01-02 14:29 - 2014-10-12 21:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-01-02 14:28 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-02 14:28 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-02 14:28 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-02 14:28 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-02 14:28 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-02 14:28 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-02 14:28 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-02 14:28 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-02 14:28 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-02 14:28 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-02 14:28 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-02 14:28 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-02 14:28 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-02 14:28 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-01-02 14:28 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-02 14:28 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-02 14:28 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-02 14:28 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-02 14:28 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-02 14:28 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-02 14:28 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-02 14:28 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-02 14:28 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-02 14:28 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-02 14:28 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-02 14:28 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-01-02 14:28 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-02 14:28 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-02 14:28 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-02 14:28 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-02 14:28 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-02 14:28 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-02 14:28 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-02 14:28 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-02 14:28 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-02 14:28 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-02 14:28 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-02 14:28 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-01-02 14:28 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-01-02 14:28 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-02 14:28 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-02 14:22 - 2015-01-09 17:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 14:22 - 2015-01-02 14:22 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 14:22 - 2015-01-02 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-02 14:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-02 14:22 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 14:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 14:12 - 2015-01-02 14:12 - 00002418 _____ () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL.lnk
2014-12-26 22:08 - 2014-12-26 22:08 - 00000000 _____ () C:\Recovery.txt
2014-12-26 16:20 - 2014-12-26 16:20 - 00000000 ____D () C:\RegBackup
2014-12-26 15:58 - 2015-01-02 14:04 - 00000000 ____D () C:\Users\mike\Downloads\Tweaking.com - Windows Repair
2014-12-26 14:35 - 2014-12-26 14:35 - 00000000 __SHD () C:\Users\Uncle Jay\AppData\Local\EmieUserList
2014-12-26 14:35 - 2014-12-26 14:35 - 00000000 __SHD () C:\Users\Uncle Jay\AppData\Local\EmieSiteList
2014-12-26 14:35 - 2014-12-26 14:35 - 00000000 __SHD () C:\Users\Uncle Jay\AppData\Local\EmieBrowserModeList
2014-12-26 14:33 - 2014-12-26 14:33 - 00000000 ____D () C:\Users\Uncle Jay\Documents\Youcam
2014-12-26 14:33 - 2014-12-26 14:33 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Hewlett-Packard
2014-12-26 14:30 - 2014-12-26 14:30 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Apple Computer
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Adobe
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\VirtualStore
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\Hewlett-Packard
2014-12-26 14:28 - 2014-12-26 14:33 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\Packages
2014-12-26 14:28 - 2014-12-26 14:28 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Synaptics
2014-12-26 14:27 - 2015-01-02 14:07 - 00000000 ____D () C:\Users\Uncle Jay
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ___RD () C:\Users\Uncle Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ___RD () C:\Users\Uncle Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ___RD () C:\Users\Uncle Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\Pokki
2014-12-26 14:27 - 2014-04-29 21:48 - 00000000 ___HD () C:\Users\Uncle Jay\Documents\hp.system.package.metadata
2014-12-26 10:49 - 2014-12-26 10:49 - 00022920 _____ () C:\Users\mike\Documents\Malware 2nd run.txt
2014-12-26 10:06 - 2014-12-26 10:06 - 00202988 _____ () C:\Users\mike\Documents\Malware 1st run.txt
2014-12-26 09:35 - 2015-01-02 14:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-26 09:35 - 2014-12-26 09:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-25 18:16 - 2014-12-25 18:17 - 00001397 _____ () C:\ProgramData\tempimage.bmp
2014-12-25 17:00 - 2015-01-06 20:13 - 00000000 ____D () C:\Windows\system32\appraiser
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 11:41 - 2014-09-03 16:59 - 01884534 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 11:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-10 11:30 - 2014-09-03 19:26 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4FCCDE4-BF02-4FB2-835A-4FC175D533CC}
2015-01-10 11:28 - 2014-09-03 18:17 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3218940405-2724877453-2731614028-1002
2015-01-10 11:26 - 2014-03-18 04:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 11:24 - 2014-09-03 17:07 - 00000000 ____D () C:\Users\mike\Documents\Youcam
2015-01-10 11:23 - 2014-09-03 17:08 - 00000000 __RDO () C:\Users\mike\OneDrive
2015-01-10 11:22 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\mike
2015-01-10 11:21 - 2014-06-16 08:48 - 01213350 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-01-10 11:21 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 18:49 - 2014-06-16 08:38 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-09 18:49 - 2014-03-18 04:44 - 00666172 _____ () C:\Windows\PFRO.log
2015-01-09 18:49 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-09 18:44 - 2014-09-21 12:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-09 18:44 - 2014-09-21 12:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-09 18:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-08 18:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-06 22:34 - 2014-11-27 21:23 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleFormike.job
2015-01-06 22:11 - 2014-11-27 21:23 - 00003162 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormike
2015-01-06 21:10 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-06 21:01 - 2014-06-16 09:05 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-01-06 21:01 - 2014-06-16 09:05 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-06 21:01 - 2014-06-16 09:04 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-06 20:59 - 2014-04-29 21:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-01-06 20:29 - 2013-08-22 09:46 - 00027615 _____ () C:\Windows\setupact.log
2015-01-06 20:19 - 2014-11-19 21:51 - 00003248 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-01-06 20:19 - 2014-09-08 14:20 - 00002170 _____ () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-01-06 20:19 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\mike\AppData\Local\Pokki
2015-01-06 20:13 - 2014-09-24 17:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-06 20:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-01-06 20:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-01-06 20:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-04 02:28 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-02 16:36 - 2014-09-07 12:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-02 16:29 - 2014-09-07 12:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-02 16:03 - 2014-11-09 20:32 - 00000000 ____D () C:\Users\mike\AppData\Local\Google
2015-01-02 14:24 - 2014-09-08 14:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-01-02 14:08 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 __RSD () C:\Windows\Media
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\WinMetadata
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\th-TH
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\he-IL
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\et-EE
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-02 14:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-01-02 14:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-02 14:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\servicing
2015-01-02 14:05 - 2014-09-14 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-02 14:05 - 2014-09-08 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-02 14:05 - 2014-09-03 17:06 - 00000000 ____D () C:\Users\mike\AppData\Local\Hewlett-Packard
2015-01-02 14:05 - 2014-06-16 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Notes
2015-01-02 14:05 - 2014-06-16 08:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-02 14:05 - 2014-06-16 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-02 14:05 - 2014-04-29 22:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-01-02 14:05 - 2014-04-29 21:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-01-02 14:05 - 2014-04-29 21:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-02 14:05 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-02 14:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Globalization
2015-01-02 14:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-02 13:50 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration
2015-01-02 13:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppCompat
2015-01-02 13:44 - 2014-09-03 17:04 - 00000000 ____D () C:\Users\mike\AppData\Local\Packages
2015-01-02 13:43 - 2014-06-16 08:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-02 13:43 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Default
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-02 13:13
 
==================== End Of Log ============================
 
Addition log:
 
************
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2015
Ran by mike at 2015-01-10 11:43:30
Running from F:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C3E5B3AF-12F2-9E42-B493-9490DC745953}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AFCD-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.08 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{E9FA2CA2-B7B2-43E6-8449-A1618B042EAE}) (Version: 1.1.3 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.08 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.08 - Softex Inc.) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3218940405-2724877453-2731614028-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\mike\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
16-12-2014 04:09:48 Windows Update
25-12-2014 18:38:08 Restore Operation
02-01-2015 15:13:16 Windows Update
06-01-2015 22:31:56 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-01-02 15:34 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02528358-0772-4673-B716-FAAA5F435771} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {045D8EB5-81FF-467F-A3C9-CF692004A3B2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {05EA0ADB-58BA-4116-8880-D3FE6B725EFF} - System32\Tasks\{D5BA848D-3BCB-47CD-B57C-CE32B6950BE6} => pcalua.exe -a C:\ProgramData\PriNceaCoupoaNu\P1dviN4HtPCymf.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {2317FED5-6045-450F-A90A-A5DCD7C39E02} - System32\Tasks\SUPERAntiSpyware Scheduled Task 718c011d-65b2-4a2e-a704-2d75d6620d61 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {313C7AE4-FE62-4E67-AE5C-45C7A92A9208} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
Task: {31A119DD-9CB6-43EA-9FFB-2BA1D74395A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {42E4887B-1427-42D8-B0B8-FD1B6BB9422E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {5B42EF3F-280B-4AD3-913C-56306641FAF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {5C856949-B72F-4A64-A3FD-F4652DD287A6} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9c5afd56-b618-4c1b-b4ca-48ac03e05490 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {5D1AB096-D8C4-4ABD-87ED-F8DF585C16E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {6914433B-6052-45F2-A454-FAE0CF7C1E6A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {6F23E60A-5323-4517-86D3-E8DE855497AD} - \DonutQuotes No Task File <==== ATTENTION
Task: {7FF42A20-C631-48C7-A010-AD633DDE393C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-02] (Microsoft Corporation)
Task: {8648A8E7-01BE-4D0C-B944-FA401C38244E} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3218940405-2724877453-2731614028-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {900E0FC3-D882-44F7-B32E-DA1F42A28B2F} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {AF5E2FFF-AEF9-42FF-94D0-0098E41423A0} - System32\Tasks\HPCeeScheduleFormike => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B0CDE9C0-9B7E-4EC4-B686-A22FD3FF31DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {BD25773E-2B62-42E5-9A7E-AB2F91D058D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {C9E3BFC4-43C6-456C-B716-9976DE24861B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {D0F20DC7-129F-47A9-BA50-D70A36213292} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DCE26CC2-43BD-4B2F-8BFC-690BF4C5E702} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {E6862E53-39DE-4BF3-859A-41A261F6078F} - System32\Tasks\{26C7CEBA-B0C7-48C2-B561-D179F3547CFF} => pcalua.exe -a "C:\Program Files (x86)\Desktop Dock\DesktopDockappuninstall.exe"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormike.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 718c011d-65b2-4a2e-a704-2d75d6620d61.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c5afd56-b618-4c1b-b4ca-48ac03e05490.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-01 20:38 - 2014-03-01 20:38 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-01 20:34 - 2014-03-01 20:34 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-01 20:34 - 2014-03-01 20:34 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-01 20:34 - 2014-03-01 20:34 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-01 20:52 - 2014-03-01 20:52 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-01 20:52 - 2014-03-01 20:52 - 00712592 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-03-15 04:21 - 2014-03-15 04:21 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-03-15 04:20 - 2014-03-15 04:20 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-08 14:22 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-18 16:02 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-01 20:41 - 2014-03-01 20:41 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-11-25 04:49 - 2014-11-25 04:49 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-16 09:10 - 2013-02-01 13:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2014-06-16 09:10 - 2013-02-01 13:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2014-06-16 09:10 - 2013-02-01 13:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2014-06-16 09:10 - 2013-02-01 13:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2014-06-16 09:10 - 2013-02-01 13:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2014-06-16 09:10 - 2013-02-01 13:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2014-06-16 09:10 - 2013-02-01 13:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\mike\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3218940405-2724877453-2731614028-500 - Administrator - Disabled)
Guest (S-1-5-21-3218940405-2724877453-2731614028-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3218940405-2724877453-2731614028-1004 - Limited - Enabled)
mike (S-1-5-21-3218940405-2724877453-2731614028-1002 - Administrator - Enabled) => C:\Users\mike
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/10/2015 11:38:48 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: MIKEYMULZZ)
Description: There was an error communicating to the Orion inference server
 
Error: (01/10/2015 11:38:47 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (01/10/2015 11:31:45 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
 
Error: (01/10/2015 11:31:45 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DFA1A94C-FD93-44B2-B2D8-859B9935184E}
 
Error: (01/10/2015 11:31:44 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DFA1A94C-FD93-44B2-B2D8-859B9935184E}
 
Error: (01/09/2015 06:42:55 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
 
Error: (01/09/2015 06:42:55 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C4CF3830-D1BB-4454-AED2-91504F59C3E0}
 
Error: (01/09/2015 06:42:54 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C4CF3830-D1BB-4454-AED2-91504F59C3E0}
 
Error: (01/09/2015 05:57:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 81347578
 
Error: (01/09/2015 05:57:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 81347578
 
 
System errors:
=============
Error: (01/10/2015 11:21:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Malware Core service failed to start due to the following error: 
%%2
 
Error: (01/10/2015 11:21:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TrustMix service to connect.
 
Error: (01/10/2015 11:21:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:50:02 PM on ‎1/‎9/‎2015 was unexpected.
 
Error: (01/09/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Malware Core service failed to start due to the following error: 
%%2
 
Error: (01/09/2015 06:50:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TrustMix service to connect.
 
Error: (01/09/2015 05:58:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (01/09/2015 05:58:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (01/08/2015 06:02:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Malware Core service failed to start due to the following error: 
%%2
 
Error: (01/08/2015 06:02:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TrustMix service to connect.
 
Error: (01/06/2015 10:50:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Malware Core service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (01/10/2015 11:38:48 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: MIKEYMULZZ)
Description: -2143485936
 
Error: (01/10/2015 11:38:47 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485936
 
Error: (01/10/2015 11:31:45 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
 
Error: (01/10/2015 11:31:45 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DFA1A94C-FD93-44B2-B2D8-859B9935184E}
 
Error: (01/10/2015 11:31:44 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DFA1A94C-FD93-44B2-B2D8-859B9935184E}
 
Error: (01/09/2015 06:42:55 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
 
Error: (01/09/2015 06:42:55 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C4CF3830-D1BB-4454-AED2-91504F59C3E0}
 
Error: (01/09/2015 06:42:54 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C4CF3830-D1BB-4454-AED2-91504F59C3E0}
 
Error: (01/09/2015 05:57:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 81347578
 
Error: (01/09/2015 05:57:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 81347578
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 40%
Total physical RAM: 3519.68 MB
Available physical RAM: 2097.16 MB
Total Pagefile: 5439.68 MB
Available Pagefile: 3937.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:675.59 GB) (Free:617.16 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.03 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (USB DISK) (Removable) (Total:0.91 GB) (Free:0.35 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 10745B49)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 935 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=931 MB) - (Type=06)
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 10 January 2015 - 12:56 PM

Hey,
please move FRST to your Desktop. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 wjaymccarthy

wjaymccarthy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 10 January 2015 - 06:20 PM

# AdwCleaner v4.106 - Report created 10/01/2015 at 14:14:13

# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 8.1  (64 bits)
# Username : mike - MIKEYMULZZ
# Running from : C:\Users\mike\Desktop\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\b68c88518ad03ef6
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [11088 octets] - [06/01/2015 20:38:53]
AdwCleaner[R1].txt - [921 octets] - [10/01/2015 14:11:06]
AdwCleaner[S0].txt - [11922 octets] - [06/01/2015 20:41:52]
AdwCleaner[S1].txt - [845 octets] - [10/01/2015 14:14:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [904 octets] ##########
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/10/2015
Scan Time: 2:20:25 PM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.10.15
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: mike
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410881
Time Elapsed: 32 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by mike on Sat 01/10/2015 at 18:10:22.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/10/2015 at 18:13:44.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2015
Ran by mike (administrator) on MIKEYMULZZ on 10-01-2015 18:15:11
Running from C:\Users\mike\Desktop
Loaded Profile: mike (Available profiles: mike)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-04] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\RunOnce: [Application Restart #5] => C:\Users\mike\AppData\Local\Pokki\Engine\HostAppService.exe [7546184 2014-03-26] (Pokki)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:64089;https=127.0.0.1:64089
ProxyServer: [HKLM-x32] => http=127.0.0.1:64089;https=127.0.0.1:64089
ProxyServer: [S-1-5-21-3218940405-2724877453-2731614028-1002] => http=127.0.0.1:14004;https=127.0.0.1:14004
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\Firefox\Extensions: [{5ECBF158-7053-DEB4-491A-590F9EBC1AE2}] - C:\Program Files (x86)\ver6SpeeditUp\183.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Gmail) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-15] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-04] (Hewlett-Packard Development Company, L.P.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-01] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-21] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 c915db48; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\amazingaccel\GiantDiscount.dll",serv
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-06] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-10] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3379416 2014-03-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-21] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-21] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftAEAE.tmp\amifldrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 18:15 - 2015-01-10 18:15 - 00016256 _____ () C:\Users\mike\Desktop\FRST.txt
2015-01-10 18:13 - 2015-01-10 18:13 - 00000621 _____ () C:\Users\mike\Desktop\JRT.txt
2015-01-10 18:10 - 2015-01-10 18:10 - 00000000 ____D () C:\Windows\ERUNT
2015-01-10 18:08 - 2014-12-28 03:01 - 01707939 _____ (Thisisu) C:\Users\mike\Desktop\JRT.exe
2015-01-10 14:09 - 2015-01-06 20:37 - 02173952 _____ () C:\Users\mike\Desktop\adwcleaner_4.106.exe
2015-01-10 14:08 - 2015-01-10 08:57 - 02124288 _____ (Farbar) C:\Users\mike\Desktop\FRST64.exe
2015-01-10 14:08 - 2015-01-07 16:54 - 02191360 _____ () C:\Users\mike\Desktop\AdwCleaner.exe
2015-01-10 11:42 - 2015-01-10 18:15 - 00000000 ____D () C:\FRST
2015-01-09 18:02 - 2015-01-09 18:02 - 00000000 ____D () C:\SUPERDelete
2015-01-09 18:01 - 2015-01-09 18:50 - 00000530 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 718c011d-65b2-4a2e-a704-2d75d6620d61.job
2015-01-09 18:01 - 2015-01-09 18:01 - 00003586 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 718c011d-65b2-4a2e-a704-2d75d6620d61
2015-01-09 18:00 - 2015-01-09 18:50 - 00000530 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c5afd56-b618-4c1b-b4ca-48ac03e05490.job
2015-01-09 18:00 - 2015-01-09 18:00 - 00003504 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9c5afd56-b618-4c1b-b4ca-48ac03e05490
2015-01-09 18:00 - 2015-01-09 18:00 - 00001827 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-08 18:20 - 2015-01-08 18:22 - 00002244 _____ () C:\Users\mike\Desktop\Rkill.txt
2015-01-06 22:42 - 2015-01-06 22:42 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-06 22:34 - 2015-01-06 22:34 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-06 22:33 - 2015-01-06 22:33 - 00007190 _____ () C:\Windows\system32\.crusader
2015-01-06 22:23 - 2015-01-06 22:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-06 21:21 - 2015-01-06 21:21 - 00000000 ____D () C:\ProgramData\nacbhacipplioillpmfdilbckfkjmkdm
2015-01-06 21:09 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 20:38 - 2015-01-10 14:14 - 00000000 ____D () C:\AdwCleaner
2015-01-06 20:29 - 2015-01-06 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-01-06 20:20 - 2014-11-27 16:40 - 109818608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2015-01-06 20:16 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 20:16 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-02 16:48 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-01-02 16:48 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-01-02 16:03 - 2015-01-10 18:08 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 16:03 - 2015-01-10 14:16 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-02 16:03 - 2015-01-10 14:15 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 16:03 - 2015-01-02 16:03 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-02 16:03 - 2015-01-02 16:03 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-02 16:03 - 2015-01-02 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 16:03 - 2015-01-02 16:03 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-02 15:33 - 2015-01-02 15:33 - 00003196 _____ () C:\Windows\System32\Tasks\{D5BA848D-3BCB-47CD-B57C-CE32B6950BE6}
2015-01-02 15:27 - 2015-01-02 15:27 - 00003126 _____ () C:\Windows\System32\Tasks\{26C7CEBA-B0C7-48C2-B561-D179F3547CFF}
2015-01-02 15:05 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-02 15:05 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-02 14:29 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-02 14:29 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-02 14:29 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-02 14:29 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-02 14:29 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-02 14:29 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-02 14:29 - 2014-10-12 21:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-01-02 14:29 - 2014-10-12 21:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-01-02 14:29 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-01-02 14:29 - 2014-10-12 21:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-01-02 14:28 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-02 14:28 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-02 14:28 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-02 14:28 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-02 14:28 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-02 14:28 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-02 14:28 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-02 14:28 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-02 14:28 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-02 14:28 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-02 14:28 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-02 14:28 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-02 14:28 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-02 14:28 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-01-02 14:28 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-02 14:28 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-02 14:28 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-02 14:28 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-02 14:28 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-02 14:28 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-02 14:28 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-02 14:28 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-02 14:28 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-02 14:28 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-02 14:28 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-02 14:28 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-01-02 14:28 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-02 14:28 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-02 14:28 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-02 14:28 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-02 14:28 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-02 14:28 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-02 14:28 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-02 14:28 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-02 14:28 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-02 14:28 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-02 14:28 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-02 14:28 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-01-02 14:28 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-01-02 14:28 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-02 14:28 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-02 14:22 - 2015-01-10 14:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 14:22 - 2015-01-02 14:22 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 14:22 - 2015-01-02 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-02 14:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-02 14:22 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 14:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 14:12 - 2015-01-02 14:12 - 00002418 _____ () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL.lnk
2014-12-26 22:08 - 2014-12-26 22:08 - 00000000 _____ () C:\Recovery.txt
2014-12-26 16:20 - 2014-12-26 16:20 - 00000000 ____D () C:\RegBackup
2014-12-26 15:58 - 2015-01-02 14:04 - 00000000 ____D () C:\Users\mike\Downloads\Tweaking.com - Windows Repair
2014-12-26 14:35 - 2014-12-26 14:35 - 00000000 __SHD () C:\Users\Uncle Jay\AppData\Local\EmieUserList
2014-12-26 14:35 - 2014-12-26 14:35 - 00000000 __SHD () C:\Users\Uncle Jay\AppData\Local\EmieSiteList
2014-12-26 14:35 - 2014-12-26 14:35 - 00000000 __SHD () C:\Users\Uncle Jay\AppData\Local\EmieBrowserModeList
2014-12-26 14:33 - 2014-12-26 14:33 - 00000000 ____D () C:\Users\Uncle Jay\Documents\Youcam
2014-12-26 14:33 - 2014-12-26 14:33 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Hewlett-Packard
2014-12-26 14:30 - 2014-12-26 14:30 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Apple Computer
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Adobe
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\VirtualStore
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\Hewlett-Packard
2014-12-26 14:28 - 2014-12-26 14:33 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\Packages
2014-12-26 14:28 - 2014-12-26 14:28 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Synaptics
2014-12-26 14:27 - 2015-01-02 14:07 - 00000000 ____D () C:\Users\Uncle Jay
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ___RD () C:\Users\Uncle Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ___RD () C:\Users\Uncle Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ___RD () C:\Users\Uncle Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\Pokki
2014-12-26 14:27 - 2014-04-29 21:48 - 00000000 ___HD () C:\Users\Uncle Jay\Documents\hp.system.package.metadata
2014-12-26 10:49 - 2014-12-26 10:49 - 00022920 _____ () C:\Users\mike\Documents\Malware 2nd run.txt
2014-12-26 10:06 - 2014-12-26 10:06 - 00202988 _____ () C:\Users\mike\Documents\Malware 1st run.txt
2014-12-26 09:35 - 2015-01-02 14:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-26 09:35 - 2014-12-26 09:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-25 18:16 - 2014-12-25 18:17 - 00001397 _____ () C:\ProgramData\tempimage.bmp
2014-12-25 17:00 - 2015-01-06 20:13 - 00000000 ____D () C:\Windows\system32\appraiser
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 18:12 - 2014-09-03 19:26 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4FCCDE4-BF02-4FB2-835A-4FC175D533CC}
2015-01-10 18:12 - 2014-09-03 16:59 - 02016740 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 18:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-10 14:35 - 2014-09-03 18:17 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3218940405-2724877453-2731614028-1002
2015-01-10 14:20 - 2014-03-18 04:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 14:17 - 2014-09-03 17:07 - 00000000 ____D () C:\Users\mike\Documents\Youcam
2015-01-10 14:16 - 2014-09-03 17:08 - 00000000 __RDO () C:\Users\mike\OneDrive
2015-01-10 14:15 - 2014-06-16 08:48 - 01247205 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-01-10 14:15 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 14:14 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\mike
2015-01-10 14:14 - 2014-06-16 08:38 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-10 14:14 - 2014-03-18 04:44 - 00666486 _____ () C:\Windows\PFRO.log
2015-01-10 14:14 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-10 11:51 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-09 18:44 - 2014-09-21 12:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-09 18:44 - 2014-09-21 12:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-08 18:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-06 22:34 - 2014-11-27 21:23 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleFormike.job
2015-01-06 22:11 - 2014-11-27 21:23 - 00003162 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormike
2015-01-06 21:10 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-06 21:01 - 2014-06-16 09:05 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-01-06 21:01 - 2014-06-16 09:05 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-06 21:01 - 2014-06-16 09:04 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-06 20:59 - 2014-04-29 21:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-01-06 20:29 - 2013-08-22 09:46 - 00027615 _____ () C:\Windows\setupact.log
2015-01-06 20:19 - 2014-11-19 21:51 - 00003248 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-01-06 20:19 - 2014-09-08 14:20 - 00002170 _____ () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-01-06 20:19 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\mike\AppData\Local\Pokki
2015-01-06 20:13 - 2014-09-24 17:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-06 20:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-01-06 20:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-01-06 20:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-04 02:28 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-02 16:36 - 2014-09-07 12:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-02 16:29 - 2014-09-07 12:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-02 16:03 - 2014-11-09 20:32 - 00000000 ____D () C:\Users\mike\AppData\Local\Google
2015-01-02 14:24 - 2014-09-08 14:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-01-02 14:08 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 __RSD () C:\Windows\Media
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\WinMetadata
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\th-TH
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\he-IL
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\et-EE
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-02 14:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-01-02 14:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-02 14:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\servicing
2015-01-02 14:05 - 2014-09-14 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-02 14:05 - 2014-09-08 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-02 14:05 - 2014-09-03 17:06 - 00000000 ____D () C:\Users\mike\AppData\Local\Hewlett-Packard
2015-01-02 14:05 - 2014-06-16 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Notes
2015-01-02 14:05 - 2014-06-16 08:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-02 14:05 - 2014-06-16 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-02 14:05 - 2014-04-29 22:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-01-02 14:05 - 2014-04-29 21:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-01-02 14:05 - 2014-04-29 21:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-02 14:05 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-02 14:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Globalization
2015-01-02 14:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-02 13:50 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration
2015-01-02 13:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppCompat
2015-01-02 13:44 - 2014-09-03 17:04 - 00000000 ____D () C:\Users\mike\AppData\Local\Packages
2015-01-02 13:43 - 2014-06-16 08:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-02 13:43 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Default
 
Some content of TEMP:
====================
C:\Users\mike\AppData\Local\Temp\Quarantine.exe
C:\Users\mike\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-02 13:13
 
==================== End Of Log ============================


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 11 January 2015 - 07:42 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONProxyEnable: [HKLM] => ProxyEnable is set.
    ProxyEnable: [HKLM-x32] => ProxyEnable is set.
    ProxyServer: [HKLM] => http=127.0.0.1:64089;https=127.0.0.1:64089
    ProxyServer: [HKLM-x32] => http=127.0.0.1:64089;https=127.0.0.1:64089
    ProxyServer: [S-1-5-21-3218940405-2724877453-2731614028-1002] => http=127.0.0.1:14004;https=127.0.0.1:14004
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    S2 c915db48; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\amazingaccel\GiantDiscount.dll",serv
    c:\Program Files (x86)\amazingaccel
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 wjaymccarthy

wjaymccarthy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 11 January 2015 - 01:49 PM

All seems to be running smoothly. Appreciate your help. What was it??

 

Here are the logs you requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-01-2015

Ran by mike at 2015-01-11 10:33:46 Run:1
Running from C:\Users\mike\Desktop
Loaded Profile: mike (Available profiles: mike)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:64089;https=127.0.0.1:64089
ProxyServer: [HKLM-x32] => http=127.0.0.1:64089;https=127.0.0.1:64089
ProxyServer: [S-1-5-21-3218940405-2724877453-2731614028-1002] => http=127.0.0.1:14004;https=127.0.0.1:14004
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 c915db48; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\amazingaccel\GiantDiscount.dll",serv
c:\Program Files (x86)\amazingaccel
EmptyTemp:
 
*****************
 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKU\CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
c915db48 => Service deleted successfully.
"c:\Program Files (x86)\amazingaccel" => File/Directory not found.
EmptyTemp: => Removed 1.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:33:57 ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2015
Ran by mike (administrator) on MIKEYMULZZ on 11-01-2015 10:38:33
Running from C:\Users\mike\Desktop
Loaded Profile: mike (Available profiles: mike)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-04] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\RunOnce: [Application Restart #5] => C:\Users\mike\AppData\Local\Pokki\Engine\HostAppService.exe [7546184 2014-03-26] (Pokki)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKU\S-1-5-21-3218940405-2724877453-2731614028-1002\...\Firefox\Extensions: [{5ECBF158-7053-DEB4-491A-590F9EBC1AE2}] - C:\Program Files (x86)\ver6SpeeditUp\183.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Gmail) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-15] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-04] (Hewlett-Packard Development Company, L.P.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-01] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-21] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-06] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-10] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3379416 2014-03-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-21] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-21] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftAEAE.tmp\amifldrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 18:16 - 2015-01-10 18:16 - 00022059 _____ () C:\Users\mike\Desktop\Addition.txt
2015-01-10 18:15 - 2015-01-11 10:38 - 00015410 _____ () C:\Users\mike\Desktop\FRST.txt
2015-01-10 18:13 - 2015-01-10 18:13 - 00000621 _____ () C:\Users\mike\Desktop\JRT.txt
2015-01-10 18:10 - 2015-01-10 18:10 - 00000000 ____D () C:\Windows\ERUNT
2015-01-10 18:08 - 2014-12-28 03:01 - 01707939 _____ (Thisisu) C:\Users\mike\Desktop\JRT.exe
2015-01-10 14:09 - 2015-01-06 20:37 - 02173952 _____ () C:\Users\mike\Desktop\adwcleaner_4.106.exe
2015-01-10 14:08 - 2015-01-10 08:57 - 02124288 _____ (Farbar) C:\Users\mike\Desktop\FRST64.exe
2015-01-10 14:08 - 2015-01-07 16:54 - 02191360 _____ () C:\Users\mike\Desktop\AdwCleaner.exe
2015-01-10 11:42 - 2015-01-11 10:38 - 00000000 ____D () C:\FRST
2015-01-09 18:02 - 2015-01-09 18:02 - 00000000 ____D () C:\SUPERDelete
2015-01-09 18:01 - 2015-01-09 18:50 - 00000530 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 718c011d-65b2-4a2e-a704-2d75d6620d61.job
2015-01-09 18:01 - 2015-01-09 18:01 - 00003586 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 718c011d-65b2-4a2e-a704-2d75d6620d61
2015-01-09 18:00 - 2015-01-09 18:50 - 00000530 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c5afd56-b618-4c1b-b4ca-48ac03e05490.job
2015-01-09 18:00 - 2015-01-09 18:00 - 00003504 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9c5afd56-b618-4c1b-b4ca-48ac03e05490
2015-01-09 18:00 - 2015-01-09 18:00 - 00001827 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-08 18:20 - 2015-01-08 18:22 - 00002244 _____ () C:\Users\mike\Desktop\Rkill.txt
2015-01-06 22:42 - 2015-01-06 22:42 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-06 22:34 - 2015-01-06 22:34 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-06 22:33 - 2015-01-06 22:33 - 00007190 _____ () C:\Windows\system32\.crusader
2015-01-06 22:23 - 2015-01-06 22:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-06 21:21 - 2015-01-06 21:21 - 00000000 ____D () C:\ProgramData\nacbhacipplioillpmfdilbckfkjmkdm
2015-01-06 21:09 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 20:38 - 2015-01-10 14:14 - 00000000 ____D () C:\AdwCleaner
2015-01-06 20:29 - 2015-01-06 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-01-06 20:20 - 2014-11-27 16:40 - 109818608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2015-01-06 20:16 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 20:16 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-02 16:48 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-01-02 16:48 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-01-02 16:03 - 2015-01-11 10:36 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-02 16:03 - 2015-01-11 10:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 16:03 - 2015-01-10 18:08 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 16:03 - 2015-01-02 16:03 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-02 16:03 - 2015-01-02 16:03 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-02 16:03 - 2015-01-02 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 16:03 - 2015-01-02 16:03 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-02 15:33 - 2015-01-02 15:33 - 00003196 _____ () C:\Windows\System32\Tasks\{D5BA848D-3BCB-47CD-B57C-CE32B6950BE6}
2015-01-02 15:27 - 2015-01-02 15:27 - 00003126 _____ () C:\Windows\System32\Tasks\{26C7CEBA-B0C7-48C2-B561-D179F3547CFF}
2015-01-02 15:05 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-02 15:05 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-02 14:29 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-02 14:29 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-02 14:29 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-02 14:29 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-02 14:29 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-02 14:29 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-02 14:29 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-02 14:29 - 2014-10-12 21:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-01-02 14:29 - 2014-10-12 21:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-01-02 14:29 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-01-02 14:29 - 2014-10-12 21:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-01-02 14:28 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-02 14:28 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-02 14:28 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-02 14:28 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-02 14:28 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-02 14:28 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-02 14:28 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-02 14:28 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-02 14:28 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-02 14:28 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-02 14:28 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-02 14:28 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-02 14:28 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-02 14:28 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-01-02 14:28 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-02 14:28 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-02 14:28 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-02 14:28 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-02 14:28 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-02 14:28 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-02 14:28 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-02 14:28 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-02 14:28 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-02 14:28 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-02 14:28 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-02 14:28 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-01-02 14:28 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-02 14:28 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-02 14:28 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-02 14:28 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-02 14:28 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-02 14:28 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-02 14:28 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-02 14:28 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-02 14:28 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-02 14:28 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-02 14:28 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-02 14:28 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-01-02 14:28 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-01-02 14:28 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-02 14:28 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-02 14:22 - 2015-01-10 14:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 14:22 - 2015-01-02 14:22 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 14:22 - 2015-01-02 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-02 14:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-02 14:22 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 14:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 14:12 - 2015-01-02 14:12 - 00002418 _____ () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL.lnk
2014-12-26 22:08 - 2014-12-26 22:08 - 00000000 _____ () C:\Recovery.txt
2014-12-26 16:20 - 2014-12-26 16:20 - 00000000 ____D () C:\RegBackup
2014-12-26 15:58 - 2015-01-02 14:04 - 00000000 ____D () C:\Users\mike\Downloads\Tweaking.com - Windows Repair
2014-12-26 14:35 - 2014-12-26 14:35 - 00000000 __SHD () C:\Users\Uncle Jay\AppData\Local\EmieUserList
2014-12-26 14:35 - 2014-12-26 14:35 - 00000000 __SHD () C:\Users\Uncle Jay\AppData\Local\EmieSiteList
2014-12-26 14:35 - 2014-12-26 14:35 - 00000000 __SHD () C:\Users\Uncle Jay\AppData\Local\EmieBrowserModeList
2014-12-26 14:33 - 2014-12-26 14:33 - 00000000 ____D () C:\Users\Uncle Jay\Documents\Youcam
2014-12-26 14:33 - 2014-12-26 14:33 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Hewlett-Packard
2014-12-26 14:30 - 2014-12-26 14:30 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Apple Computer
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Adobe
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\VirtualStore
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\Hewlett-Packard
2014-12-26 14:28 - 2014-12-26 14:33 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\Packages
2014-12-26 14:28 - 2014-12-26 14:28 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Roaming\Synaptics
2014-12-26 14:27 - 2015-01-02 14:07 - 00000000 ____D () C:\Users\Uncle Jay
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ___RD () C:\Users\Uncle Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ___RD () C:\Users\Uncle Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ___RD () C:\Users\Uncle Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-26 14:27 - 2015-01-02 14:04 - 00000000 ____D () C:\Users\Uncle Jay\AppData\Local\Pokki
2014-12-26 14:27 - 2014-04-29 21:48 - 00000000 ___HD () C:\Users\Uncle Jay\Documents\hp.system.package.metadata
2014-12-26 10:49 - 2014-12-26 10:49 - 00022920 _____ () C:\Users\mike\Documents\Malware 2nd run.txt
2014-12-26 10:06 - 2014-12-26 10:06 - 00202988 _____ () C:\Users\mike\Documents\Malware 1st run.txt
2014-12-26 09:35 - 2015-01-02 14:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-26 09:35 - 2014-12-26 09:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-25 18:16 - 2014-12-25 18:17 - 00001397 _____ () C:\ProgramData\tempimage.bmp
2014-12-25 17:00 - 2015-01-06 20:13 - 00000000 ____D () C:\Windows\system32\appraiser
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 10:37 - 2014-09-03 17:07 - 00000000 ____D () C:\Users\mike\Documents\Youcam
2015-01-11 10:36 - 2014-09-03 17:08 - 00000000 __RDO () C:\Users\mike\OneDrive
2015-01-11 10:35 - 2014-06-16 08:48 - 01312630 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-01-11 10:34 - 2014-11-09 20:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-11 10:34 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\mike
2015-01-11 10:34 - 2014-09-03 16:59 - 02082563 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 10:34 - 2014-06-16 08:38 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-11 10:34 - 2014-03-18 04:44 - 00667900 _____ () C:\Windows\PFRO.log
2015-01-11 10:34 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 10:34 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-11 10:33 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-11 10:30 - 2014-03-18 04:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 10:29 - 2014-09-03 18:17 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3218940405-2724877453-2731614028-1002
2015-01-11 10:26 - 2014-09-03 19:26 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4FCCDE4-BF02-4FB2-835A-4FC175D533CC}
2015-01-10 18:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-10 11:51 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-09 18:44 - 2014-09-21 12:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-09 18:44 - 2014-09-21 12:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-08 18:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-06 22:34 - 2014-11-27 21:23 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleFormike.job
2015-01-06 22:11 - 2014-11-27 21:23 - 00003162 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormike
2015-01-06 21:10 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-06 21:01 - 2014-06-16 09:05 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-01-06 21:01 - 2014-06-16 09:05 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-06 21:01 - 2014-06-16 09:04 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-06 20:59 - 2014-04-29 21:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-01-06 20:29 - 2013-08-22 09:46 - 00027615 _____ () C:\Windows\setupact.log
2015-01-06 20:19 - 2014-11-19 21:51 - 00003248 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-01-06 20:19 - 2014-09-08 14:20 - 00002170 _____ () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-01-06 20:19 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\mike\AppData\Local\Pokki
2015-01-06 20:13 - 2014-09-24 17:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-06 20:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-01-06 20:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-01-06 20:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-04 02:28 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-02 16:36 - 2014-09-07 12:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-02 16:29 - 2014-09-07 12:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-02 16:03 - 2014-11-09 20:32 - 00000000 ____D () C:\Users\mike\AppData\Local\Google
2015-01-02 14:24 - 2014-09-08 14:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-01-02 14:08 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 __RSD () C:\Windows\Media
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\WinMetadata
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\th-TH
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\he-IL
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\et-EE
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera
2015-01-02 14:06 - 2013-08-22 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-02 14:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-01-02 14:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-02 14:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\servicing
2015-01-02 14:05 - 2014-09-14 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-02 14:05 - 2014-09-08 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-02 14:05 - 2014-09-03 17:06 - 00000000 ____D () C:\Users\mike\AppData\Local\Hewlett-Packard
2015-01-02 14:05 - 2014-06-16 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Notes
2015-01-02 14:05 - 2014-06-16 08:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-02 14:05 - 2014-06-16 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-02 14:05 - 2014-04-29 22:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-01-02 14:05 - 2014-04-29 21:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-01-02 14:05 - 2014-04-29 21:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-02 14:05 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-02 14:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Globalization
2015-01-02 14:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-02 13:50 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration
2015-01-02 13:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppCompat
2015-01-02 13:44 - 2014-09-03 17:04 - 00000000 ____D () C:\Users\mike\AppData\Local\Packages
2015-01-02 13:43 - 2014-06-16 08:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-02 13:43 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Default
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-02 13:13
 
==================== End Of Log ============================
 
C:\Users\All Users\nacbhacipplioillpmfdilbckfkjmkdm\oXr1G4b.js JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desktop Dock\DesktopDockApp.exe.vir Win32/Verti.K potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SuperOptimizer.exe.vir a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\PriNceaCoupoaNu\P1dviN4HtPCymf.dll.vir a variant of Win32/Adware.MultiPlug.EG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\PriNceaCoupoaNu\P1dviN4HtPCymf.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\savaEr obbox\gu59WOYULR110X.dll.vir a variant of Win32/Adware.MultiPlug.EG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\savaEr obbox\gu59WOYULR110X.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\surfkeeipiT\HI7fhokTYh1zZB.dll.vir a variant of Win32/Adware.MultiPlug.EG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\surfkeeipiT\HI7fhokTYh1zZB.exe.vir a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\surfkeeipiT\HI7fhokTYh1zZB.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ttperfectcoupon\AveBsVstXWmO4t.dll.vir Win32/Adware.MultiPlug.EG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ttperfectcoupon\AveBsVstXWmO4t.exe.vir a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ttperfectcoupon\AveBsVstXWmO4t.x64.dll.vir a variant of Win64/Adware.MultiPlug.D application cleaned by deleting - quarantined
C:\ProgramData\nacbhacipplioillpmfdilbckfkjmkdm\oXr1G4b.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\mike\AppData\Local\nsp4CF1.tmp Win32/VOPackage.BC potentially unwanted application deleted - quarantined
C:\Users\mike\AppData\Local\nsrEEAF.tmp Win32/VOPackage.BC potentially unwanted application deleted - quarantined


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 11 January 2015 - 04:55 PM

Hey,
the Proxy settings were set wrong. ;)
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    C:\Users\All Users\nacbhacipplioillpmfdilbckfkjmkdm
    C:\ProgramData\nacbhacipplioillpmfdilbckfkjmkdm
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ProxyEnable: [HKLM] => ProxyEnable is set.
    ProxyEnable: [HKLM-x32] => ProxyEnable is set.
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 wjaymccarthy

wjaymccarthy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 11 January 2015 - 06:24 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-01-2015
Ran by mike at 2015-01-11 18:23:09 Run:2
Running from C:\Users\mike\Desktop
Loaded Profile: mike (Available profiles: mike)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\All Users\nacbhacipplioillpmfdilbckfkjmkdm
C:\ProgramData\nacbhacipplioillpmfdilbckfkjmkdm
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
*****************
 
C:\Users\All Users\nacbhacipplioillpmfdilbckfkjmkdm => Moved successfully.
"C:\ProgramData\nacbhacipplioillpmfdilbckfkjmkdm" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
 
==== End of Fixlog 18:23:09 ====


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 11 January 2015 - 07:29 PM

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 15 January 2015 - 10:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users