Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads Persistent


  • This topic is locked This topic is locked
35 replies to this topic

#1 shadowfox87

shadowfox87

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 25 January 2015 - 01:21 PM

Hi,

 

I just joined this forum. I use bleepingcomputer for a lot of my malware software downloads. I've never asked for help before as most things are usually removed by software. However, this problem seems persistent.

 

I hear some audio ads when I'm using chrome. I've ran malwarebytes, microsoft security essentials, adwcleaner, rogue killer, junkware removal tool, combofix, tdsskiller, ccleaner. I also uninstalled chrome and reinstalled it.

 

Nothing works. Any help would be appreciated. I'm using a Windows 7 64-bit machine.

Thanks.



BC AdBot (Login to Remove)

 


#2 shadowfox87

shadowfox87
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 25 January 2015 - 01:32 PM

I have scanned using FRST. Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01

Ran by User (administrator) on USER-PC on 25-01-2015 13:29:09

Running from C:\Users\User\Downloads

Loaded Profiles: User (Available profiles: User)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\PrimoCache (Beta)\primoccsvc.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe

(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

() C:\Program Files (x86)\RocketDock\RocketDock.exe

() C:\Users\User\Desktop\AsusNbKeys_v1.3\AsusNbKeys.exe

(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe

() C:\Program Files (x86)\Deluge\deluge.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-16] (VIA)

HKLM\...\Run: [ETDCtrl] => %ProgramFiles%\Elantech\ETDCtrl.exe

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\RunOnce: [Adobe Speed Launcher] => 1422168679

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusNbKeys.lnk

ShortcutTarget: AsusNbKeys.lnk -> C:\Users\User\Desktop\AsusNbKeys_v1.3\AsusNbKeys.exe ()

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-458947259-368414734-4088398591-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyServer: [S-1-5-21-458947259-368414734-4088398591-1001] => http=127.0.0.1:8555;https=127.0.0.1:8555

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-458947259-368414734-4088398591-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-458947259-368414734-4088398591-1001 -> {0EE7ACC4-8736-4527-B85B-768CD5A1ABB0} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-458947259-368414734-4088398591-1001 -> {4CFF888D-776C-4E27-99E1-3D1C3F7F5B45} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 -  No File

Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-10]

FF HKLM-x32\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com

FF HKLM-x32\...\Firefox\Extensions: [AMAllMyTube@Aimersoft.com] - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com

 

Chrome:

=======

CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321848&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP82D1D957-5A61-44D3-8685-0B4D0388BC74&SSPV=

CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321848&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP82D1D957-5A61-44D3-8685-0B4D0388BC74&SSPV=", "hxxp://google.com/", "hxxp://search.conduit.com/?ctid=CT3321848&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPDDD7104B-DC43-4600-96C8-FE2C17155A9A&SSPV=", "hxxp://mysearch.avg.com?cid={4495FA13-4758-4A56-A5AE-0A9A35353F08}&mid=b841c49d842747d2987041affc908ad4-0d61978659cac77876a222ea520cb50974297fa7&lang=en&ds=st011&coid=avgtbdisst&cmpid=&pr=sa&d=2014-02-10 14:56:25&v=17.3.1.91&pid=safeguard&sg=&sap=hp"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23]

CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-09]

CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-09]

CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-23]

CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-09]

CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23]

CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-24]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]

CHR Extension: (Laterflix) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okojkkbmafjeoplgikaaihnnjghpiban [2015-01-23]

CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-09]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 PrimoCacheSvc; C:\Program Files\PrimoCache (Beta)\PrimoCcSvc.exe [126560 2014-01-28] ()

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-08] (Company) [File not signed]

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()

R0 FancyCcV; C:\Windows\System32\DRIVERS\rxfcv.sys [143968 2014-01-28] (Romex Software)

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-12-03] (AnchorFree Inc.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-05] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R3 MTsensor64; C:\Windows\System32\DRIVERS\PuAcpi64.sys [15880 2009-06-04] ()

R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0114.sys [28768 2014-06-30] (SoftEther VPN Project at University of Tsukuba, Japan.)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-06] ()

R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-25 13:23 - 2015-01-25 13:24 - 00034419 _____ () C:\Users\User\Downloads\Addition.txt

2015-01-25 13:22 - 2015-01-25 13:29 - 00021562 _____ () C:\Users\User\Downloads\FRST.txt

2015-01-25 13:22 - 2015-01-25 13:22 - 00000000 ____D () C:\Users\User\Downloads\FRST-OlderVersion

2015-01-25 01:46 - 2015-01-25 01:49 - 00001472 _____ () C:\Windows\Synaptics.log

2015-01-25 01:46 - 2015-01-25 01:46 - 00000000 ____D () C:\Users\User\Downloads\Synaptics_v17_0_19_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Acme_Inc

2015-01-25 00:42 - 2015-01-25 00:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intel Corporation

2015-01-25 00:39 - 2015-01-25 00:39 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e

2015-01-25 00:38 - 2014-01-02 21:11 - 04029952 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys

2015-01-25 00:37 - 2015-01-25 00:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2015-01-25 00:37 - 2010-03-29 11:17 - 00064040 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\L1E62x64.sys

2015-01-25 00:36 - 2013-09-17 09:23 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll

2015-01-25 00:36 - 2013-03-05 23:49 - 00653296 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys

2015-01-25 00:36 - 2013-03-05 23:49 - 00028656 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys

2015-01-25 00:35 - 2015-01-25 00:35 - 00000000 ____D () C:\Intel

2015-01-25 00:25 - 2009-06-04 22:44 - 00015880 _____ () C:\Windows\system32\Drivers\PuAcpi64.sys

2015-01-25 00:23 - 2015-01-25 08:10 - 00000408 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job

2015-01-25 00:23 - 2015-01-25 00:23 - 00003816 _____ () C:\Windows\System32\Tasks\DriverEasy Scheduled Scan

2015-01-25 00:23 - 2015-01-25 00:23 - 00000967 _____ () C:\Users\Public\Desktop\DriverEasy.lnk

2015-01-25 00:23 - 2015-01-25 00:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Easeware

2015-01-25 00:23 - 2015-01-25 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy

2015-01-25 00:23 - 2015-01-25 00:23 - 00000000 ____D () C:\Program Files\Easeware

2015-01-24 23:26 - 2015-01-25 10:51 - 00051426 _____ () C:\Windows\DPINST.LOG

2015-01-24 23:26 - 2015-01-24 23:26 - 00000000 ____D () C:\Users\User\Downloads\Touchpad_Elantech_Win7_64_VER115155

2015-01-24 23:26 - 2014-07-14 15:01 - 00407304 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\Drivers\ETD.sys

2015-01-24 10:34 - 2015-01-24 10:34 - 00002642 _____ () C:\Windows\PFRO.log

2015-01-24 10:30 - 2015-01-24 10:30 - 02194432 _____ () C:\Users\User\Downloads\adwcleaner_4.109.exe

2015-01-24 10:08 - 2015-01-24 10:08 - 00024381 _____ () C:\ComboFix.txt

2015-01-23 23:38 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-01-23 23:38 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-01-23 23:38 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-01-23 23:38 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-01-23 23:38 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-01-23 23:38 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2015-01-23 23:38 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2015-01-23 23:38 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2015-01-23 23:35 - 2015-01-24 10:09 - 00000000 ____D () C:\Qoobox

2015-01-23 23:35 - 2015-01-24 09:58 - 00000000 ____D () C:\Windows\erdnt

2015-01-23 23:34 - 2015-01-24 01:02 - 00006837 _____ () C:\Windows\IE11_main.log

2015-01-23 23:27 - 2015-01-23 23:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\XnView

2015-01-23 23:24 - 2015-01-23 23:25 - 05609462 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe

2015-01-23 23:24 - 2015-01-23 23:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe

2015-01-23 23:20 - 2015-01-25 01:51 - 00000672 _____ () C:\Windows\setupact.log

2015-01-23 23:20 - 2015-01-23 23:20 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-23 22:50 - 2015-01-23 22:50 - 00000000 ____D () C:\Windows\pss

2015-01-23 22:47 - 2015-01-23 22:47 - 36448072 _____ () C:\Users\User\Downloads\Firefox Setup 33.0.exe

2015-01-23 12:28 - 2015-01-23 23:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-23 12:08 - 2015-01-23 12:08 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla

2015-01-23 11:54 - 2015-01-23 23:56 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps

2015-01-23 11:54 - 2014-12-03 17:35 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys

2015-01-23 11:53 - 2015-01-23 11:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\iFunBox.NXGen

2015-01-23 10:51 - 2015-01-23 10:51 - 00002181 _____ () C:\Users\User\AppData\Local\recently-used.xbel

2015-01-23 10:18 - 2015-01-25 13:22 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe

2015-01-23 09:55 - 2015-01-24 10:23 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-01-23 09:55 - 2015-01-23 09:55 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-23 09:53 - 2015-01-23 09:53 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe

2015-01-23 09:52 - 2015-01-23 09:52 - 18570328 _____ () C:\Users\User\Downloads\RogueKillerX64.exe

2015-01-23 08:59 - 2015-01-23 08:59 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

2015-01-23 00:56 - 2015-01-23 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-23 00:55 - 2015-01-25 13:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-23 00:55 - 2015-01-25 01:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-23 00:55 - 2015-01-23 00:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-23 00:55 - 2015-01-23 00:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-23 00:50 - 2015-01-24 10:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sawbuck

2015-01-23 00:41 - 2015-01-25 13:29 - 00000000 ____D () C:\FRST

2015-01-20 00:29 - 2015-01-20 00:29 - 00000000 ____D () C:\Users\User\Downloads\YGOPUZZLEEditorV3

2015-01-19 23:57 - 2015-01-19 23:57 - 00750567 _____ () C:\Users\User\Downloads\YGOPUZZLEEditorV3.rar

2015-01-18 15:38 - 2015-01-18 15:38 - 00000000 ____D () C:\Users\User\Downloads\iTools0520E

2015-01-18 15:38 - 2015-01-18 15:38 - 00000000 ____D () C:\Users\User\Documents\iTools

2015-01-18 15:36 - 2015-01-18 15:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Rainmaker Software Group LLC.​

2015-01-18 15:36 - 2015-01-18 15:36 - 00000000 ____D () C:\Users\User\AppData\Local\Rainmaker_Software_Group_

2015-01-16 19:40 - 2015-01-16 19:40 - 22409731 _____ () C:\Users\User\Downloads\SmartGo Kifu2.0.ipa

2015-01-16 19:37 - 2015-01-18 13:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\WindSolutions

2015-01-16 19:37 - 2015-01-16 19:38 - 00000000 ____D () C:\ProgramData\WindSolutions

2015-01-16 17:56 - 2015-01-16 17:56 - 00001397 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk

2015-01-16 17:53 - 2015-01-16 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate

2015-01-16 17:53 - 2015-01-16 17:53 - 00000000 ____D () C:\Program Files (x86)\Seagate

2015-01-16 12:32 - 2015-01-16 12:46 - 00000000 ____D () C:\Program Files (x86)\iFunbox 2014

2015-01-15 13:07 - 2015-01-15 13:07 - 00000000 ____D () C:\Users\User\Downloads\dropbox_track_techsplurge

2015-01-14 20:13 - 2015-01-15 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2015-01-14 08:51 - 2015-01-25 10:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\deluge

2015-01-14 08:50 - 2015-01-14 09:39 - 00000979 _____ () C:\Users\Public\Desktop\Deluge.lnk

2015-01-14 08:50 - 2015-01-14 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge

2015-01-14 08:50 - 2015-01-14 08:50 - 00000000 ____D () C:\Program Files (x86)\Deluge

2015-01-14 08:26 - 2015-01-14 08:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-14 04:11 - 2015-01-14 04:11 - 00000000 ____D () C:\Users\User\Documents\OneNote Notebooks

2015-01-13 12:51 - 2015-01-13 12:53 - 302917235 _____ () C:\Users\User\Downloads\Eye.Candy.S01E01.HDTV.x264-ASAP.mp4

2015-01-12 11:35 - 2015-01-12 11:35 - 00001121 _____ () C:\Users\Public\Desktop\Popcorn Time.lnk

2015-01-12 11:35 - 2015-01-12 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time

2015-01-12 11:35 - 2015-01-12 11:35 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time

2015-01-11 11:43 - 2015-01-11 22:37 - 00000000 ____D () C:\Program Files\ComicRack

2015-01-10 23:18 - 2015-01-10 23:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\HandBrake

2015-01-10 23:17 - 2015-01-10 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake

2015-01-09 20:15 - 2015-01-09 20:15 - 02834862 _____ () C:\Users\User\Downloads\DataEditorX-master.zip

2015-01-08 16:07 - 2015-01-08 16:18 - 639838920 _____ () C:\Users\User\Downloads\Essential Anatomy 5 (v5.0 iPhone4 Univ LP os70)-Locophone-ICPDA.rc318.ipa

2015-01-08 14:39 - 2015-01-18 15:41 - 00000000 ____D () C:\Program Files (x86)\i-Funbox DevTeam

2014-12-31 00:14 - 2014-12-31 00:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Xilisoft

2014-12-29 18:46 - 2014-12-29 18:46 - 00000000 ____D () C:\Users\User\Documents\Faasoft Video Converter

2014-12-29 16:51 - 2014-12-29 16:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\BaiduYunGuanjia

2014-12-29 16:51 - 2014-12-29 16:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\BaiduYunKernel

2014-12-26 01:25 - 2015-01-06 10:24 - 00001542 _____ () C:\Users\User\Desktop\ygopro.lnk

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-25 13:28 - 2014-11-19 10:23 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001UA.job

2015-01-25 13:06 - 2014-02-10 03:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\CDisplayEx

2015-01-25 12:46 - 2014-02-10 00:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype

2015-01-25 10:51 - 2014-02-10 00:20 - 00000000 ____D () C:\Program Files (x86)\ASUS

2015-01-25 10:28 - 2014-11-19 10:23 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001Core.job

2015-01-25 08:10 - 2014-12-25 12:05 - 00649837 _____ () C:\Windows\WindowsUpdate.log

2015-01-25 02:05 - 2014-02-10 01:27 - 00000000 ____D () C:\ProgramData\TuneUp Software

2015-01-25 01:59 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-25 01:59 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-25 01:56 - 2009-07-14 00:13 - 00787182 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-25 01:51 - 2014-02-10 17:33 - 00000000 ___RD () C:\Users\User\Dropbox

2015-01-25 01:51 - 2014-02-10 17:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox

2015-01-25 01:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-25 01:04 - 2014-11-27 19:43 - 00001675 _____ () C:\Users\User\Documents\New.lua

2015-01-25 00:43 - 2014-02-10 03:34 - 00802584 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-01-25 00:39 - 2014-02-15 21:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-01-25 00:36 - 2014-02-10 03:22 - 00000000 ____D () C:\Program Files (x86)\Intel

2015-01-24 23:48 - 2014-02-09 23:55 - 00111712 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-24 23:46 - 2009-07-13 23:45 - 00426336 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-24 16:29 - 2014-04-29 08:55 - 00002423 _____ () C:\Users\User\Desktop\Usmleworld QBank.lnk

2015-01-24 10:36 - 2014-02-10 00:26 - 00000000 ____D () C:\Users\User\Desktop\AsusNbKeys_v1.3

2015-01-24 10:33 - 2014-12-05 17:29 - 00000000 ____D () C:\AdwCleaner

2015-01-24 10:09 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

2015-01-24 09:45 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini

2015-01-24 09:39 - 2014-02-10 00:37 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe

2015-01-24 09:35 - 2014-02-10 17:42 - 00000000 ____D () C:\ProgramData\TEMP

2015-01-23 23:39 - 2014-09-08 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-23 23:33 - 2014-03-03 22:09 - 00000000 ____D () C:\Program Files (x86)\XnView

2015-01-23 23:33 - 2014-02-10 00:12 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-23 23:24 - 2014-02-12 13:04 - 00000000 ____D () C:\Program Files (x86)\BYOND

2015-01-23 23:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-23 23:20 - 2014-07-29 12:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher

2015-01-23 23:20 - 2014-03-03 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView

2015-01-23 23:20 - 2014-02-09 23:50 - 00000000 ____D () C:\Users\User

2015-01-23 23:19 - 2014-12-23 16:20 - 00000000 ____D () C:\Users\User\Downloads\FLVJoin0.6

2015-01-23 23:19 - 2014-03-03 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\IrfanView

2015-01-23 23:19 - 2014-03-03 22:06 - 00000000 ____D () C:\Program Files (x86)\IrfanView

2015-01-23 23:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2015-01-23 22:46 - 2014-02-10 00:43 - 00000000 ___RD () C:\Users\User\SkyDrive

2015-01-23 22:45 - 2014-04-13 14:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\ViberPC

2015-01-23 22:45 - 2014-04-13 14:25 - 00000000 ____D () C:\Users\User\AppData\Local\Viber

2015-01-23 22:44 - 2014-10-22 23:52 - 00000000 ____D () C:\Users\User\Downloads\ppsspp

2015-01-23 22:44 - 2014-04-06 12:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc

2015-01-23 22:44 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV

2015-01-23 21:52 - 2014-04-27 22:10 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer

2015-01-23 11:50 - 2014-06-25 13:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-23 10:46 - 2014-07-20 22:57 - 00000000 ____D () C:\Users\User\Downloads\MMBN Chrono X Demo 4.0.1

2015-01-23 10:35 - 2014-03-29 13:46 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode

2015-01-23 08:56 - 2014-02-10 02:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-01-23 08:55 - 2014-02-10 00:37 - 00000000 ____D () C:\ProgramData\Adobe

2015-01-23 00:55 - 2014-02-09 23:55 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment

2015-01-23 00:55 - 2014-02-09 23:55 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-22 22:56 - 2014-02-12 13:04 - 00000000 ____D () C:\Users\User\Documents\BYOND

2015-01-20 00:29 - 2014-07-07 19:51 - 00000000 ____D () C:\Users\User\AppData\Local\YGOPRO_PuzzleEditor

2015-01-16 17:56 - 2014-07-29 12:20 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-14 08:26 - 2014-02-11 09:24 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-13 12:39 - 2014-02-10 00:21 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-01-13 12:39 - 2014-02-10 00:21 - 00000000 ____D () C:\ProgramData\Skype

2015-01-11 22:15 - 2014-02-10 00:29 - 00000294 _____ () C:\Users\User\Desktop\Movies to watch.txt

2015-01-05 08:56 - 2014-07-11 22:31 - 00000193 _____ () C:\Windows\WORDPAD.INI

2015-01-05 01:19 - 2014-02-09 23:59 - 00000000 ____D () C:\Users\User\Desktop\User's

2014-12-31 13:12 - 2014-02-10 00:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-28 21:06 - 2014-02-10 17:01 - 00000000 ____D () C:\Users\User\Downloads\Songs

2014-12-26 00:57 - 2014-05-17 00:26 - 00000000 ____D () C:\Users\User\Ultimate

 

==================== Files in the root of some directories =======

 

2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll

2014-12-10 13:19 - 2014-12-10 13:36 - 0000106 _____ () C:\Users\User\AppData\Roaming\Camdata.ini

2014-12-10 13:19 - 2014-12-10 13:36 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini

2014-12-10 13:19 - 2014-12-10 13:36 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini

2014-12-10 13:19 - 2014-12-10 13:36 - 0004507 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg

2014-06-25 13:46 - 2014-06-25 13:47 - 0000077 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan

2015-01-23 10:51 - 2015-01-23 10:51 - 0002181 _____ () C:\Users\User\AppData\Local\recently-used.xbel

 

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\dllnt_dump.dll

C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkqiwls.dll

C:\Users\User\AppData\Local\Temp\pslist.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-24 02:27

 

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01

Ran by User at 2015-01-25 13:29:52

Running from C:\Users\User\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)

Adobe Connect 9 Add-in (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Adobe Connect 9 Add-in) (Version: 11.9.966.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)

Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.22 - Atheros Communications Inc.)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)

Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.0 build 10 - Convivea Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Brother MFL-Pro Suite MFC-J625DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)

calibre (HKLM-x32\...\{4838134A-8CFF-4D5B-B3C1-C110DA8DF61B}) (Version: 1.37.0 - Kovid Goyal)

CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)

CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

CDisplayEx 1.10.4 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)

Daum PotPlayer 1.5.44465 x64 Edition (HKLM\...\PotPlayer64) (Version:  - )

Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )

DriverEasy 4.9.0 (HKLM\...\DriverEasy_is1) (Version: 4.9.0.0 - Easeware)

Dropbox (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

ELAN Touchpad 11.5.15.5_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.15.5 - ELAN Microelectronic Corp.)

eMule (HKLM-x32\...\eMule) (Version:  - )

FlipTIB (HKLM-x32\...\FlipTIB) (Version:  - )

GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.4.1001 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Kindle DRM Removal (HKLM-x32\...\KindleDRMRemoval) (Version: 1.4.1 - eBook Converter)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)

Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)

MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)

PANDA-glGo (HKLM-x32\...\glGo) (Version: 1.4 - PANDANET Inc.)

Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden

Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.1 - Popcorn Time)

PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)

PrimoCache (Beta) 0.9.9 (HKLM\...\{7A37EA43-BF6F-4DB7-83DB-97AA19BF9408}_is1) (Version: 0.9.9 - Romex Software)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Remote Speakers output (HKLM-x32\...\{2102E316-9D40-4270-A81B-F60362DD39B4}) (Version: 4.7 - Eric Milles)

RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)

Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)

SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)

Skype for COM (x32 Version: 1.0.36 - Skype Technologies) Hidden

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)

Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)

SSDlife Pro (HKLM-x32\...\{B6AC6742-741D-4284-B9D0-626A72FF657E}) (Version: 2.5.60 - BinarySense Inc.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)

System.Data.SQLite v1.0.93.0 (Release) (HKLM-x32\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.93.0 - System.Data.SQLite Team)

TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden

TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)

TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden

UltraChm 1.0 (HKLM-x32\...\UltraChm) (Version: 1.0 - UltraChm company, Inc.)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)

Viber (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

25-01-2015 00:06:42 Windows Update

25-01-2015 00:09:06 Windows Update

25-01-2015 00:39:13 Installed Atheros Communications Inc.® AR81Family Gigabit/Fast…“@

25-01-2015 01:47:33 Device Driver Package Install: Synaptics Mice and other pointing devices

25-01-2015 03:00:18 Windows Update

25-01-2015 10:51:05 Removed ASUS Smart Gesture

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2015-01-24 09:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1407DB4E-D406-42C5-8D47-97B9C1C93D81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)

Task: {4B525851-5587-465D-AC32-DFE60066228E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)

Task: {7A7575C4-4F2F-4C5D-9087-ACEF2AC9479D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)

Task: {7FD88C7B-CBF8-4DEB-AE09-504FD1F825F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {8DCA54A2-7444-4BC5-99E5-AA5DA2E2CAF4} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)

Task: {9BF30BC2-F66E-46C1-86CD-9AA5FD835D35} - System32\Tasks\{202C7037-ED88-4446-BC02-F1C068DF13C7} => pcalua.exe -a "C:\Program Files (x86)\FlipTIB\FlipTIB.exe"

Task: {9CD25240-EDFA-479C-A236-EE69A32B6E56} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)

Task: {AF7696FF-0C60-458C-BF0C-FC3140D8B852} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2015-01-15] (Easeware)

Task: {E58742CD-1E5F-4DEF-AC03-5D520F5E49C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EF2C70E6-998F-4BE1-B255-FCE808F8DA88} - System32\Tasks\{334F71CF-0C60-4D5D-B4C6-A62E9D324CF1} => pcalua.exe -a C:\Users\User\Downloads\vcredist_x86.exe -d C:\Users\User\Downloads

Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-02-10 17:30 - 2014-01-28 20:23 - 00126560 _____ () C:\Program Files\PrimoCache (Beta)\PrimoCcSvc.exe

2014-03-29 22:42 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll

2013-12-18 13:01 - 2013-12-18 13:01 - 00742200 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll

2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll

2014-02-10 00:39 - 2014-01-18 17:06 - 00214528 _____ () C:\Program Files\CDisplayEx\libwebp.dll

2014-02-10 00:39 - 2013-12-01 17:10 - 00257624 _____ () C:\Program Files\CDisplayEx\unrar.dll

2014-10-01 18:48 - 2012-11-14 02:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2014-10-01 18:48 - 2012-11-14 02:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2014-02-10 00:03 - 2007-09-02 16:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe

2014-02-10 00:26 - 2007-12-05 07:25 - 00049152 _____ () C:\Users\User\Desktop\AsusNbKeys_v1.3\AsusNbKeys.exe

2014-11-30 17:30 - 2014-11-30 17:30 - 00033792 _____ () C:\Program Files (x86)\Deluge\deluge.exe

2014-02-12 22:58 - 2014-02-12 22:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-02-10 00:03 - 2007-09-02 16:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll

2014-09-24 17:51 - 2014-09-24 17:51 - 00081056 _____ () C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL

2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-25 01:51 - 2015-01-25 01:51 - 00043008 _____ () c:\users\User\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkqiwls.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-03-29 22:42 - 2009-02-27 18:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2015-01-24 16:29 - 2015-01-24 16:29 - 00008192 _____ () C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1a9cc94c-712b68a8-n\ntpsdll32.dll

2010-08-24 13:47 - 2010-08-24 13:47 - 00040448 _____ () C:\Program Files (x86)\Deluge\_socket.pyd

2010-08-24 13:48 - 2010-08-24 13:48 - 00720896 _____ () C:\Program Files (x86)\Deluge\_ssl.pyd

2011-02-26 12:33 - 2011-02-26 12:33 - 00096768 _____ () C:\Program Files (x86)\Deluge\win32api.pyd

2011-02-27 11:12 - 2011-02-27 11:12 - 00110080 _____ () C:\Program Files (x86)\Deluge\pywintypes26.dll

2011-04-09 03:58 - 2011-04-09 03:58 - 00058368 _____ () C:\Program Files (x86)\Deluge\glib._glib.pyd

2011-04-09 03:58 - 2011-04-09 03:58 - 00113152 _____ () C:\Program Files (x86)\Deluge\gobject._gobject.pyd

2014-10-04 10:30 - 2014-10-04 10:30 - 00019968 _____ () C:\Program Files (x86)\Deluge\zope.interface._zope_interface_coptimizations.pyd

2014-10-04 10:29 - 2014-10-04 10:29 - 00006656 _____ () C:\Program Files (x86)\Deluge\twisted.python._initgroups.pyd

2011-09-02 06:55 - 2011-09-02 06:55 - 00010752 _____ () C:\Program Files (x86)\Deluge\OpenSSL.rand.pyd

2011-09-02 06:55 - 2011-09-02 06:55 - 00056320 _____ () C:\Program Files (x86)\Deluge\OpenSSL.crypto.pyd

2011-09-02 06:55 - 2011-09-02 06:55 - 00043520 _____ () C:\Program Files (x86)\Deluge\OpenSSL.SSL.pyd

2010-08-24 13:48 - 2010-08-24 13:48 - 00073728 _____ () C:\Program Files (x86)\Deluge\_ctypes.pyd

2011-02-26 12:32 - 2011-02-26 12:32 - 00035840 _____ () C:\Program Files (x86)\Deluge\win32process.pyd

2010-08-24 13:48 - 2010-08-24 13:48 - 00011776 _____ () C:\Program Files (x86)\Deluge\select.pyd

2011-02-26 12:31 - 2011-02-26 12:31 - 00112128 _____ () C:\Program Files (x86)\Deluge\win32file.pyd

2011-02-26 12:31 - 2011-02-26 12:31 - 00017408 _____ () C:\Program Files (x86)\Deluge\win32event.pyd

2011-02-26 12:33 - 2011-02-26 12:33 - 00167424 _____ () C:\Program Files (x86)\Deluge\win32gui.pyd

2011-04-09 04:00 - 2011-04-09 04:00 - 01882624 _____ () C:\Program Files (x86)\Deluge\gtk._gtk.pyd

2012-02-08 18:43 - 2012-02-08 18:43 - 01294335 _____ () C:\Program Files (x86)\Deluge\libcairo-2.dll

2012-02-08 18:43 - 2012-02-08 18:43 - 00279059 _____ () C:\Program Files (x86)\Deluge\libfontconfig-1.dll

2012-02-08 18:43 - 2012-02-08 18:43 - 00143096 _____ () C:\Program Files (x86)\Deluge\libexpat-1.dll

2012-02-08 18:43 - 2012-02-08 18:43 - 00538324 _____ () C:\Program Files (x86)\Deluge\freetype6.dll

2012-02-08 18:43 - 2012-02-08 18:43 - 00230529 _____ () C:\Program Files (x86)\Deluge\libpng14-14.dll

2012-02-08 18:43 - 2012-02-08 18:43 - 00100352 _____ () C:\Program Files (x86)\Deluge\zlib1.dll

2010-11-02 15:34 - 2010-11-02 15:34 - 00069632 _____ () C:\Program Files (x86)\Deluge\cairo._cairo.pyd

2011-04-09 03:58 - 2011-04-09 03:58 - 00263168 _____ () C:\Program Files (x86)\Deluge\gio._gio.pyd

2011-04-09 04:01 - 2011-04-09 04:01 - 00111616 _____ () C:\Program Files (x86)\Deluge\pango.pyd

2011-04-09 04:01 - 2011-04-09 04:01 - 00208384 _____ () C:\Program Files (x86)\Deluge\atk.pyd

2011-04-09 04:01 - 2011-04-09 04:01 - 00017920 _____ () C:\Program Files (x86)\Deluge\pangocairo.pyd

2011-04-09 04:01 - 2011-04-09 04:01 - 00018944 _____ () C:\Program Files (x86)\Deluge\gtk.glade.pyd

2012-02-08 18:43 - 2012-02-08 18:43 - 00168833 _____ () C:\Program Files (x86)\Deluge\libglade-2.0-0.dll

2012-02-08 18:43 - 2012-02-08 18:43 - 01225225 _____ () C:\Program Files (x86)\Deluge\libxml2-2.dll

2010-08-24 13:48 - 2010-08-24 13:48 - 00286208 _____ () C:\Program Files (x86)\Deluge\_hashlib.pyd

2011-02-26 12:32 - 2011-02-26 12:32 - 00023552 _____ () C:\Program Files (x86)\Deluge\win32pipe.pyd

2014-11-30 17:31 - 2014-11-30 17:31 - 00156686 _____ () C:\Program Files (x86)\Deluge\lib\gtk-2.0\2.10.0\engines\libmurrine.dll

2012-02-08 18:43 - 2012-02-08 18:43 - 00062248 _____ () C:\Program Files (x86)\Deluge\lib\gtk-2.0\2.10.0\engines\libpixmap.dll

2014-11-30 12:33 - 2014-11-30 12:33 - 02486784 _____ () C:\Program Files (x86)\Deluge\libtorrent.pyd

2015-01-23 00:56 - 2015-01-20 22:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll

2015-01-14 20:13 - 2015-01-14 20:13 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

2015-01-14 20:13 - 2015-01-14 20:13 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

2015-01-14 20:13 - 2015-01-14 20:13 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

2013-07-10 21:07 - 2013-07-10 21:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: iFunBox Price Watch => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: SkyDrive => "C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

MSCONFIG\startupreg: Viber => "C:\Users\User\AppData\Local\Viber\Viber.exe" StartMinimized

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-458947259-368414734-4088398591-500 - Administrator - Disabled)

User (S-1-5-21-458947259-368414734-4088398591-1001 - Administrator - Enabled) => C:\Users\User

Guest (S-1-5-21-458947259-368414734-4088398591-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-458947259-368414734-4088398591-1002 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/25/2015 10:51:45 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: User-PC)

Description: Application or service 'ASUS Quick Gesture Exe' could not be shut down.

 

Error: (01/25/2015 10:51:45 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: User-PC)

Description: Application or service 'ASUS Quick Gesture Exe' could not be shut down.

 

Error: (01/25/2015 10:51:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddCoreCsiFiles : BeginFileEnumeration() failed.

 

System Error:

The parameter is incorrect.

.

 

Error: (01/25/2015 10:50:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddCoreCsiFiles : BeginFileEnumeration() failed.

 

System Error:

The parameter is incorrect.

.

 

Error: (01/25/2015 03:00:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddCoreCsiFiles : BeginFileEnumeration() failed.

 

System Error:

The parameter is incorrect.

.

 

Error: (01/25/2015 03:00:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddCoreCsiFiles : BeginFileEnumeration() failed.

 

System Error:

The parameter is incorrect.

.

 

Error: (01/25/2015 02:14:38 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error: (01/25/2015 01:51:16 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 01:48:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2015 01:47:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddCoreCsiFiles : BeginFileEnumeration() failed.

 

System Error:

The parameter is incorrect.

.

 

 

System errors:

=============

Error: (01/25/2015 01:51:00 AM) (Source: FancyCcV) (EventID: 2) (User: )

Description: The evaluation period for this installation of PrimoCache has expired.

 

Error: (01/25/2015 01:48:14 AM) (Source: FancyCcV) (EventID: 2) (User: )

Description: The evaluation period for this installation of PrimoCache has expired.

 

Error: (01/25/2015 01:47:48 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (01/25/2015 00:41:09 AM) (Source: FancyCcV) (EventID: 2) (User: )

Description: The evaluation period for this installation of PrimoCache has expired.

 

Error: (01/25/2015 00:40:47 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (01/25/2015 00:05:26 AM) (Source: FancyCcV) (EventID: 2) (User: )

Description: The evaluation period for this installation of PrimoCache has expired.

 

Error: (01/25/2015 00:02:08 AM) (Source: FancyCcV) (EventID: 2) (User: )

Description: The evaluation period for this installation of PrimoCache has expired.

 

Error: (01/24/2015 11:52:08 PM) (Source: FancyCcV) (EventID: 2) (User: )

Description: The evaluation period for this installation of PrimoCache has expired.

 

Error: (01/24/2015 11:46:10 PM) (Source: FancyCcV) (EventID: 2) (User: )

Description: The evaluation period for this installation of PrimoCache has expired.

 

Error: (01/24/2015 11:45:48 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2015-01-24 09:39:21.578

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-24 09:39:21.508

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info ===========================

 

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz

Percentage of memory in use: 71%

Total physical RAM: 3037.09 MB

Available physical RAM: 864.26 MB

Total Pagefile: 6072.35 MB

Available Pagefile: 3035.4 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.14 GB) (Free:11.18 GB) NTFS

Drive j: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:478.92 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E6579950)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: 4FE24E12)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================


Edited by hamluis, 25 January 2015 - 03:32 PM.
Moved from AII to Malware Removal Logs - Hamluis.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:26 AM

Posted 25 January 2015 - 08:57 PM

Greetings shadowfox87 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to evaluate what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:26 AM

Posted 25 January 2015 - 09:30 PM

Thank you for your patience. The first thing we need to do is cut/paste FRST.exe onto your desktop.
 

Running from C:\Users\User\Downloads


Following that please consider and do this for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-458947259-368414734-4088398591-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-458947259-368414734-4088398591-1001] => http=127.0.0.1:8555;https=127.0.0.1:8555
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL  =
Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 -  No File
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkqiwls.dll
C:\Users\User\AppData\Local\Temp\pslist.exe
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Junkware log
  • System Summary information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 shadowfox87

shadowfox87
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 25 January 2015 - 10:50 PM

Hi Gary,

 

I'm Avi. Nice to meet you. Thanks for your swift reply. Here are my logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by User at 2015-01-25 22:32:19 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-458947259-368414734-4088398591-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-458947259-368414734-4088398591-1001] => http=127.0.0.1:8555;https=127.0.0.1:8555
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL  =
Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 -  No File
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkqiwls.dll
C:\Users\User\AppData\Local\Temp\pslist.exe
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-458947259-368414734-4088398591-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-458947259-368414734-4088398591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCR\PROTOCOLS\Handler\WSAMAllMyTubechrome" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\WSISAllmytubechrome" => Key deleted successfully.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
"C:\Users\User\AppData\Local\Temp\dllnt_dump.dll" => File/Directory not found.
"C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkqiwls.dll" => File/Directory not found.
"C:\Users\User\AppData\Local\Temp\pslist.exe" => File/Directory not found.
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully.
 
==== End of Fixlog 22:32:19 ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Sun 01/25/2015 at 22:35:10.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\Tasks\DriverEasy Scheduled Scan.job
Successfully deleted: [File] C:\Windows\prefetch\DRIVEREASY.EXE-64FD0FF7.pf
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/25/2015 at 22:40:11.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:26 AM

Posted 25 January 2015 - 11:19 PM

Nice to meet you Avi. Is the audio still there? If so, is it only with Chrome and not other browsers?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 shadowfox87

shadowfox87
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 25 January 2015 - 11:22 PM

There are no audio ads so far. However, I thought the same thing once and they appeared suddenly again. I give it 24 hours before I can safely say they are gone. I only use chrome, so I wouldn't know about the other browsers. I think what you did with the fixlist.txt probably fixed it. I can't believe the softwares aren't programmed to delete those searchscopes.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:26 AM

Posted 25 January 2015 - 11:28 PM

Greetings Avi,

OK, let's touch base tomorrow and in the meantime please run this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 shadowfox87

shadowfox87
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 January 2015 - 03:21 AM

So after many hours with leaving chrome open, I heard audio ads again. I am sure that it was an audio ad and nothing else. I left it open on this page only. The ESET scan found two threats. This was from a program called Viber, which is like WhatsApp for desktop. It's benign, but I let ESET delete these files anyways. I ran the second program in safe mode. The audio ads happened before I rebboted after the ESET scan. I will note any further instances of audio ads.

 

C:\Users\User\AppData\Local\Viber\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Users\User\AppData\Local\Viber\Uninstall.exe a variant of Win32/Toolbar.SearchSuite.W.gen potentially unwanted application deleted - quarantined
 
 
 

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (en-US)  
 TuneUp Utilities 2014   
 Java 8 Update 25  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31
 Adobe Reader XI  
 Mozilla Firefox 33.0 Firefox out of Date!
 Mozilla Thunderbird (31.4.0) 
 Google Chrome (40.0.2214.91) 
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Edited by shadowfox87, 26 January 2015 - 10:39 AM.


#10 shadowfox87

shadowfox87
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 January 2015 - 03:23 AM

Also, the computer runs just fine. No decrease in speed or performance from the day I bought it with clean install. Only the audio ads are present.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:26 AM

Posted 26 January 2015 - 10:23 AM

Just confirming you only hear the audio ads when Chrome is running, correct?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 shadowfox87

shadowfox87
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 January 2015 - 10:43 AM

To test this, I have firefox running on this page. I'll let you know if I hear any audio ads. Just to be clear, this is the only tab that is open in my browser.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:26 AM

Posted 26 January 2015 - 10:45 AM

OK, since we are not sure about Firefox and I have you online I would like you to do this instead.

If I go offline I will be back within 20 minutes.....

===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Test Chrome
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you get audio ads?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 shadowfox87

shadowfox87
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 January 2015 - 01:57 PM

The audio ads originate from shockwave plug-in. Hence, if I use chrome in incognito mode, I will not have any audio ads. I had disabled shockwave before, but that is not a realistic solution because many websites use shockwave. I have not heard any audio ads from either firefox or chrome (incognito). Firefox doesn't have shockwave plugin though, so it makes sense.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:26 AM

Posted 26 January 2015 - 02:09 PM

You can uninstall then reinstall Shockwave.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users