Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with koobface removal from windows 8


  • This topic is locked This topic is locked
38 replies to this topic

#1 samson77

samson77

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 16 February 2015 - 05:22 PM

I have a very slow computer that opens several web pages and a lot of adds will pop up, this is a new computer that I just bought for my office. I called Microsoft according to the web page that popped in red stating I needed to call Microsoft once I did this I was told I had a Koobface malware I have ran AVG and no solution Please help me thanks. 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:58 AM

Posted 17 February 2015 - 09:45 AM

Greetings samson77 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 samson77

samson77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 17 February 2015 - 11:53 AM

Hello Gary I shall get started right now on this 

 

 

 

 

Thank YOU !!



#4 samson77

samson77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 February 2015 - 12:45 PM

Hello 

I am sorry I have not been at work due to a snow storm I am here now and will try to begin the process of fixin this pc. 

 

 

Thanks,

Again



#5 samson77

samson77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 February 2015 - 01:13 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by angela (administrator) on SPECTRUMBRAIN on 19-02-2015 11:48:22
Running from C:\Users\angela\Downloads
Loaded Profiles: angela &  (Available profiles: angela)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\lxducoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Users\angela\AppData\Local\GeniusBox\Client.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pokki) C:\Users\angela\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
() C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Lexmark International Inc.) C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\ezprint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Pokki) C:\Users\angela\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\angela\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\angela\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Farbar) C:\Users\angela\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [lxdumon.exe] => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\ezprint.exe [131752 2010-02-04] (Lexmark International Inc.)
HKLM-x32\...\Run: [Lexmark 5600-6600 Series] => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\fm3032.exe [311976 2010-02-04] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\Run: [GoogleChromeAutoLaunch_DA114BABD8A282D3DD692F4DFEBE4AEA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\RunOnce: [Application Restart #1] => C:\Users\angela\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_DA114BABD8A282D3DD692F4DFEBE4AEA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Users\angela\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1978231634-3685791637-4233073095-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1978231634-3685791637-4233073095-1001] => http=127.0.0.1:49167;https=127.0.0.1:49167
ProxyEnable: [S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:49167;https=127.0.0.1:49167
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://hp.features.aol.com/
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://hp.features.aol.com/
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKU\S-1-5-21-1978231634-3685791637-4233073095-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1978231634-3685791637-4233073095-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1978231634-3685791637-4233073095-1001 -> {AC89D509-8BCD-4090-9741-3C25CC3A8C9F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AC89D509-8BCD-4090-9741-3C25CC3A8C9F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files (x86)\Lexmark Printable Web\bho.dll ()
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com/", "hxxp://www.google.com/"
CHR Profile: C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Entanglement Web App) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-31]
CHR Extension: (Angry Birds) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-31]
CHR Extension: (Google Docs) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-31]
CHR Extension: (Google Drive) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-31]
CHR Extension: (YouTube) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-31]
CHR Extension: (Google Cast) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-31]
CHR Extension: (Webpage Screenshot) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-12-31]
CHR Extension: (Google Search) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-31]
CHR Extension: (Google Sheets) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-31]
CHR Extension: (Stylish) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-12-31]
CHR Extension: (Pin It Button) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-31]
CHR Extension: (NPR Infinite Player) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2014-12-31]
CHR Extension: (Alarm Clock Radio) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2014-12-31]
CHR Extension: (Cyti Web) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkeobngkljlpaejomogmbmafgaidaief [2015-01-01]
CHR Extension: (Ella Moss) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\klghmpijngbhkpcnbdjpdbognohonimk [2014-12-31]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-12-31]
CHR Extension: (Melanto Calculator) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioffklpggjkmgpndbfklpnclpohpjid [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-31]
CHR Extension: (Gmail) - C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 lxdu_device; C:\windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2013-12-17] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmUHubftr; C:\Windows\System32\drivers\AmUHubftr.sys [24344 2013-12-06] (Alcor Micro, Corp.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 11:47 - 2015-02-19 11:47 - 02086912 _____ (Farbar) C:\Users\angela\Downloads\FRST64 (1).exe
2015-02-17 11:04 - 2015-02-17 11:05 - 00030834 _____ () C:\Users\angela\Downloads\Addition.txt
2015-02-17 11:00 - 2015-02-19 11:48 - 00021349 _____ () C:\Users\angela\Downloads\FRST.txt
2015-02-17 11:00 - 2015-02-19 11:48 - 00000000 ____D () C:\FRST
2015-02-17 10:59 - 2015-02-17 10:59 - 02085888 _____ (Farbar) C:\Users\angela\Downloads\FRST64.exe
2015-02-16 21:15 - 2015-02-16 21:15 - 00000000 ____D () C:\Users\angela\Documents\Youcam
2015-02-16 03:34 - 2015-02-17 12:03 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 03:33 - 2015-02-16 03:33 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-16 03:33 - 2015-02-16 03:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-16 03:33 - 2015-02-16 03:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 03:33 - 2015-02-16 03:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-16 03:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-16 03:33 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-16 03:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-16 03:31 - 2015-02-16 03:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\angela\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-12 09:52 - 2015-01-22 22:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 09:52 - 2015-01-22 21:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 14:44 - 2015-02-11 14:44 - 00941105 _____ () C:\ProgramData\SPL4072.tmp
2015-02-11 08:01 - 2015-02-11 08:03 - 113392440 _____ (AVG Technologies) C:\Users\angela\Downloads\avg_tuh_stf_all_2015_373_24c28.exe
2015-02-11 07:48 - 2015-02-11 07:48 - 00000000 ____D () C:\Users\angela\AppData\Roaming\AVG2015
2015-02-11 07:48 - 2015-01-15 16:43 - 00563504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 07:48 - 2015-01-15 16:43 - 00177984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:48 - 2015-01-13 22:22 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-02-11 07:48 - 2015-01-13 21:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-02-11 07:48 - 2014-10-28 20:51 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 07:48 - 2014-10-28 20:50 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 07:48 - 2014-10-28 20:06 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 07:48 - 2014-10-28 20:06 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 07:48 - 2014-10-28 19:31 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 07:46 - 2015-02-11 07:47 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-11 07:46 - 2015-02-11 07:46 - 00000988 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-11 07:46 - 2015-02-11 07:46 - 00000000 ___HD () C:\$AVG
2015-02-11 07:46 - 2015-02-11 07:46 - 00000000 ____D () C:\Users\angela\AppData\Roaming\TuneUp Software
2015-02-11 07:46 - 2015-02-11 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-11 07:45 - 2015-02-11 07:45 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-11 07:45 - 2015-01-19 12:42 - 01487976 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-02-11 07:45 - 2015-01-13 16:11 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 07:45 - 2015-01-13 16:04 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:45 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 07:45 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 07:45 - 2015-01-10 03:10 - 07472960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 07:45 - 2015-01-10 03:10 - 01733440 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-02-11 07:45 - 2015-01-10 02:28 - 01498360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-02-11 07:45 - 2015-01-10 01:00 - 00430080 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 07:45 - 2015-01-10 00:38 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 07:45 - 2014-12-19 02:57 - 00788680 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 07:45 - 2014-12-19 02:25 - 00602776 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 07:45 - 2014-12-08 21:45 - 00393728 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 07:45 - 2014-12-08 19:56 - 00538624 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 07:45 - 2014-12-08 17:12 - 00391526 _____ () C:\windows\system32\ApnDatabase.xml
2015-02-11 07:45 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-02-11 07:45 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-02-11 07:45 - 2014-10-28 19:57 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-02-11 07:45 - 2014-10-28 19:15 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-02-11 07:45 - 2014-10-28 19:15 - 00005632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-02-11 07:45 - 2014-10-28 19:14 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-02-11 07:45 - 2014-10-28 19:13 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-02-11 07:45 - 2014-10-28 19:13 - 00008704 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-02-11 07:44 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 07:44 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 07:44 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 07:44 - 2015-01-11 20:34 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-02-11 07:44 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 07:44 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 07:44 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 07:44 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:44 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 07:44 - 2015-01-11 19:58 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-02-11 07:44 - 2015-01-11 19:55 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-02-11 07:44 - 2015-01-11 19:51 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-02-11 07:44 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 07:44 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 07:44 - 2015-01-11 19:48 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 07:44 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 07:44 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 07:44 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 07:44 - 2015-01-11 19:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-02-11 07:44 - 2015-01-11 19:30 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-02-11 07:44 - 2015-01-11 19:27 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-02-11 07:44 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 07:44 - 2015-01-11 19:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-02-11 07:44 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 07:44 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 07:44 - 2015-01-11 19:23 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 07:44 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 07:44 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 07:44 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 07:44 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 07:44 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 07:44 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 07:44 - 2015-01-10 02:22 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-11 07:41 - 2015-02-19 11:39 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-11 07:41 - 2015-02-11 12:21 - 00000000 ____D () C:\Users\angela\AppData\Local\Avg2015
2015-02-11 07:41 - 2015-02-11 07:41 - 00000000 ____D () C:\Users\angela\AppData\Local\MFAData
2015-02-11 07:39 - 2015-02-11 07:40 - 04637504 _____ (AVG Technologies) C:\Users\angela\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-02-10 12:28 - 2015-02-10 12:28 - 01060536 _____ (Microsoft Corporation) C:\Users\angela\Downloads\Setup.X86.en-us_O365ProPlusRetail_aabf550e-5de0-46ee-9f0f-9a3737af5deb_TX_PR_.exe
2015-01-26 07:43 - 2015-02-09 07:38 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-01-26 07:43 - 2015-02-09 07:37 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-22 13:22 - 2015-02-10 12:30 - 00000000 ____D () C:\Users\angela\Desktop\Task and Skills
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 11:41 - 2014-12-31 15:00 - 02035230 _____ () C:\windows\WindowsUpdate.log
2015-02-19 11:34 - 2014-12-31 15:04 - 00000000 ____D () C:\Users\angela\AppData\Local\Pokki
2015-02-19 11:34 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-17 12:32 - 2014-12-31 15:15 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 21:29 - 2014-12-31 15:09 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1978231634-3685791637-4233073095-1001
2015-02-16 21:18 - 2014-03-18 03:53 - 00891920 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-16 21:13 - 2015-01-02 10:48 - 00000504 _____ () C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
2015-02-16 21:13 - 2014-12-31 15:15 - 00000930 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 21:12 - 2014-07-28 07:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-16 21:12 - 2014-07-28 07:30 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-16 21:12 - 2014-03-18 03:44 - 00070704 _____ () C:\windows\PFRO.log
2015-02-16 21:12 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-16 21:12 - 2013-08-22 08:46 - 00022497 _____ () C:\windows\setupact.log
2015-02-16 21:12 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-16 21:10 - 2013-08-22 09:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2015-02-16 21:09 - 2014-07-28 07:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-02-16 04:21 - 2014-12-31 15:04 - 00000000 ____D () C:\Users\angela\AppData\Local\Packages
2015-02-16 04:08 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Camera
2015-02-16 04:08 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-13 11:49 - 2014-12-31 15:04 - 00000000 ____D () C:\Users\angela
2015-02-13 11:44 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-02-13 10:52 - 2015-01-07 13:04 - 00000000 ____D () C:\Users\angela\Desktop\Angela's forms
2015-02-12 13:23 - 2015-01-02 11:28 - 00000000 ____D () C:\ProgramData\lx_Cats
2015-02-12 10:10 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache
2015-02-12 09:58 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
2015-02-11 15:00 - 2013-08-22 08:44 - 00492000 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-11 08:14 - 2014-12-31 15:13 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-02-11 07:40 - 2014-12-31 15:14 - 00000000 ____D () C:\Users\angela\Documents\ProPCCleaner
2015-02-11 07:39 - 2014-12-31 15:14 - 00003472 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup
2015-02-10 12:34 - 2015-01-02 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-10 12:31 - 2015-01-02 10:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-06 14:36 - 2014-12-31 15:16 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 14:27 - 2014-12-31 15:15 - 00003906 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 14:27 - 2014-12-31 15:15 - 00003670 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 12:35 - 2015-01-07 07:54 - 00000000 ____D () C:\Users\angela\Desktop\Resident files 2
2015-02-05 11:14 - 2015-01-02 11:06 - 00001485 _____ () C:\ProgramData\lxdu.log
2015-02-04 12:59 - 2015-01-13 19:31 - 00000000 ____D () C:\Users\angela\Desktop\Discharged Resident's
2015-02-04 08:38 - 2015-01-07 08:05 - 00000000 ____D () C:\Users\angela\Desktop\Dr Staffing
2015-02-03 13:31 - 2015-01-18 16:22 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:31 - 2015-01-18 16:22 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 08:10 - 2015-01-06 09:15 - 00000000 ____D () C:\Users\angela\Desktop\Tx Reviews Angela's
2015-01-26 07:43 - 2014-07-28 06:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-23 15:38 - 2013-08-22 07:25 - 00000226 _____ () C:\windows\win.ini
 
==================== Files in the root of some directories =======
 
2014-12-31 15:12 - 2014-12-31 15:12 - 0000064 _____ () C:\Users\angela\AppData\Local\2e0839689374ed57bab890cd8c6814f3
2015-01-02 11:06 - 2015-01-02 11:06 - 0000252 _____ () C:\ProgramData\FastPics.log
2015-01-02 11:06 - 2015-02-05 11:14 - 0001485 _____ () C:\ProgramData\lxdu.log
2015-02-11 14:44 - 2015-02-11 14:44 - 0941105 _____ () C:\ProgramData\SPL4072.tmp
 
Some content of TEMP:
====================
C:\Users\angela\AppData\Local\Temp\0188041424142431mcinst.exe
C:\Users\angela\AppData\Local\Temp\oct7317.tmp.exe
C:\Users\angela\AppData\Local\Temp\oct805F.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-17 03:19
 
==================== End Of Log ============================
 
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Alcor Micro Generic Hub Filter Driver (HKLM-x32\...\AmUHubftr) (Version: 1.5.0.8 - Alcor Micro Corp.)
Alcor Micro Generic Hub Filter Driver (x32 Version: 1.5.0.8 - Alcor Micro Corp.) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4284 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.5.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3702 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3625 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3626 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.3.48508 - Pokki)
FarmVille 2 (HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.3.48508 - Pokki)
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Host App Service (HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\Pokki) (Version: 0.269.5.375 - Pokki)
Host App Service (HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki) (Version: 0.269.5.375 - Pokki)
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lexmark 5600-6600 Series (HKLM-x32\...\Lexmark 5600-6600 Series) (Version:  - Lexmark International, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.20.11.17 - Client Connect LTD) <==== ATTENTION
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Start Menu (HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\Pokki_Start_Menu) (Version: 0.269.5.375 - Pokki)
Start Menu (HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_Start_Menu) (Version: 0.269.5.375 - Pokki)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateMyDrivers (HKLM-x32\...\{90AF3F34-F2DA-4A77-9820-EEFDDE19C677}) (Version: 1.1.1.0 - SparkTrust)
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1978231634-3685791637-4233073095-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\angela\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
28-01-2015 07:58:48 Windows Update
04-02-2015 08:54:30 Scheduled Checkpoint
11-02-2015 07:44:16 Installed AVG 2015
11-02-2015 07:45:15 Installed AVG 2015
16-02-2015 03:11:37 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01D24343-6D74-46DC-8711-7F6438750749} - System32\Tasks\SparkTrust Update Version3 => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-11-17] (SparkTrust Systems) <==== ATTENTION
Task: {02447501-3460-4A4E-87FD-1E9E76C39D20} - System32\Tasks\Validate Installation => C:\Users\angela\AppData\Local\GeniusBox\updater.exe [2014-12-29] ()
Task: {17BD0320-2328-4C2A-ADD9-7289C69F270D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {2FAFCA60-E014-4CD0-98A8-F9561A6A9AAD} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\angela\AppData\Local\GeniusBox\client.exe"
Task: {48F4282B-F942-46BC-9CDD-B3F3DA5C371E} - System32\Tasks\UpdateMyDrivers - Scan => C:\Program Files (x86)\SparkTrust\UpdateMyDrivers\UpdateMyDrivers.exe [2014-11-17] (SparkTrust) <==== ATTENTION
Task: {49E5F4A4-671E-426B-9A82-8C07AD077114} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {5110C802-B219-4387-894A-D3A5AB607D24} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-10] (Microsoft Corporation)
Task: {5E06FE8E-E5EF-49B9-A416-73F6BE158775} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-10] (Microsoft Corporation)
Task: {6A029DF0-A8FA-4213-83DB-AFA945417DC4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {7C67EAA3-6355-4B7B-833B-CF3E6F0A9A8B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {81DFC4BA-B76F-4106-87F8-8B84EFA2E545} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {91583E6E-5A56-4ED3-A380-26C618D13590} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {9339F08A-C79C-4236-A160-6785F231FE3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {99F336DB-A535-47BC-A1AC-5A3AAF8EC37F} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {A9484CAE-EDCC-42DF-A416-07B3064307C2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1978231634-3685791637-4233073095-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {B195D869-8D1C-4A0A-8FD3-C5E53AB3E3DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {B2B66C85-6534-46E4-B3D2-336C0A7DFCAD} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {BDF7C603-0A27-4800-A573-000B5EF2F473} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-06] (Microsoft Corporation)
Task: {CB851AE2-DC40-4747-ABB4-59BEB205B3E9} - System32\Tasks\Check Updates => C:\Users\angela\AppData\Local\GeniusBox\updater.exe [2014-12-29] ()
Task: {D1CEBF31-B413-4808-BFD4-B84C5752F6E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DE75645C-793D-46B2-B050-D8DD3B0B7703} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {EA176872-4401-4909-9B17-F008D54E9058} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-11-17] (SparkTrust Systems) <==== ATTENTION
Task: {F1F30BCD-6468-4C24-A69F-CBC14813D3C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {F4D81F17-8A8E-41CA-9DD6-3F228F707B77} - System32\Tasks\Installation App Launcher => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Update Version3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\UpdateMyDrivers - Scan.job => C:\Program Files (x86)\SparkTrust\UpdateMyDrivers\UpdateMyDrivers.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-02 11:28 - 2009-10-16 16:07 - 00186880 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2015-01-02 10:34 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-02 11:17 - 2009-08-19 20:49 - 01400320 _____ () C:\windows\system32\lxdudrs64.dll
2015-01-02 11:17 - 2009-08-19 20:49 - 00025600 _____ () C:\windows\system32\lxducaps64.dll
2015-01-02 11:17 - 2009-08-19 20:39 - 00054784 _____ () C:\windows\system32\lxducnv464.dll
2015-01-06 07:33 - 2015-01-06 07:33 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-22 09:12 - 2014-12-29 14:11 - 00872672 _____ () C:\Users\angela\AppData\Local\GeniusBox\Client.exe
2015-01-02 11:06 - 2010-02-04 06:10 - 00676520 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe
2015-02-10 12:32 - 2015-02-10 12:34 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-01-02 11:06 - 2010-02-04 05:52 - 00380928 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduscw.dll
2015-01-02 11:05 - 2010-02-04 05:36 - 00188416 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
2015-01-02 11:05 - 2009-10-16 11:53 - 00073728 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxducats.dll
2015-01-02 11:06 - 2010-02-04 05:52 - 01036288 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
2015-01-02 11:06 - 2010-02-04 05:52 - 00081920 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxducaps.dll
2015-01-02 11:06 - 2010-02-04 05:35 - 00069632 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
2015-01-02 11:06 - 2010-02-04 05:51 - 00380928 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\iptk.dll
2015-01-02 11:06 - 2007-09-06 06:11 - 00151552 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduptp.dll
2015-02-06 14:36 - 2015-02-04 03:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 14:36 - 2015-02-04 03:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 14:36 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-01-03 22:06 - 2015-01-03 22:06 - 00569856 _____ () C:\Users\angela\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-01-03 22:06 - 2015-01-03 22:06 - 01400846 _____ () C:\Users\angela\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-01-03 22:06 - 2015-01-03 22:06 - 00151054 _____ () C:\Users\angela\AppData\Local\Pokki\Engine\avutil-51.dll
2015-01-03 22:06 - 2015-01-03 22:06 - 00222734 _____ () C:\Users\angela\AppData\Local\Pokki\Engine\avformat-54.dll
2015-01-04 05:58 - 2015-01-04 05:58 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.2.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1978231634-3685791637-4233073095-500 - Administrator - Disabled)
angela (S-1-5-21-1978231634-3685791637-4233073095-1001 - Administrator - Enabled) => C:\Users\angela
Guest (S-1-5-21-1978231634-3685791637-4233073095-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1978231634-3685791637-4233073095-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/19/2015 11:38:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54a1b552
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0xe0434f4d
Fault offset: 0x00012f71
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3
Faulting package full name: tasks.exe4
Faulting package-relative application ID: tasks.exe5
 
Error: (02/19/2015 11:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 166447703
 
Error: (02/19/2015 11:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 166447703
 
Error: (02/19/2015 11:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/19/2015 11:34:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 166446406
 
Error: (02/19/2015 11:34:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 166446406
 
Error: (02/19/2015 11:34:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/19/2015 11:34:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 166444047
 
Error: (02/19/2015 11:34:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 166444047
 
Error: (02/19/2015 11:34:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (02/17/2015 03:20:27 AM) (Source: DCOM) (EventID: 10010) (User: SpectrumBrain)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/17/2015 03:19:56 AM) (Source: DCOM) (EventID: 10010) (User: SpectrumBrain)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/16/2015 09:09:28 PM) (Source: DCOM) (EventID: 10010) (User: SpectrumBrain)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (02/16/2015 09:08:58 PM) (Source: DCOM) (EventID: 10010) (User: SpectrumBrain)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (02/16/2015 04:05:09 AM) (Source: DCOM) (EventID: 10010) (User: SpectrumBrain)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/16/2015 04:04:38 AM) (Source: DCOM) (EventID: 10010) (User: SpectrumBrain)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/16/2015 03:13:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - February 2015 (KB890830).
 
Error: (02/13/2015 11:43:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:24:57 AM on ‎2/‎13/‎2015 was unexpected.
 
Error: (02/13/2015 10:13:59 AM) (Source: DCOM) (EventID: 10010) (User: SpectrumBrain)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/13/2015 10:13:29 AM) (Source: DCOM) (EventID: 10010) (User: SpectrumBrain)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
Microsoft Office Sessions:
=========================
Error: (02/19/2015 11:38:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: tasks.exe1.0.0.054a1b552KERNELBASE.dll6.3.9600.1727853eeb460e0434f4d00012f71
 
Error: (02/19/2015 11:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 166447703
 
Error: (02/19/2015 11:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 166447703
 
Error: (02/19/2015 11:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/19/2015 11:34:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 166446406
 
Error: (02/19/2015 11:34:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 166446406
 
Error: (02/19/2015 11:34:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/19/2015 11:34:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 166444047
 
Error: (02/19/2015 11:34:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 166444047
 
Error: (02/19/2015 11:34:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 46%
Total physical RAM: 4007.98 MB
Available physical RAM: 2146.99 MB
Total Pagefile: 5991.98 MB
Available Pagefile: 2746.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:450.23 GB) (Free:405.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:14.05 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7F8D9CD5)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
I tried to attach the system summary folder and can not figure out how to do this I am at work so tonight I will bring the pc home with me to work on due to not having enough time here to work on this. 


#6 samson77

samson77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 February 2015 - 01:26 PM

I figured it out here is the attached file summary info.

 

 

 

 

 

Thank you ANgela

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:58 AM

Posted 19 February 2015 - 03:03 PM

No problem, thanks for letting me know.

Please do this.

Copy and paste FRST.exe from the downloads folder to your desktop.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
() C:\Users\angela\AppData\Local\GeniusBox
C:\Users\angela\AppData\Local\Pokki
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\RunOnce: [Application Restart #1] => C:\Users\angela\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Users\angela\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1978231634-3685791637-4233073095-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1978231634-3685791637-4233073095-1001] => http=127.0.0.1:49167;https=127.0.0.1:49167
ProxyEnable: [S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:49167;https=127.0.0.1:49167
2015-02-11 14:44 - 2015-02-11 14:44 - 00941105 _____ () C:\ProgramData\SPL4072.tmp
C:\Users\angela\AppData\Local\Temp\0188041424142431mcinst.exe
C:\Users\angela\AppData\Local\Temp\oct7317.tmp.exe
C:\Users\angela\AppData\Local\Temp\oct805F.tmp.exe
Task: {01D24343-6D74-46DC-8711-7F6438750749} - System32\Tasks\SparkTrust Update Version3 => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-11-17] (SparkTrust Systems) <==== ATTENTION
C:\Program Files (x86)\Common Files\SparkTrust
Task: {02447501-3460-4A4E-87FD-1E9E76C39D20} - System32\Tasks\Validate Installation => C:\Users\angela\AppData\Local\GeniusBox\updater.exe [2014-12-29] ()
Task: {2FAFCA60-E014-4CD0-98A8-F9561A6A9AAD} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\angela\AppData\Local\GeniusBox\client.exe"
Task: {48F4282B-F942-46BC-9CDD-B3F3DA5C371E} - System32\Tasks\UpdateMyDrivers - Scan => C:\Program Files (x86)\SparkTrust\UpdateMyDrivers\UpdateMyDrivers.exe [2014-11-17] (SparkTrust) <==== ATTENTION
Task: {B2B66C85-6534-46E4-B3D2-336C0A7DFCAD} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {CB851AE2-DC40-4747-ABB4-59BEB205B3E9} - System32\Tasks\Check Updates => C:\Users\angela\AppData\Local\GeniusBox\updater.exe [2014-12-29] ()
Task: {EA176872-4401-4909-9B17-F008D54E9058} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-11-17] (SparkTrust Systems) <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Update Version3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\UpdateMyDrivers - Scan.job => C:\Program Files (x86)\SparkTrust\UpdateMyDrivers\UpdateMyDrivers.exe <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 samson77

samson77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 February 2015 - 05:52 PM

# AdwCleaner v4.111 - Logfile created 19/02/2015 at 16:10:32
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : angela - SPECTRUMBRAIN
# Running from : C:\Users\angela\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
Folder Deleted : C:\Program Files (x86)\Pro PC Cleaner
[#] Folder Deleted : C:\Users\angela\AppData\Local\GeniusBox
Folder Deleted : C:\Users\angela\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\angela\AppData\Roaming\Pro PC Cleaner
Folder Deleted : C:\Users\angela\Documents\ProPCCleaner
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
Task Deleted : UpdateMyDrivers - Scan
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\Pro PC Cleaner
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKLM\SOFTWARE\Pro PC Cleaner
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4270603C7CA6FEB45B61F4B6D10988D7
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4270603C7CA6FEB45B61F4B6D10988D7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4270603C7CA6FEB45B61F4B6D10988D7
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49167;hxxps=127.0.0.1:49167
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [4199 bytes] - [19/02/2015 16:04:30]
AdwCleaner[S0].txt - [4012 bytes] - [19/02/2015 16:10:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4071  bytes] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Connected x64
Ran by angela on Thu 02/19/2015 at 16:16:37.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\angela\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage"
Successfully deleted: [File] "C:\Users\angela\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\angela\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\angela\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\angela\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage"
Successfully deleted: [File] "C:\Users\angela\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"
Successfully deleted: [Folder] "C:\Users\angela\AppData\Roaming\microsoft\windows\start menu\programs\sparktrust"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/19/2015 at 16:38:36.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Could not get the fixlist to run above is the adware and junk removal logs.
 
 
Will my jump drive be infected also.


#9 samson77

samson77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 February 2015 - 05:56 PM

Also the computer is running a little faster ads and malware bytes pop up however it does not try to open three web pages. Progress. 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:58 AM

Posted 19 February 2015 - 07:05 PM

Greetings,

We can deal with the USB drive when we finish with the computer. Did you do this before trying to run the Fixlist?
 

Copy and paste FRST.exe from the downloads folder to your desktop.

Edited by Oh My!, 19 February 2015 - 07:07 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 samson77

samson77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 February 2015 - 07:10 PM

I got the FRST.exe but  I get a shortcut error and don't get the log



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:58 AM

Posted 19 February 2015 - 07:12 PM

Did you actually move the file or did you create a shortcut to your Desktop?  You have to actually copy and paste the file on the Desktop. A shortcut will not work.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 samson77

samson77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 February 2015 - 07:15 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by angela at 2015-02-19 18:00:26 Run:1
Running from C:\Users\angela\Desktop
Loaded Profiles: angela (Available profiles: angela)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
() C:\Users\angela\AppData\Local\GeniusBox
C:\Users\angela\AppData\Local\Pokki
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\...\RunOnce: [Application Restart #1] => C:\Users\angela\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe"
/LOGON
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Users\angela\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1978231634-3685791637-4233073095-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1978231634-3685791637-4233073095-1001] => http=127.0.0.1:49167;https=127.0.0.1:49167
ProxyEnable: [S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:49167;https=127.0.0.1:49167
2015-02-11 14:44 - 2015-02-11 14:44 - 00941105 _____ ()
C:\ProgramData\SPL4072.tmp
C:\Users\angela\AppData\Local\Temp\0188041424142431mcinst.exe
C:\Users\angela\AppData\Local\Temp\oct7317.tmp.exe
C:\Users\angela\AppData\Local\Temp\oct805F.tmp.exe
Task: {01D24343-6D74-46DC-8711-7F6438750749} - System32\Tasks\SparkTrust Update Version3 => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-11-17] (SparkTrust Systems) <==== ATTENTION
C:\Program Files (x86)\Common Files\SparkTrust
Task: {02447501-3460-4A4E-87FD-1E9E76C39D20} - System32\Tasks\Validate Installation => C:\Users\angela\AppData\Local\GeniusBox\updater.exe [2014-12-29] ()
Task: {2FAFCA60-E014-4CD0-98A8-F9561A6A9AAD} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\angela\AppData\Local\GeniusBox\client.exe"
Task: {48F4282B-F942-46BC-9CDD-B3F3DA5C371E} - System32\Tasks\UpdateMyDrivers - Scan => C:\Program Files (x86)\SparkTrust\UpdateMyDrivers\UpdateMyDrivers.exe [2014-11-17] (SparkTrust) <==== ATTENTION
Task:
{B2B66C85-6534-46E4-B3D2-336C0A7DFCAD} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {CB851AE2-DC40-4747-ABB4-59BEB205B3E9} - System32\Tasks\Check Updates => C:\Users\angela\AppData\Local\GeniusBox\updater.exe [2014-12-29] ()
Task: {EA176872-4401-4909-9B17-F008D54E9058} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-11-17] (SparkTrust Systems) <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Update Version3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\UpdateMyDrivers - Scan.job => C:\Program Files (x86)\SparkTrust\UpdateMyDrivers\UpdateMyDrivers.exe <==== ATTENTION
*****************
 
C:\Users\angela\AppData\Local\GeniusBox => No running process found
C:\Users\angela\AppData\Local\Pokki => Moved successfully.
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => Value not found.
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value deleted successfully.
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => Value not found.
/LOGON => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => Value not found.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\S-1-5-21-1978231634-3685791637-4233073095-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
"2015-02-11 14:44 - 2015-02-11 14:44 - 00941105 _____ ()" => File/Directory not found.
C:\ProgramData\SPL4072.tmp => Moved successfully.
"C:\Users\angela\AppData\Local\Temp\0188041424142431mcinst.exe" => File/Directory not found.
C:\Users\angela\AppData\Local\Temp\oct7317.tmp.exe => Moved successfully.
C:\Users\angela\AppData\Local\Temp\oct805F.tmp.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01D24343-6D74-46DC-8711-7F6438750749}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01D24343-6D74-46DC-8711-7F6438750749}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3" => Key deleted successfully.
C:\Program Files (x86)\Common Files\SparkTrust => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02447501-3460-4A4E-87FD-1E9E76C39D20}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02447501-3460-4A4E-87FD-1E9E76C39D20}" => Key deleted successfully.
C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FAFCA60-E014-4CD0-98A8-F9561A6A9AAD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FAFCA60-E014-4CD0-98A8-F9561A6A9AAD}" => Key deleted successfully.
C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48F4282B-F942-46BC-9CDD-B3F3DA5C371E} => Key not found. 
C:\Windows\System32\Tasks\UpdateMyDrivers - Scan not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateMyDrivers - Scan => Key not found. 
Task: => Error: No automatic fix found for this entry.
{B2B66C85-6534-46E4-B3D2-336C0A7DFCAD} - \avaxvyyvyf No Task File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB851AE2-DC40-4747-ABB4-59BEB205B3E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB851AE2-DC40-4747-ABB4-59BEB205B3E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Check Updates => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA176872-4401-4909-9B17-F008D54E9058}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA176872-4401-4909-9B17-F008D54E9058}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3 Startup Task" => Key deleted successfully.
C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job => Moved successfully.
C:\windows\Tasks\SparkTrust Update Version3.job => Moved successfully.
C:\windows\Tasks\UpdateMyDrivers - Scan.job not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:00:33 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:58 AM

Posted 19 February 2015 - 07:25 PM

One part did not get taken care of. Please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Task: {B2B66C85-6534-46E4-B3D2-336C0A7DFCAD} - \avaxvyyvyf No Task File <==== ATTENTION
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 samson77

samson77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 February 2015 - 07:34 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by angela at 2015-02-19 18:28:19 Run:2
Running from C:\Users\angela\Desktop
Loaded Profiles: angela (Available profiles: angela)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Task: {B2B66C85-6534-46E4-B3D2-336C0A7DFCAD} - \avaxvyyvyf No Task File <==== ATTENTION
emptytemp:
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2B66C85-6534-46E4-B3D2-336C0A7DFCAD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B66C85-6534-46E4-B3D2-336C0A7DFCAD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyyvyf" => Key deleted successfully.
EmptyTemp: => Removed 486.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:28:54 ====
 
 
 
Getting faster still getting pop ups





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users