Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with popups in Firefox.


  • This topic is locked This topic is locked
37 replies to this topic

#1 Steelpen2

Steelpen2

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 05 February 2015 - 01:47 PM

I recently have been effected with pop-ups on Firefox. I have found out some of them are from various AdWare software, like PastaLeads. I tried uninstalling them from the Add/Remove Programs in Windows 7 but they still appear. Here are my FRST logs: (Addition.txt has been attached)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Greg (administrator) on STEELPEN2 on 03-02-2015 22:20:00
Running from C:\Users\Greg\Downloads
Loaded Profiles: Greg (Available profiles: Greg & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) F:\NTI Backup\NTI Backup Now EZ\BackupNowEZSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Spotify Ltd) C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NTI Corporation) F:\NTI Backup\NTI Backup Now EZ\BackupNowEZtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Inc.) F:\Adobe Acrobat XI\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Hobbyist Software) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-10-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [BackupNowEZtray] => F:\NTI Backup\NTI Backup Now EZ\BackupNowEZtray.exe [1294840 2013-11-07] (NTI Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => F:\Adobe Acrobat XI\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21437568 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [Spotify Web Helper] => C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper Live\PCKeeper.exe" /autorun
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-3264041994-1170860089-3550666026-1000] => Internet Explorer proxy is enabled.
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3264041994-1170860089-3550666026-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> F:\Adobe Acrobat XI\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3264041994-1170860089-3550666026-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\forum-search.xml
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\trovi.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\iobitascsurfingprotection@iobit.com [2014-12-21]
FF Extension: Booster Web - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{29b71e0f-d6bd-55b8-e910-6349df1c0dbf} [2015-02-02]
FF Extension: Memory Fox - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2014-11-06]
FF Extension: FatWallet Express - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\addon@fatwallet.com.xpi [2014-12-11]
FF Extension: Add to Amazon Wish List Button - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\amznUWL2@amazon.com.xpi [2014-07-16]
FF Extension: Session Manager - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-07-16]
FF Extension: Download Statusbar - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2014-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - F:\Adobe Acrobat XI\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - F:\Adobe Acrobat XI\Acrobat\Browser\WCFirefoxExtn [2014-09-14]
FF HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-16]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-16]
CHR Extension: (Google Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-09-15]
CHR Extension: (Print Selection) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2014-05-16]
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-16]
CHR Extension: (Enhanced Steam) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-05-16]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - F:\Adobe Acrobat XI\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NTI BackupNowEZSvr; F:\NTI Backup\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
S3 Origin Client Service; E:\Games\Origin\OriginClientService.exe [1900400 2014-11-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 cpuz137; \??\C:\Users\Greg\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 22:20 - 2015-02-03 22:20 - 00022851 _____ () C:\Users\Greg\Downloads\FRST.txt
2015-02-03 22:16 - 2015-02-03 22:20 - 00000000 ____D () C:\FRST
2015-02-03 22:15 - 2015-02-03 22:15 - 02131456 _____ (Farbar) C:\Users\Greg\Downloads\FRST64.exe
2015-02-01 16:04 - 2015-02-01 16:04 - 00001245 _____ () C:\Users\Greg\Desktop\JRT.txt
2015-02-01 15:59 - 2015-02-01 15:59 - 01707939 _____ (Thisisu) C:\Users\Greg\Downloads\JRT.exe
2015-02-01 15:59 - 2015-02-01 15:59 - 00000000 ____D () C:\Windows\ERUNT
2015-02-01 11:50 - 2015-02-01 11:50 - 02194432 _____ () C:\Users\Greg\Downloads\adwcleaner_4.109 (1).exe
2015-01-31 19:57 - 2015-02-02 21:02 - 00000000 ____D () C:\AdwCleaner
2015-01-31 19:56 - 2015-01-31 19:56 - 02194432 _____ () C:\Users\Greg\Downloads\adwcleaner_4.109.exe
2015-01-31 19:37 - 2015-01-31 19:38 - 00000000 ____D () C:\Program Files (x86)\Booster-Web
2015-01-31 16:05 - 2015-01-31 16:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 16:05 - 2015-01-31 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-01-31 16:05 - 2015-01-31 16:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-31 16:05 - 2015-01-31 16:05 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Malwarebytes
2015-01-31 16:05 - 2015-01-31 16:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 16:05 - 2012-12-14 16:49 - 00024176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 16:04 - 2015-01-31 16:04 - 00000032 _____ () C:\Windows\CD_Start.INI
2015-01-30 20:56 - 2015-01-30 20:56 - 00001823 _____ () C:\ProgramData\tempimage.bmp
2015-01-30 20:33 - 2015-01-30 20:33 - 00003512 _____ () C:\Windows\System32\Tasks\PastaLeads
2015-01-30 20:32 - 2015-01-30 20:32 - 00003264 _____ () C:\Windows\System32\Tasks\sondhschedule
2015-01-30 20:32 - 2015-01-30 20:32 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Booster-Web
2015-01-30 20:32 - 2015-01-30 20:32 - 00000000 ____D () C:\Users\Greg\AppData\Local\Desktop_Dock
2015-01-30 20:23 - 2015-01-31 19:34 - 00000000 ____D () C:\ProgramData\lMXNddOnVBf
2015-01-30 20:22 - 2015-01-30 20:22 - 00000000 ____D () C:\Program Files (x86)\download Manager
2015-01-29 12:27 - 2015-01-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-29 12:27 - 2015-01-29 12:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-29 12:26 - 2015-01-29 12:26 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-29 12:26 - 2015-01-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-29 12:25 - 2015-01-29 12:25 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-29 12:24 - 2015-01-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-29 12:24 - 2015-01-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-29 12:24 - 2015-01-29 12:24 - 00000000 __RHD () C:\MSOCache
2015-01-29 12:24 - 2015-01-29 12:24 - 00000000 ____D () C:\Users\Greg\AppData\Local\Microsoft Help
2015-01-26 15:56 - 2015-01-26 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-15 16:24 - 2015-01-16 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-12 22:14 - 2015-01-12 22:14 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-05 14:48 - 2015-01-05 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Streamer
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 22:18 - 2014-05-15 14:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 22:05 - 2014-05-15 14:54 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Skype
2015-02-03 21:55 - 2014-05-15 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 21:24 - 2014-05-14 21:07 - 01404689 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 21:05 - 2014-06-12 16:33 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Raptr
2015-02-03 20:18 - 2014-05-15 14:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 21:11 - 2009-07-13 23:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 21:11 - 2009-07-13 23:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 21:10 - 2009-07-14 00:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 21:06 - 2014-05-15 14:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-02 21:05 - 2014-12-21 22:52 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-02 21:05 - 2014-06-29 22:54 - 00000000 ____D () C:\Users\Greg\AppData\Local\Adobe
2015-02-02 21:04 - 2014-05-15 01:01 - 00353712 _____ () C:\Windows\PFRO.log
2015-02-02 21:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 21:04 - 2009-07-13 23:51 - 00027542 _____ () C:\Windows\setupact.log
2015-02-02 17:16 - 2014-09-03 11:08 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 16:17 - 2014-05-15 19:35 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\vlc
2015-01-30 20:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-30 20:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 20:46 - 2014-05-14 21:08 - 00000000 ____D () C:\Users\Greg
2015-01-30 20:45 - 2014-12-28 20:17 - 00000000 ____D () C:\Users\Guest
2015-01-30 20:45 - 2014-07-11 18:09 - 00000000 ____D () C:\ProgramData\BackupNowEZ
2015-01-30 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-30 20:36 - 2014-06-12 16:33 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 20:35 - 2014-05-15 14:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 20:35 - 2009-07-13 23:45 - 05053080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-29 12:48 - 2014-11-02 14:54 - 00000034 _____ () C:\Users\Greg\AppData\Roaming\AdobeWLCMCache.dat
2015-01-29 12:39 - 2014-05-14 21:41 - 00076952 _____ () C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-29 12:25 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\ShellNew
2015-01-29 12:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-26 23:20 - 2014-05-15 14:48 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 12:55 - 2014-05-15 16:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 12:55 - 2014-05-15 16:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 12:55 - 2014-05-15 16:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-04 21:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
 
==================== Files in the root of some directories =======
 
2014-11-02 20:06 - 2014-11-02 20:06 - 0000132 _____ () C:\Users\Greg\AppData\Roaming\Adobe PNG Format CC Prefs
2014-11-02 14:54 - 2015-01-29 12:48 - 0000034 _____ () C:\Users\Greg\AppData\Roaming\AdobeWLCMCache.dat
2014-06-30 17:10 - 2014-12-04 22:07 - 0001456 _____ () C:\Users\Greg\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-30 20:56 - 2015-01-30 20:56 - 0001823 _____ () C:\ProgramData\tempimage.bmp
 
Some content of TEMP:
====================
C:\Users\Greg\AppData\Local\Temp\130647027028017132.exe
C:\Users\Greg\AppData\Local\Temp\13064702724396948418.exe
C:\Users\Greg\AppData\Local\Temp\6A3890F4-0A72-FFF1-BB87-C69351A781FA.dll
C:\Users\Greg\AppData\Local\Temp\6A3890F4-0A72-FFF1-BB87-C69351A781FA.exe
C:\Users\Greg\AppData\Local\Temp\AAMHelper.exe
C:\Users\Greg\AppData\Local\Temp\addon.exe
C:\Users\Greg\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Greg\AppData\Local\Temp\bassmod.dll
C:\Users\Greg\AppData\Local\Temp\btis nikki sexx 480p 2200.wmv__10924_i1461673062_il2180135.exe
C:\Users\Greg\AppData\Local\Temp\E81ED1EC-3B59-E7F9-E6FF-64C056C7DE29.exe
C:\Users\Greg\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Greg\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Greg\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Greg\AppData\Local\Temp\ose00000.exe
C:\Users\Greg\AppData\Local\Temp\Quarantine.exe
C:\Users\Greg\AppData\Local\Temp\sqlite3.dll
C:\Users\Greg\AppData\Local\Temp\turbodiagnosis_amo.exe
C:\Users\Greg\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Greg\AppData\Local\Temp\VLCStreamerSetup.exe
C:\Users\Greg\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 00:31
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:32 PM

Posted 05 February 2015 - 03:18 PM

Hello Steelpen2,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

3.


  • Right click  on FRST to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • . Please paste the FRST.txt into your reply along with how the machine is runnning.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Steelpen2

Steelpen2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 05 February 2015 - 05:38 PM

After all 3 scans, I open up Firefox, and I still have what appears to be AdWare. I have "ads" opening up in my browser window, including ads from "RightCoupon", "Offers4U" and "Similar Products". 

 

Here are the 3 scan logs:

 

# AdwCleaner v4.109 - Report created 05/02/2015 at 15:30:23
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Greg - STEELPEN2
# Running from : C:\Users\Greg\Desktop\adwcleaner_4.109.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16545
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.93
 
[C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3326303&octid=EB_ORIGINAL_CTID&ISID=MACD0F0C0-64EA-4BDD-82F7-6078361C7426&SearchSource=58&CUI=&UM=8&UP=SP17E3EDFB-3B96-4D64-AF22-E724DE87F223&q={searchTerms}&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [5831 octets] - [31/01/2015 19:57:07]
AdwCleaner[R1].txt - [1510 octets] - [02/02/2015 20:59:42]
AdwCleaner[R2].txt - [1628 octets] - [05/02/2015 15:26:53]
AdwCleaner[S0].txt - [5468 octets] - [31/01/2015 19:59:00]
AdwCleaner[S1].txt - [1577 octets] - [02/02/2015 21:02:29]
AdwCleaner[S2].txt - [1555 octets] - [05/02/2015 15:30:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1615 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Greg on Thu 02/05/2015 at 17:17:18.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Greg\AppData\Roaming\mozilla\firefox\profiles\wy1ijoe3.default\extensions\staged
Successfully deleted the following from C:\Users\Greg\AppData\Roaming\mozilla\firefox\profiles\wy1ijoe3.default\prefs.js
 
user_pref("extensions.xpiState", "{\"app-profile\":{\"addon@fatwallet.com\":{\"d\":\"C:\\\\Users\\\\Greg\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\wy1ijoe3.de
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/05/2015 at 17:22:06.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Greg (administrator) on STEELPEN2 on 05-02-2015 17:29:26
Running from C:\Users\Greg\Downloads
Loaded Profiles: Greg (Available profiles: Greg & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) F:\NTI Backup\NTI Backup Now EZ\BackupNowEZSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Spotify Ltd) C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NTI Corporation) F:\NTI Backup\NTI Backup Now EZ\BackupNowEZtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Inc.) F:\Adobe Acrobat XI\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-10-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [BackupNowEZtray] => F:\NTI Backup\NTI Backup Now EZ\BackupNowEZtray.exe [1294840 2013-11-07] (NTI Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => F:\Adobe Acrobat XI\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21437568 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [Spotify Web Helper] => C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper Live\PCKeeper.exe" /autorun
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-3264041994-1170860089-3550666026-1000] => Internet Explorer proxy is enabled.
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3264041994-1170860089-3550666026-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> F:\Adobe Acrobat XI\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3264041994-1170860089-3550666026-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\forum-search.xml
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\trovi.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\iobitascsurfingprotection@iobit.com [2014-12-21]
FF Extension: Booster Web - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{29b71e0f-d6bd-55b8-e910-6349df1c0dbf} [2015-02-02]
FF Extension: Zoom It - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{32ec7670-da05-cfdf-f00e-0906f118215d} [2015-02-05]
FF Extension: Memory Fox - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2014-11-06]
FF Extension: FatWallet Express - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\addon@fatwallet.com.xpi [2014-12-11]
FF Extension: Add to Amazon Wish List Button - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\amznUWL2@amazon.com.xpi [2014-07-16]
FF Extension: Session Manager - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-07-16]
FF Extension: Download Statusbar - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2014-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - F:\Adobe Acrobat XI\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - F:\Adobe Acrobat XI\Acrobat\Browser\WCFirefoxExtn [2014-09-14]
FF HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-16]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-16]
CHR Extension: (Google Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-09-15]
CHR Extension: (Print Selection) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2014-05-16]
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-16]
CHR Extension: (Enhanced Steam) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-05-16]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - F:\Adobe Acrobat XI\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NTI BackupNowEZSvr; F:\NTI Backup\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
S3 Origin Client Service; E:\Games\Origin\OriginClientService.exe [1900400 2014-11-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 cpuz137; \??\C:\Users\Greg\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 17:29 - 2015-02-05 17:29 - 00000000 ____D () C:\Users\Greg\Downloads\FRST-OlderVersion
2015-02-05 17:22 - 2015-02-05 17:22 - 00001072 _____ () C:\Users\Greg\Desktop\JRT.txt
2015-02-05 17:16 - 2015-02-02 13:13 - 01388274 _____ (Thisisu) C:\Users\Greg\Desktop\JRT_NEW.exe
2015-02-05 10:30 - 2015-02-05 10:30 - 00000000 ____D () C:\Users\Greg\AppData\Local\Steam
2015-02-03 22:20 - 2015-02-05 17:29 - 00022438 _____ () C:\Users\Greg\Downloads\FRST.txt
2015-02-03 22:20 - 2015-02-03 22:21 - 00035632 _____ () C:\Users\Greg\Downloads\Addition.txt
2015-02-03 22:16 - 2015-02-05 17:29 - 00000000 ____D () C:\FRST
2015-02-03 22:15 - 2015-02-05 17:29 - 02131968 _____ (Farbar) C:\Users\Greg\Downloads\FRST64.exe
2015-02-01 15:59 - 2015-02-01 15:59 - 00000000 ____D () C:\Windows\ERUNT
2015-01-31 19:57 - 2015-02-05 15:30 - 00000000 ____D () C:\AdwCleaner
2015-01-31 19:56 - 2015-01-31 19:56 - 02194432 _____ () C:\Users\Greg\Desktop\adwcleaner_4.109.exe
2015-01-31 19:37 - 2015-01-31 19:38 - 00000000 ____D () C:\Program Files (x86)\Booster-Web
2015-01-31 16:05 - 2015-01-31 16:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 16:05 - 2015-01-31 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-01-31 16:05 - 2015-01-31 16:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-31 16:05 - 2015-01-31 16:05 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Malwarebytes
2015-01-31 16:05 - 2015-01-31 16:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 16:05 - 2012-12-14 16:49 - 00024176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 16:04 - 2015-01-31 16:04 - 00000032 _____ () C:\Windows\CD_Start.INI
2015-01-30 20:56 - 2015-01-30 20:56 - 00001823 _____ () C:\ProgramData\tempimage.bmp
2015-01-30 20:33 - 2015-01-30 20:33 - 00003512 _____ () C:\Windows\System32\Tasks\PastaLeads
2015-01-30 20:32 - 2015-01-30 20:32 - 00003264 _____ () C:\Windows\System32\Tasks\sondhschedule
2015-01-30 20:32 - 2015-01-30 20:32 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Booster-Web
2015-01-30 20:32 - 2015-01-30 20:32 - 00000000 ____D () C:\Users\Greg\AppData\Local\Desktop_Dock
2015-01-30 20:23 - 2015-01-31 19:34 - 00000000 ____D () C:\ProgramData\lMXNddOnVBf
2015-01-30 20:22 - 2015-01-30 20:22 - 00000000 ____D () C:\Program Files (x86)\download Manager
2015-01-29 12:27 - 2015-01-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-29 12:27 - 2015-01-29 12:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-29 12:26 - 2015-01-29 12:26 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-29 12:26 - 2015-01-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-29 12:25 - 2015-01-29 12:25 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-29 12:24 - 2015-01-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-29 12:24 - 2015-01-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-29 12:24 - 2015-01-29 12:24 - 00000000 __RHD () C:\MSOCache
2015-01-29 12:24 - 2015-01-29 12:24 - 00000000 ____D () C:\Users\Greg\AppData\Local\Microsoft Help
2015-01-26 15:56 - 2015-01-26 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-15 16:24 - 2015-01-16 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-12 22:14 - 2015-01-12 22:14 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 17:18 - 2014-05-15 14:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 17:16 - 2009-07-14 00:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 17:15 - 2014-06-12 16:33 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Raptr
2015-02-05 17:15 - 2014-05-15 14:54 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Skype
2015-02-05 17:14 - 2014-06-29 22:54 - 00000000 ____D () C:\Users\Greg\AppData\Local\Adobe
2015-02-05 17:14 - 2014-05-15 14:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 17:14 - 2014-05-14 21:07 - 01676471 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 16:55 - 2014-05-15 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 15:38 - 2009-07-13 23:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 15:38 - 2009-07-13 23:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 15:31 - 2014-05-15 01:01 - 00354022 _____ () C:\Windows\PFRO.log
2015-02-05 15:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 15:31 - 2009-07-13 23:51 - 00027598 _____ () C:\Windows\setupact.log
2015-02-05 10:29 - 2014-05-15 14:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-04 23:55 - 2014-05-15 16:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 23:55 - 2014-05-15 16:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 23:55 - 2014-05-15 16:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-02 21:05 - 2014-12-21 22:52 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-02 17:16 - 2014-09-03 11:08 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 16:17 - 2014-05-15 19:35 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\vlc
2015-01-30 20:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-30 20:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 20:46 - 2014-05-14 21:08 - 00000000 ____D () C:\Users\Greg
2015-01-30 20:45 - 2014-12-28 20:17 - 00000000 ____D () C:\Users\Guest
2015-01-30 20:45 - 2014-07-11 18:09 - 00000000 ____D () C:\ProgramData\BackupNowEZ
2015-01-30 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-30 20:36 - 2014-06-12 16:33 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 20:35 - 2014-05-15 14:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 20:35 - 2009-07-13 23:45 - 05053080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-29 12:48 - 2014-11-02 14:54 - 00000034 _____ () C:\Users\Greg\AppData\Roaming\AdobeWLCMCache.dat
2015-01-29 12:39 - 2014-05-14 21:41 - 00076952 _____ () C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-29 12:25 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\ShellNew
2015-01-29 12:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-26 23:20 - 2014-05-15 14:48 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2014-11-02 20:06 - 2014-11-02 20:06 - 0000132 _____ () C:\Users\Greg\AppData\Roaming\Adobe PNG Format CC Prefs
2014-11-02 14:54 - 2015-01-29 12:48 - 0000034 _____ () C:\Users\Greg\AppData\Roaming\AdobeWLCMCache.dat
2014-06-30 17:10 - 2014-12-04 22:07 - 0001456 _____ () C:\Users\Greg\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-30 20:56 - 2015-01-30 20:56 - 0001823 _____ () C:\ProgramData\tempimage.bmp
 
Some content of TEMP:
====================
C:\Users\Greg\AppData\Local\Temp\130647027028017132.exe
C:\Users\Greg\AppData\Local\Temp\13064702724396948418.exe
C:\Users\Greg\AppData\Local\Temp\6A3890F4-0A72-FFF1-BB87-C69351A781FA.dll
C:\Users\Greg\AppData\Local\Temp\6A3890F4-0A72-FFF1-BB87-C69351A781FA.exe
C:\Users\Greg\AppData\Local\Temp\AAMHelper.exe
C:\Users\Greg\AppData\Local\Temp\addon.exe
C:\Users\Greg\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Greg\AppData\Local\Temp\bassmod.dll
C:\Users\Greg\AppData\Local\Temp\E81ED1EC-3B59-E7F9-E6FF-64C056C7DE29.exe
C:\Users\Greg\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Greg\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Greg\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Greg\AppData\Local\Temp\ose00000.exe
C:\Users\Greg\AppData\Local\Temp\Quarantine.exe
C:\Users\Greg\AppData\Local\Temp\sqlite3.dll
C:\Users\Greg\AppData\Local\Temp\turbodiagnosis_amo.exe
C:\Users\Greg\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Greg\AppData\Local\Temp\VLCStreamerSetup.exe
C:\Users\Greg\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 00:31
 
==================== End Of Log ============================

Edited by Steelpen2, 05 February 2015 - 05:41 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:32 PM

Posted 05 February 2015 - 06:16 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   6.03KB   1 downloads

 

 

Let me know how the machine is running after this fix.

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Steelpen2

Steelpen2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 05 February 2015 - 07:44 PM

The machines appears to be running normally.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Greg at 2015-02-05 19:34:35 Run:1
Running from C:\Users\Greg\Downloads
Loaded Profiles: Greg (Available profiles: Greg & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper Live\PCKeeper.exe" /autorun
C:\Program Files\Kromtech\PCKeeper Live
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3264041994-1170860089-3550666026-1000] => Internet Explorer proxy is enabled.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\trovi.xml
FF Extension: Booster Web - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{29b71e0f-d6bd-55b8-e910-6349df1c0dbf} [2015-02-02]
FF Extension: Zoom It - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{32ec7670-da05-cfdf-f00e-0906f118215d} [2015-02-05]
FF Extension: Memory Fox - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2014-11-06]
FF Extension: FatWallet Express - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\addon@fatwallet.com.xpi [2014-12-11]
FF Extension: Booster Web - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\forum-search.xml
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-30 20:23 - 2015-01-31 19:34 - 00000000 ____D () C:\ProgramData\lMXNddOnVBf
2015-01-31 19:37 - 2015-01-31 19:38 - 00000000 ____D () C:\Program Files (x86)\Booster-Web
2015-01-30 20:56 - 2015-01-30 20:56 - 00001823 _____ () C:\ProgramData\tempimage.bmp
2015-01-30 20:33 - 2015-01-30 20:33 - 00003512 _____ () C:\Windows\System32\Tasks\PastaLeads
emptytemp:
Task: {1436C944-5C94-4A7B-9B9D-D0A30D03D20F} - System32\Tasks\PastaLeads => C:\Program Files (x86)\pastaleads\ScheduledTask.exe
Task: {8DA3C025-DA69-4149-82C8-AAA2D39B4443} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {91E790C1-196B-4644-915D-0281C1796DBE} - System32\Tasks\sondhschedule => C:\Users\Greg\AppData\Roaming\Booster-Web\Booster-Web-Installer.exe [2015-01-27] ()
 
 
 
*****************
 
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value deleted successfully.
"C:\Program Files\Kromtech\PCKeeper Live" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => Moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\trovi.xml => Moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack => Moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{29b71e0f-d6bd-55b8-e910-6349df1c0dbf} => Moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{32ec7670-da05-cfdf-f00e-0906f118215d} => Moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} => Moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\addon@fatwallet.com.xpi => Moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack not found.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\firefox-add-ons.xml => Moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\searchplugins\forum-search.xml => Moved successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\ProgramData\lMXNddOnVBf => Moved successfully.
C:\Program Files (x86)\Booster-Web => Moved successfully.
C:\ProgramData\tempimage.bmp => Moved successfully.
C:\Windows\System32\Tasks\PastaLeads => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1436C944-5C94-4A7B-9B9D-D0A30D03D20F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1436C944-5C94-4A7B-9B9D-D0A30D03D20F}" => Key deleted successfully.
C:\Windows\System32\Tasks\PastaLeads not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaLeads" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DA3C025-DA69-4149-82C8-AAA2D39B4443}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DA3C025-DA69-4149-82C8-AAA2D39B4443}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91E790C1-196B-4644-915D-0281C1796DBE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91E790C1-196B-4644-915D-0281C1796DBE}" => Key deleted successfully.
C:\Windows\System32\Tasks\sondhschedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sondhschedule" => Key deleted successfully.
EmptyTemp: => Removed 5.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:35:35 ====


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:32 PM

Posted 05 February 2015 - 07:50 PM

Lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Steelpen2

Steelpen2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 08 February 2015 - 03:21 PM

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2015.02.07.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Greg :: STEELPEN2 [administrator]
 
Protection: Enabled
 
2/8/2015 4:07:06 AM
mbam-log-2015-02-08 (04-07-06).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 350563
Time elapsed: 3 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
C:\AdwCleaner\Quarantine\C\ProgramData\jnnlmogodpainchkccohapfmhcieehbe\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\jnnlmogodpainchkccohapfmhcieehbe\uI.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\lMXNddOnVBf\dat\QLHiWgdUi.dll a variant of MSIL/Adware.PullUpdate.K.gen application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack\resources\smootherweb\data\content.js Win32/SmootherWeb.C potentially unwanted application deleted - quarantined
C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\Program Files\Common Files\System\SysMenu64.dll a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\Users\Greg\AppData\Local\Installer\Installshopperpro_18990\DCytdkiemon_amodk_setup.exe a variant of Win32/SpeedBit.C potentially unwanted application deleted - quarantined
C:\Users\Greg\AppData\Local\Installer\Installsmk_18990\DCytdkiemon_amodk_setup.exe a variant of Win32/SpeedBit.C potentially unwanted application deleted - quarantined
C:\Users\Greg\AppData\Local\Installer\Installytd_13171\DCytdkiemon_amodk_setup.exe a variant of Win32/SpeedBit.C potentially unwanted application deleted - quarantined
C:\Users\Greg\Downloads\Unconfirmed 552179.crdownload a variant of Win32/InstallCore.UF potentially unwanted application deleted - quarantined
C:\Users\Greg\Downloads\Unconfirmed 714711.crdownload a variant of Win32/InstallCore.UF potentially unwanted application deleted - quarantined
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\nrfv8zzc.default\extensions\staged\nvdQjqR@tVz2.edu\content\bg.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
G:\Backup\recup_dir.10\f1788024_PureLeads.Service.exe a variant of MSIL/Adware.Sendori.A application cleaned by deleting - quarantined
G:\Backup\recup_dir.12\f2270696_PureLeadsControl.exe Win32/AdWare.Sendori.C application cleaned by deleting - quarantined
G:\Backup\recup_dir.21\f4318384_PureLeads.Library.dll a variant of MSIL/Adware.Sendori.A application cleaned by deleting - quarantined
 


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:32 PM

Posted 08 February 2015 - 09:10 PM

How is your computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Steelpen2

Steelpen2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 09 February 2015 - 04:08 PM

I keep getting a RunDLL error message that pops up every once in awhile. The file is named, SysMenu.dll. It is trying to run from Program Files\Common Files\System\



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:32 PM

Posted 09 February 2015 - 10:48 PM

Please run FRST again and post the new FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Steelpen2

Steelpen2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 10 February 2015 - 02:36 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Greg (administrator) on STEELPEN2 on 10-02-2015 14:33:28
Running from C:\Users\Greg\Downloads
Loaded Profiles: Greg (Available profiles: Greg & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) F:\NTI Backup\NTI Backup Now EZ\BackupNowEZSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(NTI Corporation) F:\NTI Backup\NTI Backup Now EZ\BackupNowEZtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Inc.) F:\Adobe Acrobat XI\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Hobbyist Software) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-10-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [BackupNowEZtray] => F:\NTI Backup\NTI Backup Now EZ\BackupNowEZtray.exe [1294840 2013-11-07] (NTI Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => F:\Adobe Acrobat XI\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21437568 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [Spotify Web Helper] => C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3264041994-1170860089-3550666026-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> F:\Adobe Acrobat XI\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3264041994-1170860089-3550666026-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\iobitascsurfingprotection@iobit.com [2014-12-21]
FF Extension: Add to Amazon Wish List Button - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\amznUWL2@amazon.com.xpi [2014-07-16]
FF Extension: Session Manager - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-07-16]
FF Extension: Download Statusbar - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wy1ijoe3.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2014-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - F:\Adobe Acrobat XI\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - F:\Adobe Acrobat XI\Acrobat\Browser\WCFirefoxExtn [2014-09-14]
FF HKU\S-1-5-21-3264041994-1170860089-3550666026-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-16]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-16]
CHR Extension: (Google Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-09-15]
CHR Extension: (Print Selection) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2014-05-16]
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-16]
CHR Extension: (Enhanced Steam) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-05-16]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - F:\Adobe Acrobat XI\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NTI BackupNowEZSvr; F:\NTI Backup\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
S3 Origin Client Service; E:\Games\Origin\OriginClientService.exe [1900400 2014-11-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 cpuz137; \??\C:\Users\Greg\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 23:36 - 2015-02-05 23:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-05 17:29 - 2015-02-10 14:33 - 00000000 ____D () C:\Users\Greg\Downloads\FRST-OlderVersion
2015-02-05 17:22 - 2015-02-05 17:22 - 00001072 _____ () C:\Users\Greg\Desktop\JRT.txt
2015-02-05 17:16 - 2015-02-02 13:13 - 01388274 _____ (Thisisu) C:\Users\Greg\Desktop\JRT_NEW.exe
2015-02-05 10:30 - 2015-02-05 10:30 - 00000000 ____D () C:\Users\Greg\AppData\Local\Steam
2015-02-03 22:20 - 2015-02-10 14:33 - 00021238 _____ () C:\Users\Greg\Downloads\FRST.txt
2015-02-03 22:20 - 2015-02-03 22:21 - 00035632 _____ () C:\Users\Greg\Downloads\Addition.txt
2015-02-03 22:16 - 2015-02-10 14:33 - 00000000 ____D () C:\FRST
2015-02-03 22:15 - 2015-02-10 14:33 - 02132992 _____ (Farbar) C:\Users\Greg\Downloads\FRST64.exe
2015-02-01 15:59 - 2015-02-01 15:59 - 00000000 ____D () C:\Windows\ERUNT
2015-01-31 19:57 - 2015-02-05 15:30 - 00000000 ____D () C:\AdwCleaner
2015-01-31 19:56 - 2015-01-31 19:56 - 02194432 _____ () C:\Users\Greg\Desktop\adwcleaner_4.109.exe
2015-01-31 16:05 - 2015-01-31 16:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 16:05 - 2015-01-31 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-01-31 16:05 - 2015-01-31 16:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-31 16:05 - 2015-01-31 16:05 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Malwarebytes
2015-01-31 16:05 - 2015-01-31 16:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 16:05 - 2012-12-14 16:49 - 00024176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 16:04 - 2015-01-31 16:04 - 00000032 _____ () C:\Windows\CD_Start.INI
2015-01-30 20:32 - 2015-01-30 20:32 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Booster-Web
2015-01-30 20:32 - 2015-01-30 20:32 - 00000000 ____D () C:\Users\Greg\AppData\Local\Desktop_Dock
2015-01-30 20:22 - 2015-01-30 20:22 - 00000000 ____D () C:\Program Files (x86)\download Manager
2015-01-29 12:27 - 2015-01-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-29 12:27 - 2015-01-29 12:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-29 12:26 - 2015-01-29 12:26 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-29 12:26 - 2015-01-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-29 12:25 - 2015-01-29 12:25 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-29 12:24 - 2015-01-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-29 12:24 - 2015-01-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-29 12:24 - 2015-01-29 12:24 - 00000000 __RHD () C:\MSOCache
2015-01-29 12:24 - 2015-01-29 12:24 - 00000000 ____D () C:\Users\Greg\AppData\Local\Microsoft Help
2015-01-26 15:56 - 2015-01-26 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-15 16:24 - 2015-01-16 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-12 22:14 - 2015-01-12 22:14 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 14:25 - 2014-05-15 14:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 14:07 - 2014-05-15 14:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-10 13:57 - 2014-05-15 14:54 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Skype
2015-02-10 13:55 - 2014-05-15 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 08:57 - 2014-06-12 16:33 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Raptr
2015-02-10 05:44 - 2014-05-14 21:07 - 01577535 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 02:12 - 2009-07-13 23:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 02:12 - 2009-07-13 23:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 00:26 - 2014-05-15 19:35 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\vlc
2015-02-09 16:25 - 2014-05-15 14:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 02:00 - 2014-06-29 22:54 - 00000000 ____D () C:\Users\Greg\AppData\Local\Adobe
2015-02-06 16:20 - 2014-05-15 14:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 16:20 - 2014-05-15 14:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 00:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-05 21:01 - 2009-07-14 00:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 20:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 20:56 - 2009-07-13 23:51 - 00027710 _____ () C:\Windows\setupact.log
2015-02-05 20:26 - 2014-05-15 14:48 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 15:31 - 2014-05-15 01:01 - 00354022 _____ () C:\Windows\PFRO.log
2015-02-04 23:55 - 2014-05-15 16:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 23:55 - 2014-05-15 16:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 23:55 - 2014-05-15 16:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-02 21:05 - 2014-12-21 22:52 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-02 17:16 - 2014-09-03 11:08 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-30 20:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 20:46 - 2014-05-14 21:08 - 00000000 ____D () C:\Users\Greg
2015-01-30 20:45 - 2014-12-28 20:17 - 00000000 ____D () C:\Users\Guest
2015-01-30 20:45 - 2014-07-11 18:09 - 00000000 ____D () C:\ProgramData\BackupNowEZ
2015-01-30 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-30 20:36 - 2014-06-12 16:33 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 20:35 - 2014-05-15 14:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 20:35 - 2009-07-13 23:45 - 05053080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-29 12:48 - 2014-11-02 14:54 - 00000034 _____ () C:\Users\Greg\AppData\Roaming\AdobeWLCMCache.dat
2015-01-29 12:39 - 2014-05-14 21:41 - 00076952 _____ () C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-29 12:25 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\ShellNew
2015-01-29 12:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

==================== Files in the root of some directories =======

2014-11-02 20:06 - 2014-11-02 20:06 - 0000132 _____ () C:\Users\Greg\AppData\Roaming\Adobe PNG Format CC Prefs
2014-11-02 14:54 - 2015-01-29 12:48 - 0000034 _____ () C:\Users\Greg\AppData\Roaming\AdobeWLCMCache.dat
2014-06-30 17:10 - 2014-12-04 22:07 - 0001456 _____ () C:\Users\Greg\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:31

==================== End Of Log ============================



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:32 PM

Posted 10 February 2015 - 08:05 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   596bytes   2 downloads

 

 

Try restarting after this and see if you get that message again.

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Steelpen2

Steelpen2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 12 February 2015 - 02:36 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015
Ran by Greg at 2015-02-12 14:26:02 Run:2
Running from C:\Users\Greg\Downloads
Loaded Profiles: Greg (Available profiles: Greg & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll No File
C:\Program Files (x86)\Booster-Web
Hosts:
CHR StartupUrls: Default -> ""
S3 cpuz137; \??\C:\Users\Greg\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
Emptytemp:


*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
"HKCR\CLSID\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
"C:\Program Files (x86)\Booster-Web" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
Chrome StartupUrls deleted successfully.
cpuz137 => Service deleted successfully.
EmptyTemp: => Removed 536.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:26:32 ====

 

The rundll still pops up.



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:32 PM

Posted 12 February 2015 - 07:20 PM

  •    
  • Run FRST.

       
  • Type the following in the edit box after "Search:" so it looks like this:

        Search: *SysMenu.dll*


    Click Search Registry button and post the log it makes to your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:32 PM

Posted 14 February 2015 - 05:10 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users