Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me clean this computer


  • This topic is locked This topic is locked
4 replies to this topic

#1 jmdfo

jmdfo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 02 February 2015 - 06:17 PM

There is a bunch of irritating adware stuff on this computer.  Please help me remove it.  Here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by jmdfo (administrator) on JOE on 02-02-2015 18:11:39
Running from C:\Users\jmdfo\Downloads
Loaded Profiles: jmdfo (Available profiles: jmdfo & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Wajam_Internet Technologies Inc.) C:\Program Files\WajaWebEnhancer\wajam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.4.1408.2503_x86__8wekyb3d8bbwe\Mahjong.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Crawler.com) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3733824 2015-01-05] (Crawler.com)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5411136 2015-01-05] (Crawler.com)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [775328 2014-10-10] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-30] (APN)
HKLM-x32\...\Run: [PCFixSpeed] => C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe [1299776 2014-11-26] (Crawler.com)
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1905000 2014-04-25] (Crawler, LLC)
HKLM-x32\...\Run: [OpenSoftwareUpdater] => C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe [3733504 2014-04-08] (Installer Technology Co.)
HKLM-x32\...\RunOnce: [WSE_Taplika] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\jmdfo\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2889201121-1352799253-3259330968-1001\...\RunOnce: [WSE_Taplika] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\jmdfo\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
AppInit_DLLs-x32: C:/PROGRA~3/{9B7D7~1/171~1.0/dero.dll => C:/PROGRA~3/{9B7D7~1/171~1.0/dero.dll [649216 2015-02-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2889201121-1352799253-3259330968-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
ProxyEnable: [S-1-5-21-2889201121-1352799253-3259330968-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2889201121-1352799253-3259330968-1001] => http=127.0.0.1:47574
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2889201121-1352799253-3259330968-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2889201121-1352799253-3259330968-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll (APN LLC.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
BHO-x32: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-2889201121-1352799253-3259330968-1001 -> Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKU\S-1-5-21-2889201121-1352799253-3259330968-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_installertech2_15_05&cd=2XzuyEtN2Y1L1Qzuzy0C0ByCyDyEyEtB0CzytDzztBzyyC0EtN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtBtN1L1G1B1V1N2Y1L1Qzu2SyEtB0F0AtBtA0DtAtGtCzztDtDtGzztC0CtBtGzy0EyByBtGyBtDzytD0C0EtCzyyEtA0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyE0AtA0ByD0AyBtG0BzztDtCtGyEyByCyCtGzy0E0FyCtGyEzytAtD0Dzzzy0FyCyDzzyC2Q&cr=1047270161&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_installertech2_15_05&cd=2XzuyEtN2Y1L1Qzuzy0C0ByCyDyEyEtB0CzytDzztBzyyC0EtN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtBtN1L1G1B1V1N2Y1L1Qzu2SyEtB0F0AtBtA0DtAtGtCzztDtDtGzztC0CtBtGzy0EyByBtGyBtDzytD0C0EtCzyyEtA0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyE0AtA0ByD0AyBtG0BzztDtCtGyEyByCyCtGzy0E0FyCtGyEzytAtD0Dzzzy0FyCyDzzyC2Q&cr=1047270161&ir="
CHR DefaultSearchKeyword: Default -> taplika.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-10]
CHR Extension: (Google Docs) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-10]
CHR Extension: (Google Drive) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
CHR Extension: (YouTube) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-10]
CHR Extension: (Google Search) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-10]
CHR Extension: (Utility Chest) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoloclilfjlngodcpaghkhfjengogmof [2014-11-09]
CHR Extension: (Google Sheets) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-10]
CHR Extension: (Elite Unzip) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2014-11-09]
CHR Extension: (MapsGalaxy) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhndhalcfnmpglbelaejgmjlialaopij [2014-11-09]
CHR Extension: (Taplika New Tab) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR Extension: (Gmail) - C:\Users\jmdfo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-10]
CHR HKLM\...\Chrome\Extension: [ehjldlodmkdlooagebfnaghgmkfccipn] - No Path
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-2889201121-1352799253-3259330968-1001\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
Locked "FindingDiscount" service was unlocked successfully. <===== ATTENTION
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.)
R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [330752 2015-01-20] () [File not signed]
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-08] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-12] (Intel Corporation)
S2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-04-25] (Crawler, LLC)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [102400 2015-01-20] () [File not signed]
S2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3003712 2015-01-05] (Crawler Group)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-12-09] (Microsoft Corporation)
S2 Wajam Web Enhancer; C:\Program Files\WajaWebEnhancer\wajam_64.exe [2486272 2015-01-21] (Wajam_Internet Technologies Inc.) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [775328 2014-10-10] (Webroot)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-12] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-12] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-02-14] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-12] (Synaptics Incorporated)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows ® Win 7 DDK provider)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-10-08] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-10-10] (Webroot)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 18:11 - 2015-02-02 18:12 - 00024937 _____ () C:\Users\jmdfo\Downloads\FRST.txt
2015-02-02 18:10 - 2015-02-02 18:11 - 00000000 ____D () C:\FRST
2015-02-02 18:10 - 2015-02-02 18:10 - 02131456 _____ (Farbar) C:\Users\jmdfo\Downloads\FRST64.exe
2015-02-02 18:04 - 2015-02-02 18:04 - 01122304 _____ (Farbar) C:\Users\jmdfo\Downloads\FRST.exe
2015-02-02 17:58 - 2015-02-02 17:58 - 05611380 _____ (Swearware) C:\Users\jmdfo\Downloads\ComboFix.exe
2015-02-01 17:44 - 2015-02-01 17:44 - 00022528 _____ () C:\Users\jmdfo\AppData\Local\dsisetup9545164212.exe
2015-02-01 17:44 - 2015-02-01 17:44 - 00000001 _____ () C:\Users\jmdfo\AppData\Local\DSI.DAT
2015-02-01 16:45 - 2015-02-01 18:24 - 00000000 ____D () C:\ProgramData\Spyware Clear
2015-02-01 16:45 - 2015-02-01 16:45 - 00001122 _____ () C:\Users\Public\Desktop\OpenSoftwareUpdater.lnk
2015-02-01 16:45 - 2015-02-01 16:45 - 00000971 _____ () C:\Users\Public\Desktop\Spyware Clear.lnk
2015-02-01 16:45 - 2015-02-01 16:45 - 00000000 ____D () C:\Users\jmdfo\AppData\Roaming\Spyware Clear
2015-02-01 16:45 - 2015-02-01 16:45 - 00000000 ____D () C:\Users\jmdfo\AppData\Roaming\PC Tech Hotline
2015-02-01 16:45 - 2015-02-01 16:45 - 00000000 ____D () C:\Users\jmdfo\AppData\Roaming\OpenSoftwareUpdater
2015-02-01 16:45 - 2015-02-01 16:45 - 00000000 ____D () C:\ProgramData\Windows Discount
2015-02-01 16:45 - 2015-02-01 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear
2015-02-01 16:45 - 2015-02-01 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater
2015-02-01 16:45 - 2015-02-01 16:45 - 00000000 ____D () C:\Program Files (x86)\Windows Discount
2015-02-01 16:45 - 2015-02-01 16:45 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-02-01 16:44 - 2015-02-02 17:44 - 00000300 _____ () C:\WINDOWS\Tasks\WSE_Taplika.job
2015-02-01 16:44 - 2015-02-02 14:58 - 00000000 ____D () C:\Program Files (x86)\OpenSoftwareUpdater
2015-02-01 16:44 - 2015-02-01 16:50 - 00000000 ____D () C:\ProgramData\PCFixSpeed
2015-02-01 16:44 - 2015-02-01 16:45 - 00000000 ____D () C:\Users\jmdfo\AppData\Roaming\PCFixSpeed
2015-02-01 16:44 - 2015-02-01 16:44 - 00002638 _____ () C:\WINDOWS\System32\Tasks\WSE_Taplika
2015-02-01 16:44 - 2015-02-01 16:44 - 00001050 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2015-02-01 16:44 - 2015-02-01 16:44 - 00000946 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2015-02-01 16:44 - 2015-02-01 16:44 - 00000000 ____D () C:\Users\jmdfo\AppData\Roaming\WSE_Taplika
2015-02-01 16:44 - 2015-02-01 16:44 - 00000000 ____D () C:\Users\jmdfo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer
2015-02-01 16:44 - 2015-02-01 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2015-02-01 16:44 - 2015-02-01 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
2015-02-01 16:44 - 2015-02-01 16:44 - 00000000 ____D () C:\ProgramData\{9B7D73BE-CBFF-A238-7A79-D2BAAAFB0134}
2015-02-01 16:44 - 2015-02-01 16:44 - 00000000 ____D () C:\Program Files\WajaWebEnhancer
2015-02-01 16:44 - 2015-02-01 16:44 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika
2015-02-01 16:44 - 2015-02-01 16:44 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2015-02-01 16:44 - 2015-02-01 16:44 - 00000000 ____D () C:\Program Files (x86)\PCFixSpeed
2015-02-01 16:43 - 2015-02-01 16:43 - 00331488 _____ (InstallerTech Corp) C:\Users\jmdfo\Downloads\SoftwareUpdater.exe
2015-01-14 16:26 - 2015-01-14 16:26 - 01324868 _____ () C:\Users\jmdfo\Desktop\Scan.tif
2015-01-13 17:00 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 17:00 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 17:00 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 17:00 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 17:00 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 17:00 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 17:00 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 17:00 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 17:00 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 17:00 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 17:00 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 17:00 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 17:00 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 17:00 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 17:00 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 17:00 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 17:00 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 17:00 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 17:00 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 17:00 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 17:00 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 17:00 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 17:00 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 17:00 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 17:00 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 17:00 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 17:00 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 17:00 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 17:00 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 17:00 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 17:00 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-10 18:09 - 2015-02-02 15:01 - 00003076 _____ () C:\WINDOWS\System32\Tasks\Advanced-System Protector_startup
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 18:12 - 2014-10-07 13:59 - 00000368 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-2889201121-1352799253-3259330968-1001.job
2015-02-02 18:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-02 17:27 - 2013-10-30 15:58 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 17:27 - 2013-10-30 15:57 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 16:45 - 2013-12-09 20:59 - 01158055 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-02 16:41 - 2013-10-30 16:05 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2889201121-1352799253-3259330968-1001
2015-02-02 16:28 - 2014-09-30 15:28 - 00000366 _____ () C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - jmdfo).job
2015-02-02 15:44 - 2014-09-12 18:51 - 00000136 _____ () C:\Users\jmdfo\AppData\Roaming\WB.CFG
2015-02-02 15:10 - 2014-10-10 22:34 - 00002306 _____ () C:\Users\jmdfo\Desktop\Google Chrome.lnk
2015-02-02 15:09 - 2014-10-10 22:25 - 00002302 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2015-02-02 15:09 - 2013-10-30 21:53 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F6D094F1-E203-4E69-8F7D-4B7A0FC11E11}
2015-02-02 15:04 - 2014-10-10 22:57 - 00000000 ____D () C:\ProgramData\WRData
2015-02-02 15:04 - 2014-10-07 14:04 - 00001340 _____ () C:\WINDOWS\Tasks\BYP.job
2015-02-02 15:02 - 2014-10-07 14:02 - 00001694 _____ () C:\WINDOWS\Tasks\QJFQDHVH.job
2015-02-02 15:01 - 2014-11-09 18:18 - 00000276 _____ () C:\WINDOWS\Tasks\Tuneup Pro_DEFAULT.job
2015-02-02 15:00 - 2014-10-07 14:00 - 00001344 _____ () C:\WINDOWS\Tasks\NPVZD.job
2015-02-02 14:59 - 2014-10-07 13:58 - 00001346 _____ () C:\WINDOWS\Tasks\DDBQCS.job
2015-02-02 14:59 - 2014-09-11 11:27 - 00001346 _____ () C:\WINDOWS\Tasks\DZOQTF.job
2015-02-02 14:59 - 2014-09-11 11:26 - 00000282 _____ () C:\WINDOWS\Tasks\PerfMonitor_strtp.job
2015-02-02 14:59 - 2014-09-11 11:25 - 00001346 _____ () C:\WINDOWS\Tasks\HDBRAR.job
2015-02-02 14:59 - 2013-08-22 09:46 - 00306318 _____ () C:\WINDOWS\setupact.log
2015-02-02 14:59 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-02 14:59 - 2013-08-22 09:44 - 00487680 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-01 18:25 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-01 15:01 - 2014-11-09 18:18 - 00003100 _____ () C:\WINDOWS\System32\Tasks\Tuneup Pro
2015-02-01 15:01 - 2014-11-09 18:18 - 00000000 ____D () C:\Users\jmdfo\AppData\Roaming\Tuneup Pro
2015-01-29 10:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-28 18:18 - 2014-11-09 18:18 - 00000284 _____ () C:\WINDOWS\Tasks\Tuneup Pro_UPDATES.job
2015-01-28 05:00 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-24 15:20 - 2014-11-13 18:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2014-11-13 18:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 22:46 - 2013-12-06 16:11 - 00000000 ____D () C:\Users\jmdfo\AppData\Roaming\HpUpdate
2015-01-16 19:58 - 2014-11-09 18:18 - 00000000 ____D () C:\Program Files (x86)\ASP
2015-01-16 19:58 - 2014-04-27 10:27 - 00000000 ____D () C:\Program Files (x86)\Knight System Protector
2015-01-16 16:37 - 2013-11-03 13:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-16 16:34 - 2013-11-03 13:58 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\jmdfo\AppData\Roaming\BYP
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\jmdfo\AppData\Roaming\DDBQCS
2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\jmdfo\AppData\Roaming\DZOQTF
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\jmdfo\AppData\Roaming\HDBRAR
2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\jmdfo\AppData\Roaming\NPVZD
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\jmdfo\AppData\Roaming\QJFQDHVH
2014-09-12 18:51 - 2015-02-02 15:44 - 0000136 _____ () C:\Users\jmdfo\AppData\Roaming\WB.CFG
2015-02-01 17:44 - 2015-02-01 17:44 - 0000001 _____ () C:\Users\jmdfo\AppData\Local\DSI.DAT
2015-02-01 17:44 - 2015-02-01 17:44 - 0022528 _____ () C:\Users\jmdfo\AppData\Local\dsisetup9545164212.exe
 
Some content of TEMP:
====================
C:\Users\jmdfo\AppData\Local\Temp\APNSetup.exe
C:\Users\jmdfo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\jmdfo\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate183605359.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate183633203.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate259713281.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate2994593.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate330937.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate333296.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate334500.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate336390.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate336796.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate338218.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate339500.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate340593.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate340781.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate341437.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate341500.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate342453.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate351937.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate364484.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate4288156.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate4291796.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate434875.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate447546.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate467562.exe
C:\Users\jmdfo\AppData\Local\Temp\WRupdate7848093.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-28 04:58
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:06 AM

Posted 03 February 2015 - 11:25 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:06 AM

Posted 07 February 2015 - 08:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,257 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:06 AM

Posted 07 February 2015 - 08:11 PM

This topic has been re-opened at the request of the person who originally posted.

#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:06 AM

Posted 11 February 2015 - 07:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users