Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Advertisements Playing in Background


  • This topic is locked This topic is locked
12 replies to this topic

#1 pastorjasonharris

pastorjasonharris

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 12 February 2015 - 12:39 PM

My laptop has an issue with audio advertisements popping up randomly. When I go to task manager, I find that IE is running and when I click "end task" the ad goes away. I use Chrome, not IE. Also, I download installed and tried to run Cobian backup but it did not work. It just got stuck on "closing other instances of the user interface"

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by pastorjasonharris (administrator) on MRLAPPY on 12-02-2015 13:08:38
Running from C:\Users\pastorjasonharris\Downloads
Loaded Profiles: pastorjasonharris (Available profiles: pastorjasonharris)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\pastorjasonharris\AppData\Roaming\SpeedTray\speedtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkDMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> TabTip.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-07-05] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-10] (AppEx Networks Corporation)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2013-11-29] (Hewlett-Packard Co.)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [Google Update] => C:\Users\pastorjasonharris\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-03] (Google Inc.)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [BBE1B7262CF6DE8AF66C0F990D82687BF0F6F6C9._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [SpeedTray] => C:\Users\pastorjasonharris\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-25] ()
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [GoogleChromeAutoLaunch_FC093376F8F4ECE1CD5AFFC7E19E8C14] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\RunOnce: [Adobe Speed Launcher] => 1423766776
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3177413435-3017813973-954904672-1001 -> {EF4E0BD9-0B13-4E69-A95B-3FF888C9E7A0} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\pastorjasonharris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @talk.google.com/O1DPlugin -> C:\Users\pastorjasonharris\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @tools.google.com/Google Update;version=3 -> C:\Users\pastorjasonharris\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @tools.google.com/Google Update;version=9 -> C:\Users\pastorjasonharris\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\pastorjasonharris\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\pastorjasonharris\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\pastorjasonharris\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-06]
CHR Extension: (Google Drive) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (F5 Networks Plugin Host) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjhelpopbdbnlfmjkbkfkbfmbneaeob [2013-12-13]
CHR Extension: (YouTube) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06]
CHR Extension: (Google Cast) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-14]
CHR Extension: (Google Search) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06]
CHR Extension: (The Great Grass Sea Theme) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpghdlkjginnphhfpdccobkbncldkgmc [2013-12-06]
CHR Extension: (Arcane Legends) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2014-01-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Plants vs Zombies) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-12-30]
CHR Extension: (Hangouts) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-03]
CHR Extension: (Google Wallet) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
CHR Extension: (Readability) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-03-07]
CHR Extension: (Gmail) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
CHR HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe [404360 2013-06-17] (Samsung) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HPSLPSVC; C:\Users\pastorjasonharris\AppData\Local\Temp\7zS46E0\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-07-05] (Copyright 2013 SAMSUNG)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1594176 2014-04-22] (Samsung Electronics CO., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-17] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-07-10] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 cpuz137; \??\C:\Users\PASTOR~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 SBIOSIO; \??\C:\Users\PASTOR~1\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 urvpndrv; \SystemRoot\system32\DRIVERS\covpnv64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-12 12:51 - 2015-02-12 12:51 - 00002275 _____ () C:\Users\pastorjasonharris\Desktop\Google Chrome.lnk
2015-02-12 12:51 - 2015-02-12 12:51 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-12 12:46 - 2015-02-12 13:07 - 00039372 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-12 12:46 - 2015-02-12 12:46 - 00000000 ___RD () C:\Users\pastorjasonharris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-12 12:45 - 2015-02-12 12:45 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-02-12 12:45 - 2015-02-12 12:45 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-12 12:44 - 2015-02-12 12:44 - 00000586 _____ () C:\WINDOWS\PFRO.log
2015-02-12 12:01 - 2015-02-12 12:02 - 05325208 _____ (Piriform Ltd) C:\Users\pastorjasonharris\Downloads\ccsetup502.exe
2015-02-12 11:41 - 2015-02-12 12:05 - 00000000 ____D () C:\AdwCleaner
2015-02-12 11:40 - 2015-02-12 11:40 - 02112512 _____ () C:\Users\pastorjasonharris\Downloads\AdwCleaner.exe
2015-02-12 11:34 - 2015-02-12 11:35 - 00042465 _____ () C:\Users\pastorjasonharris\Downloads\Addition.txt
2015-02-12 11:32 - 2015-02-12 13:08 - 00019341 _____ () C:\Users\pastorjasonharris\Downloads\FRST.txt
2015-02-12 11:31 - 2015-02-12 13:08 - 00000000 ____D () C:\FRST
2015-02-12 11:31 - 2015-02-12 11:31 - 02134016 _____ (Farbar) C:\Users\pastorjasonharris\Downloads\FRST64.exe
2015-02-12 11:14 - 2015-02-12 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-02-12 11:14 - 2015-02-12 11:14 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-02-12 11:09 - 2015-02-12 11:11 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\pastorjasonharris\Downloads\cbSetup.exe
2015-02-11 11:58 - 2015-02-11 11:58 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2015-02-10 20:08 - 2015-02-03 17:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 20:08 - 2015-02-03 17:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 20:08 - 2015-02-03 17:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 20:08 - 2015-02-02 17:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 20:08 - 2015-02-02 17:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 20:08 - 2015-02-02 17:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 20:08 - 2015-01-19 12:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 20:08 - 2014-12-19 02:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 20:08 - 2014-12-19 02:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 20:08 - 2014-12-08 17:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 19:07 - 2015-01-15 16:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 19:07 - 2015-01-15 16:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 19:07 - 2015-01-13 22:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 19:07 - 2015-01-13 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 19:07 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 19:07 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 19:07 - 2015-01-11 20:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 19:07 - 2015-01-11 20:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-10 19:07 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 19:07 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 19:07 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 19:07 - 2015-01-11 19:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-10 19:07 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 19:07 - 2015-01-10 01:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 19:07 - 2015-01-10 00:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 19:07 - 2014-12-08 21:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 19:07 - 2014-12-08 19:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 19:07 - 2014-10-28 20:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 19:07 - 2014-10-28 20:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 19:07 - 2014-10-28 20:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 19:07 - 2014-10-28 20:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 19:07 - 2014-10-28 19:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 19:06 - 2015-01-13 16:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 19:06 - 2015-01-13 16:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 19:06 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 19:06 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 19:06 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 19:06 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 19:06 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 19:06 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 19:06 - 2015-01-11 19:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 19:06 - 2015-01-11 19:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 19:06 - 2015-01-11 19:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 19:06 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 19:06 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 19:06 - 2015-01-11 19:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 19:06 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 19:06 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 19:06 - 2015-01-11 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 19:06 - 2015-01-11 19:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 19:06 - 2015-01-11 19:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 19:06 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 19:06 - 2015-01-11 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 19:06 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 19:06 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 19:06 - 2015-01-11 19:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 19:06 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 19:06 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 19:06 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 19:06 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 19:06 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 19:06 - 2015-01-10 03:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 19:06 - 2015-01-10 03:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 19:06 - 2015-01-10 02:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 19:06 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 19:06 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 19:06 - 2014-10-28 19:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 19:06 - 2014-10-28 19:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 19:06 - 2014-10-28 19:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 19:06 - 2014-10-28 19:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 19:06 - 2014-10-28 19:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 19:06 - 2014-10-28 19:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 19:05 - 2015-01-10 02:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-08 19:47 - 2015-02-08 19:47 - 00000081 _____ () C:\Users\pastorjasonharris\Downloads\Banana.cp
2015-02-08 19:35 - 2015-02-08 19:35 - 14224911 _____ () C:\Users\pastorjasonharris\Downloads\South Park (USA).zip
2015-02-08 19:28 - 2015-02-08 19:28 - 00000072 _____ () C:\Users\pastorjasonharris\Downloads\Gamepad.jsf
2015-02-08 19:27 - 2015-02-08 19:27 - 07341544 _____ () C:\Users\pastorjasonharris\Downloads\Doom 64 (USA).zip
2015-02-05 13:05 - 2015-02-05 13:05 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-02-05 13:05 - 2015-02-05 13:05 - 00001188 _____ () C:\Users\Public\Desktop\paint.net.lnk
2015-02-05 13:05 - 2015-02-05 13:05 - 00000000 ____D () C:\Program Files\paint.net
2015-02-05 13:04 - 2015-02-05 13:09 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Local\paint.net
2015-02-05 13:03 - 2015-02-05 13:04 - 06528454 _____ () C:\Users\pastorjasonharris\Downloads\paint.net.4.0.5.install.zip
2015-02-03 18:06 - 2015-02-11 08:51 - 00000000 ____D () C:\ZDaemon
2015-02-03 18:06 - 2015-02-03 18:06 - 13086641 _____ () C:\Users\pastorjasonharris\Downloads\zdaemon-setup.exe
2015-02-03 18:06 - 2015-02-03 18:06 - 00000610 _____ () C:\Users\Public\Desktop\ZDaemon Game Launcher.lnk
2015-02-03 18:06 - 2015-02-03 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZDaemon
2015-02-03 15:39 - 2015-02-03 15:38 - 00002769 _____ () C:\Users\pastorjasonharris\Desktop\JRT.txt
2015-02-03 15:26 - 2015-02-03 15:26 - 02194432 _____ () C:\Users\pastorjasonharris\Downloads\Unconfirmed 48301.crdownload
2015-02-03 15:25 - 2015-02-12 11:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-03 15:25 - 2015-02-03 15:26 - 01388274 _____ (Thisisu) C:\Users\pastorjasonharris\Downloads\JRT.exe
2015-02-03 15:24 - 2015-02-03 15:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\pastorjasonharris\Downloads\revosetup.exe
2015-02-03 15:23 - 2015-02-03 15:24 - 05611380 _____ (Swearware) C:\Users\pastorjasonharris\Downloads\ComboFix.exe
2015-02-03 13:47 - 2015-02-03 13:47 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Compete
2015-02-03 13:46 - 2015-02-03 13:46 - 00000004 _____ () C:\Users\pastorjasonharris\AppData\Roaming\.lockfile
2015-01-30 12:09 - 2015-01-30 12:09 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Mozilla
2015-01-26 09:53 - 2015-01-26 10:14 - 00021542 _____ () C:\Users\pastorjasonharris\Downloads\nestopia.xml
2015-01-26 09:53 - 2015-01-26 09:53 - 00003194 _____ () C:\WINDOWS\System32\Tasks\{E5AFE741-ECAF-40C5-9F88-4F3306EDB083}
2015-01-26 09:52 - 2015-01-26 10:14 - 00006648 _____ () C:\Users\pastorjasonharris\Downloads\nestopia.log
2015-01-26 09:52 - 2015-01-26 10:10 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\states
2015-01-26 09:52 - 2015-01-26 09:53 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\save
2015-01-26 09:52 - 2015-01-26 09:52 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\screenshots
2015-01-26 09:52 - 2015-01-26 09:52 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\samples
2015-01-26 09:52 - 2015-01-26 09:52 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\patches
2015-01-26 09:52 - 2015-01-26 09:52 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\cheats
2015-01-25 22:00 - 2015-01-25 22:00 - 00403266 _____ () C:\Users\pastorjasonharris\Downloads\Visual Latin Sample Worksheets.zip
2015-01-25 19:16 - 2015-01-25 19:16 - 02362913 _____ () C:\Users\pastorjasonharris\Downloads\RSI Power Point Presentation Revised2-5.pptx
2015-01-20 20:32 - 2015-01-20 20:33 - 47645360 _____ () C:\Users\pastorjasonharris\Downloads\Phoenix-Firestorm-Release-4-6-9-42974_Setup.exe
2015-01-20 17:18 - 2015-01-20 17:18 - 00221647 _____ () C:\Users\pastorjasonharris\Downloads\Crystalis (USA).zip
2015-01-20 17:03 - 2015-01-20 17:03 - 00142245 _____ () C:\Users\pastorjasonharris\Downloads\Faxanadu (USA).zip
2015-01-20 16:46 - 2015-01-20 16:46 - 02065920 _____ () C:\Users\pastorjasonharris\Downloads\nestopia.exe
2015-01-20 16:46 - 2015-01-20 16:46 - 00169984 _____ () C:\Users\pastorjasonharris\Downloads\7zxa.dll
2015-01-20 16:46 - 2015-01-20 16:46 - 00162304 _____ () C:\Users\pastorjasonharris\Downloads\unrar.dll
2015-01-20 16:46 - 2015-01-20 16:46 - 00036781 _____ () C:\Users\pastorjasonharris\Downloads\readme.html
2015-01-20 16:46 - 2015-01-20 16:46 - 00033631 _____ () C:\Users\pastorjasonharris\Downloads\schemadb.xsd
2015-01-20 16:46 - 2015-01-20 16:46 - 00033617 _____ () C:\Users\pastorjasonharris\Downloads\schemaromset.xsd
2015-01-20 16:46 - 2015-01-20 16:46 - 00032256 _____ () C:\Users\pastorjasonharris\Downloads\kailleraclient.dll
2015-01-20 16:46 - 2015-01-20 16:46 - 00015402 _____ () C:\Users\pastorjasonharris\Downloads\copying.txt
2015-01-20 16:46 - 2015-01-20 16:46 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\language
2015-01-20 16:45 - 2015-01-20 16:45 - 01249640 _____ () C:\Users\pastorjasonharris\Downloads\Nestopia140bin (1).zip
2015-01-19 13:24 - 2015-01-19 13:24 - 00002028 _____ () C:\Users\pastorjasonharris\Downloads\contacts.csv
2015-01-19 13:23 - 2015-01-19 13:23 - 00001007 _____ () C:\Users\pastorjasonharris\Downloads\google (2).csv
2015-01-19 03:20 - 2015-01-19 03:20 - 00090466 _____ () C:\Users\pastorjasonharris\Downloads\Mario Bros..7z
2015-01-14 10:05 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 10:05 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 10:05 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 10:05 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 10:05 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 10:05 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 10:05 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 10:05 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 10:05 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 10:05 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 10:05 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 10:05 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 10:05 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 10:05 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 10:05 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 10:05 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 10:05 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 10:05 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 10:05 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 10:05 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 10:05 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 10:05 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 10:05 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 10:05 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 10:05 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 10:05 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 10:05 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 10:05 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 10:05 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 10:05 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 10:05 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-14 00:33 - 2015-01-14 00:33 - 00245788 _____ () C:\Users\pastorjasonharris\Downloads\google (1).csv
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-12 13:09 - 2014-04-03 09:54 - 00000972 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001UA.job
2015-02-12 13:06 - 2014-12-12 07:14 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\SpeedTray
2015-02-12 13:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-12 12:51 - 2013-12-06 18:27 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Local\CrashDumps
2015-02-12 12:51 - 2013-12-06 18:11 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Local\VirtualStore
2015-02-12 12:51 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 12:50 - 2013-12-06 18:23 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3177413435-3017813973-954904672-1001
2015-02-12 12:48 - 2013-07-09 01:27 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-12 12:47 - 2014-07-03 15:50 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 12:46 - 2013-12-14 14:58 - 00000000 ___RD () C:\Users\pastorjasonharris\Google Drive
2015-02-12 12:45 - 2014-10-21 11:29 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfed549c89ec54.job
2015-02-12 12:45 - 2013-12-06 18:19 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 12:45 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-12 12:44 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-12 12:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-12 12:44 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-12 12:41 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 12:39 - 2013-12-26 15:51 - 00074752 ___SH () C:\Users\pastorjasonharris\Desktop\Thumbs.db
2015-02-12 12:35 - 2014-10-21 11:29 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cfed549d5ef29f.job
2015-02-12 12:29 - 2013-12-06 18:19 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 12:24 - 2014-06-05 09:51 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-12 12:15 - 2014-10-22 18:09 - 00000972 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001UA1cfee55904d32ab.job
2015-02-12 12:15 - 2014-10-22 18:09 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001Core1cfee558f75d2cf.job
2015-02-12 12:10 - 2013-12-14 11:54 - 00000000 ___DO () C:\Users\pastorjasonharris\SkyDrive
2015-02-12 12:02 - 2014-01-19 07:05 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-12 12:02 - 2014-01-19 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-12 12:02 - 2014-01-19 07:05 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 11:59 - 2013-07-09 01:37 - 00000000 ____D () C:\Users\EasySurvey
2015-02-12 11:55 - 2013-12-13 12:45 - 00000000 ____D () C:\ProgramData\F5 Networks
2015-02-12 11:51 - 2013-12-06 18:30 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Samsung
2015-02-12 11:45 - 2014-12-06 17:08 - 00000000 ____D () C:\Program Files\Andy
2015-02-12 11:45 - 2013-12-14 11:24 - 00000000 ____D () C:\Users\pastorjasonharris
2015-02-12 10:55 - 2013-12-14 14:59 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5D18165C-4F8F-43D3-B4E4-3C721FCA011E}
2015-02-11 21:15 - 2013-12-14 11:18 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2015-02-11 12:40 - 2013-08-22 08:44 - 00417448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 12:39 - 2014-12-13 20:42 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 12:39 - 2014-07-15 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 12:39 - 2014-07-09 18:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 12:39 - 2013-12-08 17:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 12:31 - 2013-12-08 17:55 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 11:58 - 2014-07-28 11:22 - 00001874 _____ () C:\Users\pastorjasonharris\Desktop\Zoom.lnk
2015-02-11 11:58 - 2014-07-28 11:22 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Zoom
2015-02-11 09:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 08:59 - 2014-06-24 20:01 - 00000000 ____D () C:\Doom
2015-02-10 20:09 - 2014-04-03 09:54 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001Core.job
2015-02-10 19:00 - 2014-02-01 21:46 - 00456704 ___SH () C:\Users\pastorjasonharris\Downloads\Thumbs.db
2015-02-06 17:30 - 2014-10-21 11:29 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cfed549d5ef29f
2015-02-06 17:30 - 2014-10-21 11:29 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cfed549c89ec54
2015-02-05 12:10 - 2014-10-22 18:09 - 00003942 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001UA1cfee55904d32ab
2015-02-05 12:10 - 2014-10-22 18:09 - 00003562 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001Core1cfee558f75d2cf
2015-02-04 14:24 - 2014-06-05 09:51 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 13:31 - 2014-04-28 17:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:31 - 2014-04-28 17:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 11:31 - 2013-12-14 12:48 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-28 11:31 - 2013-12-14 12:48 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-28 11:31 - 2013-12-14 12:48 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-28 11:31 - 2013-12-14 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-21 04:40 - 2013-12-06 20:09 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Local\Firestorm
2015-01-20 17:19 - 1996-12-24 23:32 - 00393232 _____ () C:\Users\pastorjasonharris\Downloads\Crystalis (USA).nes
2015-01-20 17:05 - 1996-12-24 23:32 - 00262160 _____ () C:\Users\pastorjasonharris\Downloads\Faxanadu (USA).nes
2015-01-19 03:18 - 2014-11-06 20:28 - 00002048 _____ () C:\Users\pastorjasonharris\Downloads\Super Mario World.srm
 
==================== Files in the root of some directories =======
 
2015-02-03 13:46 - 2015-02-03 13:46 - 0000004 _____ () C:\Users\pastorjasonharris\AppData\Roaming\.lockfile
2013-12-06 18:12 - 2013-12-22 03:31 - 0006173 _____ () C:\Users\pastorjasonharris\AppData\Roaming\AbsoluteReminder.xml
2014-12-15 14:25 - 2014-12-15 14:25 - 0190461 _____ () C:\Users\pastorjasonharris\AppData\Local\ars.cache
2014-12-15 14:25 - 2014-12-15 14:25 - 0251512 _____ () C:\Users\pastorjasonharris\AppData\Local\census.cache
2014-08-27 13:08 - 2014-08-27 13:08 - 0003584 _____ () C:\Users\pastorjasonharris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-15 14:10 - 2014-12-15 14:10 - 0000036 _____ () C:\Users\pastorjasonharris\AppData\Local\housecall.guid.cache
2013-12-08 23:53 - 2013-12-08 23:53 - 0000017 _____ () C:\Users\pastorjasonharris\AppData\Local\resmon.resmoncfg
2014-12-15 14:16 - 2014-12-15 14:16 - 0000010 _____ () C:\Users\pastorjasonharris\AppData\Local\sponge.last.runtime.cache
2014-01-19 07:16 - 2014-01-19 07:16 - 0045426 _____ () C:\ProgramData\1390137338.bdinstall.bin
2014-01-19 07:26 - 2014-01-19 07:26 - 0206971 _____ () C:\ProgramData\1390137650.bdinstall.bin
2013-12-30 13:00 - 2013-12-30 13:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-12-30 13:42 - 2013-12-30 13:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-07-09 01:38 - 2013-02-19 01:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-07-09 01:38 - 2013-01-12 08:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\pastorjasonharris\jagex_cl_runescape_LIVE.dat
C:\Users\pastorjasonharris\random.dat
 
 
Some content of TEMP:
====================
C:\Users\pastorjasonharris\AppData\Local\Temp\GPUpd54DBA33E0.exe
C:\Users\pastorjasonharris\AppData\Local\Temp\GPUpd54DBA33E1.exe
C:\Users\pastorjasonharris\AppData\Local\Temp\Quarantine.exe
C:\Users\pastorjasonharris\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 15:39
 
==================== End Of Log ============================

Attached Files


Edited by pastorjasonharris, 12 February 2015 - 02:16 PM.


BC AdBot (Login to Remove)

 


#2 pastorjasonharris

pastorjasonharris
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 12 February 2015 - 02:21 PM

I deleted a few extra games and programs and ran Malware bytes.

 

THE STUPID AUDIO ADS ARE STILL PLAYING =(

 

This is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/12/2015
Scan Time: 12:47:00 PM
Logfile: malwarebyteslog.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.12.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: pastorjasonharris
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347557
Time Elapsed: 18 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 17
PUP.Optional.Consumer.Input.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [276e72ab26645adc429c7d8da55eb24e], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [148177a6cfbb69cd36308a4ddc27837d], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [c2d3de3fd5b5c571273f19bebf4406fa], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [8213aa730e7cac8a4521538412f18a76], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [ff9671ac0882d066e1850bccdd26fb05], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [8f06f22b4743e254e185488f2cd74fb1], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [93026db0c2c863d36204ce098f74d927], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [177eb06d672365d1d591756259aa06fa], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [cfc617067416c571b0b67463e221a65a], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [8015d34a67237fb74d19805704ffe21e], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [7e1771acc2c82610f076f9def80b6a96], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [aaeb18054545b680c5a1af28778c7b85], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [4a4bb46987039e9897cf696ea261768a], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [7520ba63b9d162d43630eee93bc835cb], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [c8cd0a13d7b342f455118a4d19eaa858], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [53427aa3d8b278be630327b013f0936d], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [d2c325f8e3a738fe2c3a7067e51e13ed], 
 
Registry Values: 1
PUP.Optional.ConsumerInput.A, HKU\S-1-5-21-3177413435-3017813973-954904672-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ConsumerInput@Compete, C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi, Quarantined, [128362bbdcaef73ffe2c5b42e32025db]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.GetPrivate.A, C:\Windows\System32\Tasks\GPUpdateCheck, Quarantined, [9203d6478505dc5a731190042ed5e41c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by pastorjasonharris, 12 February 2015 - 02:22 PM.


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:33 AM

Posted 15 February 2015 - 02:33 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 pastorjasonharris

pastorjasonharris
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 15 February 2015 - 05:08 PM

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 15:59:55
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : pastorjasonharris - MRLAPPY
# Running from : C:\Users\pastorjasonharris\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [4334 bytes] - [12/02/2015 11:42:40]
AdwCleaner[R1].txt - [4455 bytes] - [12/02/2015 11:59:48]
AdwCleaner[R2].txt - [917 bytes] - [15/02/2015 15:52:21]
AdwCleaner[S0].txt - [4444 bytes] - [12/02/2015 12:05:28]
AdwCleaner[S1].txt - [845 bytes] - [15/02/2015 15:59:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [903  bytes] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/15/2015
Scan Time: 4:04:14 PM
Logfile: mwbtyes.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.15.06
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: pastorjasonharris
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348959
Time Elapsed: 21 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by pastorjasonharris, 15 February 2015 - 05:28 PM.


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:33 AM

Posted 16 February 2015 - 04:37 AM

Step 3 & 4 are missing. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 pastorjasonharris

pastorjasonharris
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 18 February 2015 - 12:21 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by pastorjasonharris on Sun 02/15/2015 at 16:39:29.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/15/2015 at 16:49:12.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by pastorjasonharris (administrator) on MRLAPPY on 18-02-2015 11:19:06
Running from C:\Users\pastorjasonharris\Downloads
Loaded Profiles: pastorjasonharris (Available profiles: pastorjasonharris)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkDMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\pastorjasonharris\AppData\Roaming\SpeedTray\speedtray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-07-05] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-10] (AppEx Networks Corporation)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2013-11-29] (Hewlett-Packard Co.)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [Google Update] => C:\Users\pastorjasonharris\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-03] (Google Inc.)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [BBE1B7262CF6DE8AF66C0F990D82687BF0F6F6C9._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [SpeedTray] => C:\Users\pastorjasonharris\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-25] ()
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [GoogleChromeAutoLaunch_FC093376F8F4ECE1CD5AFFC7E19E8C14] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\RunOnce: [Adobe Speed Launcher] => 1424203301
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3177413435-3017813973-954904672-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3177413435-3017813973-954904672-1001 -> {EF4E0BD9-0B13-4E69-A95B-3FF888C9E7A0} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\pastorjasonharris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @talk.google.com/O1DPlugin -> C:\Users\pastorjasonharris\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @tools.google.com/Google Update;version=3 -> C:\Users\pastorjasonharris\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @tools.google.com/Google Update;version=9 -> C:\Users\pastorjasonharris\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3177413435-3017813973-954904672-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\pastorjasonharris\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\pastorjasonharris\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\pastorjasonharris\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-06]
CHR Extension: (Google Drive) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (F5 Networks Plugin Host) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjhelpopbdbnlfmjkbkfkbfmbneaeob [2013-12-13]
CHR Extension: (YouTube) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06]
CHR Extension: (Google Cast) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-14]
CHR Extension: (Google Search) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06]
CHR Extension: (The Great Grass Sea Theme) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpghdlkjginnphhfpdccobkbncldkgmc [2013-12-06]
CHR Extension: (Arcane Legends) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2014-01-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Plants vs Zombies) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-12-30]
CHR Extension: (Hangouts) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-03]
CHR Extension: (Google Wallet) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
CHR Extension: (Readability) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-03-07]
CHR Extension: (Gmail) - C:\Users\pastorjasonharris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
CHR HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe [404360 2013-06-17] (Samsung) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HPSLPSVC; C:\Users\pastorjasonharris\AppData\Local\Temp\7zS46E0\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-07-05] (Copyright 2013 SAMSUNG)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1594176 2014-04-22] (Samsung Electronics CO., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-17] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-07-10] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 cpuz137; \??\C:\Users\PASTOR~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 SBIOSIO; \??\C:\Users\PASTOR~1\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 urvpndrv; \SystemRoot\system32\DRIVERS\covpnv64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-18 11:18 - 2015-02-18 11:18 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\FRST-OlderVersion
2015-02-17 14:01 - 2015-02-17 14:01 - 00000000 ___RD () C:\Users\pastorjasonharris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-15 16:49 - 2015-02-15 16:49 - 00000768 _____ () C:\Users\pastorjasonharris\Desktop\JRT.txt
2015-02-15 16:29 - 2015-02-15 16:29 - 01388274 _____ (Thisisu) C:\Users\pastorjasonharris\Downloads\JRT (1).exe
2015-02-15 16:28 - 2015-02-15 16:28 - 00001058 _____ () C:\Users\pastorjasonharris\Desktop\mwbtyes.txt
2015-02-15 16:00 - 2015-02-15 16:00 - 00001630 _____ () C:\WINDOWS\PFRO.log
2015-02-15 16:00 - 2015-02-15 16:00 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-02-15 16:00 - 2015-02-15 16:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-15 15:56 - 2015-02-15 15:57 - 00000000 ____D () C:\Users\pastorjasonharris\Documents\RSI
2015-02-15 15:51 - 2015-02-15 15:51 - 02112512 _____ () C:\Users\pastorjasonharris\Downloads\AdwCleaner (1).exe
2015-02-13 15:13 - 2015-01-22 22:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 15:13 - 2015-01-22 21:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 18:14 - 2015-02-12 18:14 - 00000112 _____ () C:\Users\pastorjasonharris\Desktop\signaturelineRSI.txt
2015-02-12 14:20 - 2015-02-17 16:39 - 01311346 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-12 13:17 - 2015-02-12 13:17 - 00042465 _____ () C:\Users\pastorjasonharris\Downloads\Addition (1).txt
2015-02-12 12:51 - 2015-02-12 12:51 - 00002275 _____ () C:\Users\pastorjasonharris\Desktop\Google Chrome.lnk
2015-02-12 12:51 - 2015-02-12 12:51 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-12 12:01 - 2015-02-12 12:02 - 05325208 _____ (Piriform Ltd) C:\Users\pastorjasonharris\Downloads\ccsetup502.exe
2015-02-12 11:41 - 2015-02-15 15:59 - 00000000 ____D () C:\AdwCleaner
2015-02-12 11:40 - 2015-02-12 11:40 - 02112512 _____ () C:\Users\pastorjasonharris\Downloads\AdwCleaner.exe
2015-02-12 11:34 - 2015-02-12 11:35 - 00042465 _____ () C:\Users\pastorjasonharris\Downloads\Addition.txt
2015-02-12 11:32 - 2015-02-18 11:19 - 00019776 _____ () C:\Users\pastorjasonharris\Downloads\FRST.txt
2015-02-12 11:31 - 2015-02-18 11:19 - 00000000 ____D () C:\FRST
2015-02-12 11:31 - 2015-02-18 11:18 - 02085888 _____ (Farbar) C:\Users\pastorjasonharris\Downloads\FRST64.exe
2015-02-12 11:14 - 2015-02-12 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-02-12 11:14 - 2015-02-12 11:14 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-02-12 11:09 - 2015-02-12 11:11 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\pastorjasonharris\Downloads\cbSetup.exe
2015-02-11 11:58 - 2015-02-11 11:58 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2015-02-10 20:08 - 2015-02-03 17:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 20:08 - 2015-02-03 17:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 20:08 - 2015-02-03 17:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 20:08 - 2015-02-02 17:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 20:08 - 2015-02-02 17:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 20:08 - 2015-02-02 17:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 20:08 - 2015-01-19 12:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 20:08 - 2014-12-19 02:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 20:08 - 2014-12-19 02:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 20:08 - 2014-12-08 17:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 19:07 - 2015-01-15 16:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 19:07 - 2015-01-15 16:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 19:07 - 2015-01-13 22:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 19:07 - 2015-01-13 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 19:07 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 19:07 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 19:07 - 2015-01-11 20:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 19:07 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 19:07 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 19:07 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 19:07 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 19:07 - 2015-01-10 01:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 19:07 - 2015-01-10 00:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 19:07 - 2014-12-08 21:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 19:07 - 2014-12-08 19:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 19:07 - 2014-10-28 20:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 19:07 - 2014-10-28 20:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 19:07 - 2014-10-28 20:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 19:07 - 2014-10-28 20:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 19:07 - 2014-10-28 19:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 19:06 - 2015-01-13 16:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 19:06 - 2015-01-13 16:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 19:06 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 19:06 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 19:06 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 19:06 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 19:06 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 19:06 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 19:06 - 2015-01-11 19:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 19:06 - 2015-01-11 19:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 19:06 - 2015-01-11 19:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 19:06 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 19:06 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 19:06 - 2015-01-11 19:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 19:06 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 19:06 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 19:06 - 2015-01-11 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 19:06 - 2015-01-11 19:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 19:06 - 2015-01-11 19:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 19:06 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 19:06 - 2015-01-11 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 19:06 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 19:06 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 19:06 - 2015-01-11 19:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 19:06 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 19:06 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 19:06 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 19:06 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 19:06 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 19:06 - 2015-01-10 03:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 19:06 - 2015-01-10 03:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 19:06 - 2015-01-10 02:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 19:06 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 19:06 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 19:06 - 2014-10-28 19:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 19:06 - 2014-10-28 19:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 19:06 - 2014-10-28 19:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 19:06 - 2014-10-28 19:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 19:06 - 2014-10-28 19:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 19:06 - 2014-10-28 19:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 19:05 - 2015-01-10 02:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-08 19:47 - 2015-02-08 19:47 - 00000081 _____ () C:\Users\pastorjasonharris\Downloads\Banana.cp
2015-02-08 19:35 - 2015-02-08 19:35 - 14224911 _____ () C:\Users\pastorjasonharris\Downloads\South Park (USA).zip
2015-02-08 19:28 - 2015-02-08 19:28 - 00000072 _____ () C:\Users\pastorjasonharris\Downloads\Gamepad.jsf
2015-02-08 19:27 - 2015-02-08 19:27 - 07341544 _____ () C:\Users\pastorjasonharris\Downloads\Doom 64 (USA).zip
2015-02-05 13:05 - 2015-02-05 13:05 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-02-05 13:05 - 2015-02-05 13:05 - 00001188 _____ () C:\Users\Public\Desktop\paint.net.lnk
2015-02-05 13:05 - 2015-02-05 13:05 - 00000000 ____D () C:\Program Files\paint.net
2015-02-05 13:04 - 2015-02-05 13:09 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Local\paint.net
2015-02-05 13:03 - 2015-02-05 13:04 - 06528454 _____ () C:\Users\pastorjasonharris\Downloads\paint.net.4.0.5.install.zip
2015-02-03 18:06 - 2015-02-14 22:43 - 00000000 ____D () C:\ZDaemon
2015-02-03 18:06 - 2015-02-03 18:06 - 13086641 _____ () C:\Users\pastorjasonharris\Downloads\zdaemon-setup.exe
2015-02-03 18:06 - 2015-02-03 18:06 - 00000610 _____ () C:\Users\Public\Desktop\ZDaemon Game Launcher.lnk
2015-02-03 18:06 - 2015-02-03 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZDaemon
2015-02-03 15:26 - 2015-02-03 15:26 - 02194432 _____ () C:\Users\pastorjasonharris\Downloads\Unconfirmed 48301.crdownload
2015-02-03 15:25 - 2015-02-12 11:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-03 15:25 - 2015-02-03 15:26 - 01388274 _____ (Thisisu) C:\Users\pastorjasonharris\Downloads\JRT.exe
2015-02-03 15:24 - 2015-02-03 15:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\pastorjasonharris\Downloads\revosetup.exe
2015-02-03 15:23 - 2015-02-03 15:24 - 05611380 _____ (Swearware) C:\Users\pastorjasonharris\Downloads\ComboFix.exe
2015-02-03 13:47 - 2015-02-03 13:47 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Compete
2015-02-03 13:46 - 2015-02-03 13:46 - 00000004 _____ () C:\Users\pastorjasonharris\AppData\Roaming\.lockfile
2015-01-30 12:09 - 2015-01-30 12:09 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Mozilla
2015-01-26 09:53 - 2015-01-26 10:14 - 00021542 _____ () C:\Users\pastorjasonharris\Downloads\nestopia.xml
2015-01-26 09:53 - 2015-01-26 09:53 - 00003194 _____ () C:\WINDOWS\System32\Tasks\{E5AFE741-ECAF-40C5-9F88-4F3306EDB083}
2015-01-26 09:52 - 2015-01-26 10:14 - 00006648 _____ () C:\Users\pastorjasonharris\Downloads\nestopia.log
2015-01-26 09:52 - 2015-01-26 10:10 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\states
2015-01-26 09:52 - 2015-01-26 09:53 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\save
2015-01-26 09:52 - 2015-01-26 09:52 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\screenshots
2015-01-26 09:52 - 2015-01-26 09:52 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\samples
2015-01-26 09:52 - 2015-01-26 09:52 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\patches
2015-01-26 09:52 - 2015-01-26 09:52 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\cheats
2015-01-25 22:00 - 2015-01-25 22:00 - 00403266 _____ () C:\Users\pastorjasonharris\Downloads\Visual Latin Sample Worksheets.zip
2015-01-20 20:32 - 2015-01-20 20:33 - 47645360 _____ () C:\Users\pastorjasonharris\Downloads\Phoenix-Firestorm-Release-4-6-9-42974_Setup.exe
2015-01-20 17:18 - 2015-01-20 17:18 - 00221647 _____ () C:\Users\pastorjasonharris\Downloads\Crystalis (USA).zip
2015-01-20 17:03 - 2015-01-20 17:03 - 00142245 _____ () C:\Users\pastorjasonharris\Downloads\Faxanadu (USA).zip
2015-01-20 16:46 - 2015-01-20 16:46 - 02065920 _____ () C:\Users\pastorjasonharris\Downloads\nestopia.exe
2015-01-20 16:46 - 2015-01-20 16:46 - 00169984 _____ () C:\Users\pastorjasonharris\Downloads\7zxa.dll
2015-01-20 16:46 - 2015-01-20 16:46 - 00162304 _____ () C:\Users\pastorjasonharris\Downloads\unrar.dll
2015-01-20 16:46 - 2015-01-20 16:46 - 00036781 _____ () C:\Users\pastorjasonharris\Downloads\readme.html
2015-01-20 16:46 - 2015-01-20 16:46 - 00033631 _____ () C:\Users\pastorjasonharris\Downloads\schemadb.xsd
2015-01-20 16:46 - 2015-01-20 16:46 - 00033617 _____ () C:\Users\pastorjasonharris\Downloads\schemaromset.xsd
2015-01-20 16:46 - 2015-01-20 16:46 - 00032256 _____ () C:\Users\pastorjasonharris\Downloads\kailleraclient.dll
2015-01-20 16:46 - 2015-01-20 16:46 - 00015402 _____ () C:\Users\pastorjasonharris\Downloads\copying.txt
2015-01-20 16:46 - 2015-01-20 16:46 - 00000000 ____D () C:\Users\pastorjasonharris\Downloads\language
2015-01-20 16:45 - 2015-01-20 16:45 - 01249640 _____ () C:\Users\pastorjasonharris\Downloads\Nestopia140bin (1).zip
2015-01-19 13:24 - 2015-01-19 13:24 - 00002028 _____ () C:\Users\pastorjasonharris\Downloads\contacts.csv
2015-01-19 13:23 - 2015-01-19 13:23 - 00001007 _____ () C:\Users\pastorjasonharris\Downloads\google (2).csv
2015-01-19 03:20 - 2015-01-19 03:20 - 00090466 _____ () C:\Users\pastorjasonharris\Downloads\Mario Bros..7z
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-18 11:19 - 2013-12-14 14:59 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5D18165C-4F8F-43D3-B4E4-3C721FCA011E}
2015-02-18 11:16 - 2014-12-12 07:14 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\SpeedTray
2015-02-17 18:08 - 2013-12-14 11:18 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2015-02-17 18:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-17 17:35 - 2014-10-21 11:29 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cfed549d5ef29f.job
2015-02-17 17:35 - 2014-10-21 11:29 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfed549c89ec54.job
2015-02-17 17:29 - 2013-12-06 18:19 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 17:24 - 2014-06-05 09:51 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-17 17:15 - 2014-10-22 18:09 - 00000972 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001UA1cfee55904d32ab.job
2015-02-17 17:09 - 2014-04-03 09:54 - 00000972 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001UA.job
2015-02-17 14:36 - 2013-12-06 18:27 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Local\CrashDumps
2015-02-17 14:04 - 2013-07-09 01:27 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-17 14:01 - 2013-12-14 14:58 - 00000000 ___RD () C:\Users\pastorjasonharris\Google Drive
2015-02-17 14:01 - 2013-12-14 11:54 - 00000000 ___DO () C:\Users\pastorjasonharris\SkyDrive
2015-02-17 14:01 - 2013-12-06 18:19 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 05:39 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 05:37 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-16 05:37 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-16 05:36 - 2013-12-26 15:51 - 00074752 ___SH () C:\Users\pastorjasonharris\Desktop\Thumbs.db
2015-02-15 16:39 - 2014-02-01 21:46 - 00456704 ___SH () C:\Users\pastorjasonharris\Downloads\Thumbs.db
2015-02-15 16:27 - 2014-07-03 15:50 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 16:00 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-15 16:00 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 23:04 - 2014-06-24 20:01 - 00000000 ____D () C:\Doom
2015-02-14 20:09 - 2014-04-03 09:54 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001Core.job
2015-02-14 12:15 - 2014-10-22 18:09 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001Core1cfee558f75d2cf.job
2015-02-13 15:19 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 14:31 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 13:14 - 2013-12-06 18:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3177413435-3017813973-954904672-1001
2015-02-12 12:51 - 2013-12-06 18:11 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Local\VirtualStore
2015-02-12 12:44 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-12 12:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-12 12:02 - 2014-01-19 07:05 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-12 12:02 - 2014-01-19 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-12 12:02 - 2014-01-19 07:05 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 11:59 - 2013-07-09 01:37 - 00000000 ____D () C:\Users\EasySurvey
2015-02-12 11:55 - 2013-12-13 12:45 - 00000000 ____D () C:\ProgramData\F5 Networks
2015-02-12 11:51 - 2013-12-06 18:30 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Samsung
2015-02-12 11:45 - 2014-12-06 17:08 - 00000000 ____D () C:\Program Files\Andy
2015-02-12 11:45 - 2013-12-14 11:24 - 00000000 ____D () C:\Users\pastorjasonharris
2015-02-11 12:40 - 2013-08-22 08:44 - 00417448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 12:39 - 2014-12-13 20:42 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 12:39 - 2014-07-15 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 12:39 - 2014-07-09 18:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 12:39 - 2013-12-08 17:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 12:31 - 2013-12-08 17:55 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 11:58 - 2014-07-28 11:22 - 00001874 _____ () C:\Users\pastorjasonharris\Desktop\Zoom.lnk
2015-02-11 11:58 - 2014-07-28 11:22 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Roaming\Zoom
2015-02-06 17:30 - 2014-10-21 11:29 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cfed549d5ef29f
2015-02-06 17:30 - 2014-10-21 11:29 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cfed549c89ec54
2015-02-05 12:10 - 2014-10-22 18:09 - 00003942 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001UA1cfee55904d32ab
2015-02-05 12:10 - 2014-10-22 18:09 - 00003562 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3177413435-3017813973-954904672-1001Core1cfee558f75d2cf
2015-02-04 14:24 - 2014-06-05 09:51 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 13:31 - 2014-04-28 17:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:31 - 2014-04-28 17:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 11:31 - 2013-12-14 12:48 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-28 11:31 - 2013-12-14 12:48 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-28 11:31 - 2013-12-14 12:48 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-28 11:31 - 2013-12-14 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-21 04:40 - 2013-12-06 20:09 - 00000000 ____D () C:\Users\pastorjasonharris\AppData\Local\Firestorm
2015-01-20 17:19 - 1996-12-24 23:32 - 00393232 _____ () C:\Users\pastorjasonharris\Downloads\Crystalis (USA).nes
2015-01-20 17:05 - 1996-12-24 23:32 - 00262160 _____ () C:\Users\pastorjasonharris\Downloads\Faxanadu (USA).nes
2015-01-19 03:18 - 2014-11-06 20:28 - 00002048 _____ () C:\Users\pastorjasonharris\Downloads\Super Mario World.srm
 
==================== Files in the root of some directories =======
 
2015-02-03 13:46 - 2015-02-03 13:46 - 0000004 _____ () C:\Users\pastorjasonharris\AppData\Roaming\.lockfile
2013-12-06 18:12 - 2013-12-22 03:31 - 0006173 _____ () C:\Users\pastorjasonharris\AppData\Roaming\AbsoluteReminder.xml
2014-12-15 14:25 - 2014-12-15 14:25 - 0190461 _____ () C:\Users\pastorjasonharris\AppData\Local\ars.cache
2014-12-15 14:25 - 2014-12-15 14:25 - 0251512 _____ () C:\Users\pastorjasonharris\AppData\Local\census.cache
2014-08-27 13:08 - 2014-08-27 13:08 - 0003584 _____ () C:\Users\pastorjasonharris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-15 14:10 - 2014-12-15 14:10 - 0000036 _____ () C:\Users\pastorjasonharris\AppData\Local\housecall.guid.cache
2013-12-08 23:53 - 2013-12-08 23:53 - 0000017 _____ () C:\Users\pastorjasonharris\AppData\Local\resmon.resmoncfg
2014-12-15 14:16 - 2014-12-15 14:16 - 0000010 _____ () C:\Users\pastorjasonharris\AppData\Local\sponge.last.runtime.cache
2014-01-19 07:16 - 2014-01-19 07:16 - 0045426 _____ () C:\ProgramData\1390137338.bdinstall.bin
2014-01-19 07:26 - 2014-01-19 07:26 - 0206971 _____ () C:\ProgramData\1390137650.bdinstall.bin
2013-12-30 13:00 - 2013-12-30 13:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-12-30 13:42 - 2013-12-30 13:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-07-09 01:38 - 2013-02-19 01:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-07-09 01:38 - 2013-01-12 08:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\pastorjasonharris\jagex_cl_runescape_LIVE.dat
C:\Users\pastorjasonharris\random.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-14 04:32
 
==================== End Of Log ============================


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:33 AM

Posted 19 February 2015 - 04:35 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\RunOnce: [Adobe Speed Launcher] => 1424203301
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-3177413435-3017813973-954904672-1001 -> {EF4E0BD9-0B13-4E69-A95B-3FF888C9E7A0} URL = 
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    CHR HKU\S-1-5-21-3177413435-3017813973-954904672-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    C:\ProgramData\MakeMarkerFile.exe
    C:\Users\pastorjasonharris\jagex_cl_runescape_LIVE.dat
    C:\Users\pastorjasonharris\random.dat
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 21 February 2015 - 08:57 AM

Greetings pastorjasonharris,

Machiavelli will be unavailable to reply for a bit of time and since we don't want to delay addressing your concerns I will be coming in alongside to continue to address your issues. Please allow me a little bit of time to come up to speed.

Thanks for your understanding and patience,

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 21 February 2015 - 09:21 AM

Greetings,

I have reviewed the Topic. Once we are able to review the results of the posted steps we can continue on.

Please provide an update regarding your computer performance.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 23 February 2015 - 09:15 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 pastorjasonharris

pastorjasonharris
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 25 February 2015 - 09:01 AM

All fixed. Thanks guys!

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 25 February 2015 - 10:17 AM

Very good, thank you for checking back in.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 25 February 2015 - 10:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users