Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo pages not loading properly.


  • This topic is locked This topic is locked
20 replies to this topic

#1 heavydude

heavydude

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 24 February 2015 - 11:32 PM

For several days now I have been finding that some Yahoo pages open strangely. It happens with both IE 11 and Google Chrome. Hard to describe so here's a sample of what it looks like:

 

 

·Upgrade to the new Firefox »

Top of Form

 

 

 

Bottom of Form

Follow Yahoo Finance

on Facebook

on Twitter

on Tumblr

Top of Form

Watchlist 

                                                                                                                           WatchlistRecently ViewedTDA

Bottom of Form

% | $

DHY 

-0.18% 2.795

More  Pop Out

Watchlist

View All | Pop Out

Symbol

Price

Change

% Change

Market Cap

Chart

DHY 

2.795

-0.005

-0.18%

 

Top of Form

 

Bottom of Form

Compare Brokers

Mon, Feb 23, 2015, 3:29 PM EST - U.S. Markets close in 31 mins.

Edit

Top of Form

U.S.

                                                           U.S.EuropeAsia

Bottom of Form

S&P 500

S&P 500

2,104.83

-5.47 (0.26%)

 

Dow

Dow

18,083.16

-57.28 (0.32%)

 

 

My OS is Windows 7 Professional 64 bit. 

I thought that the problem might be something temporary with Yahoo but I have another computer with Windows Vista and IE 10 and Yahoo is fine.

 

Here are my Farbar logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2015
Ran by Jack (administrator) on JACK-DELL on 24-02-2015 21:18:49
Running from D:\FELLER\Computer Stuff\Anti Spyware
Loaded Profiles: Jack (Available profiles: Jack)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
() C:\Users\Jack\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Flux Software LLC) C:\Users\Jack\AppData\Local\FluxSoftware\Flux\flux.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [944104 2013-02-25] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1244136 2013-02-25] (Dell Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [KONICA MINOLTA magicolor 2400W STD] => C:\Windows\system32\MSTMON_S.EXE STARTUP
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [Google Update] => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-07] (Google Inc.)
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-02] (Adobe Systems Incorporated)
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [Amazon Music] => C:\Users\Jack\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [f.lux] => C:\Users\Jack\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
AppInit_DLLs-x32: OGPDFLoader.dll => "OGPDFLoader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jack\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: @talk.google.com/O1DPlugin -> C:\Users\Jack\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Jack\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jack\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://duckduckgo.com/"
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-13]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-13]
CHR Extension: (Google Sheets) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2015-02-04] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 21:18 - 2015-02-24 21:18 - 00000000 ____D () C:\FRST
2015-02-24 12:46 - 2015-02-24 12:46 - 00880208 _____ (Google Inc.) C:\Users\Jack\Documents\GoogleEarthSetup.exe
2015-02-22 22:39 - 2015-02-24 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-22 22:39 - 2015-02-22 22:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\SUPERAntiSpyware.com
2015-02-22 22:39 - 2015-02-22 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-22 22:32 - 2015-02-22 22:32 - 21037696 _____ (SUPERAntiSpyware) C:\Users\Jack\Documents\SUPERAntiSpyware.exe
2015-02-20 07:54 - 2015-02-20 07:55 - 00000152 _____ () C:\Users\Jack\Desktop\Yahoo Mail.url
2015-02-17 16:57 - 2015-02-17 16:57 - 00000151 _____ () C:\Users\Jack\Desktop\Lawyers.com.url
2015-02-16 10:58 - 2015-02-16 10:58 - 00000000 ____D () C:\Program Files\WinPcap
2015-02-14 23:50 - 2015-02-14 23:50 - 00000114 _____ () C:\Users\Jack\Desktop\OK Cupid.url
2015-02-13 16:35 - 2015-02-13 16:35 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2015-02-13 16:34 - 2015-02-13 16:34 - 00000000 ____D () C:\Users\Jack\Documents\UniversalAdBlocker
2015-02-13 15:56 - 2015-02-20 13:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-13 15:56 - 2015-02-13 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-13 15:44 - 2015-02-13 15:44 - 00000085 _____ () C:\Windows\wininit.ini
2015-02-13 15:44 - 2015-02-13 15:44 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-12 10:38 - 2015-02-12 16:20 - 00000257 _____ () C:\Users\Jack\Desktop\IE Issues.url
2015-02-04 11:11 - 2015-02-22 22:58 - 00005634 _____ () C:\Windows\PFRO.log
2015-02-04 11:05 - 2015-02-04 11:05 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-04 11:05 - 2015-02-04 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-04 11:05 - 2015-02-04 11:05 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-04 11:05 - 2015-02-04 11:05 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-04 11:05 - 2015-02-04 11:05 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-02-04 11:05 - 2015-02-04 11:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-02-04 11:05 - 2015-02-04 11:05 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-04 11:05 - 2015-02-04 11:05 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-04 11:05 - 2015-02-04 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-02-04 11:05 - 2015-02-04 11:05 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-02-04 11:05 - 2015-02-04 11:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-04 11:03 - 2015-02-07 16:34 - 00014304 _____ () C:\Windows\IE11_main.log
2015-02-02 19:52 - 2015-02-02 19:53 - 00000223 _____ () C:\Users\Jack\Desktop\Fords 52-59 Facebook.url
2015-01-30 20:59 - 2015-01-30 20:59 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Mozilla
2015-01-29 16:49 - 2015-01-29 16:49 - 00000978 _____ () C:\Users\Jack\Desktop\PW.lnk
2015-01-29 14:18 - 2015-02-24 20:18 - 00015400 _____ () C:\Windows\setupact.log
2015-01-29 14:18 - 2015-01-29 14:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 19:09 - 2015-01-27 19:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-27 19:09 - 2015-01-27 19:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-27 19:09 - 2015-01-27 19:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 21:18 - 2014-05-01 17:45 - 1498401608 _____ () C:\lm.log
2015-02-24 21:04 - 2014-06-14 09:37 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000UA.job
2015-02-24 20:21 - 2012-07-11 07:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 20:19 - 2012-07-09 18:52 - 00000000 ____D () C:\Users\Jack\Documents\Outlook Files
2015-02-24 14:38 - 2012-06-17 18:05 - 01705945 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 12:04 - 2014-06-14 09:37 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000Core.job
2015-02-24 11:21 - 2012-07-11 07:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 09:57 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 02:00 - 2012-07-10 09:41 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe
2015-02-22 23:06 - 2009-07-13 21:45 - 00031888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-22 23:06 - 2009-07-13 21:45 - 00031888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 23:00 - 2012-06-17 20:27 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-22 23:00 - 2012-06-17 20:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-22 22:59 - 2013-08-14 15:45 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\stickies
2015-02-22 22:58 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 22:40 - 2012-07-14 11:54 - 00000000 ____D () C:\Users\Jack\Desktop\Spyware Shortcuts
2015-02-22 21:57 - 2014-11-15 16:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 11:09 - 2013-05-06 07:55 - 00000000 ____D () C:\Users\Jack\Documents\Freemake
2015-02-16 11:07 - 2013-05-06 07:55 - 00000000 ____D () C:\ProgramData\Freemake
2015-02-16 10:58 - 2013-05-06 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-02-16 10:58 - 2013-05-06 07:55 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-02-15 08:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Speech
2015-02-13 15:56 - 2012-07-11 07:39 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google
2015-02-13 15:56 - 2012-07-11 07:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-13 15:55 - 2012-10-29 11:48 - 00000000 ____D () C:\Users\Jack\AppData\Local\Deployment
2015-02-13 15:46 - 2014-11-15 16:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-13 14:30 - 2012-06-17 17:09 - 00000000 ____D () C:\Users\Jack
2015-02-13 14:29 - 2012-06-17 22:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 14:28 - 2014-12-20 09:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 14:28 - 2014-05-01 17:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 14:28 - 2012-06-17 22:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-13 14:28 - 2012-06-17 20:27 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-13 14:28 - 2012-06-17 20:27 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-13 14:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-13 14:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 14:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-13 14:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-13 14:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-02-13 14:22 - 2012-06-17 18:25 - 00000000 __RHD () C:\MSOCache
2015-02-12 09:19 - 2013-08-16 22:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 09:00 - 2013-12-14 19:37 - 00000219 _____ () C:\Users\Jack\Desktop\CV of AZ Facebook.url
2015-02-12 08:56 - 2012-06-17 18:59 - 00000000 ____D () C:\Windows\Panther
2015-02-07 08:14 - 2014-11-07 22:47 - 00000191 _____ () C:\Users\Jack\Desktop\Viper Owners Assoc Forums.url
2015-02-06 07:55 - 2012-07-10 16:23 - 00000000 ____D () C:\Users\Jack\AppData\Temp
2015-02-05 11:59 - 2014-06-14 09:37 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000UA
2015-02-05 11:59 - 2014-06-14 09:37 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000Core
2015-02-04 12:34 - 2014-12-05 13:51 - 00000000 ____D () C:\Users\Jack\AppData\Local\AdFender
2015-02-04 11:16 - 2012-07-11 07:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 11:16 - 2012-07-11 07:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 11:13 - 2015-01-22 12:37 - 00001413 _____ () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-29 13:12 - 2012-07-14 12:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-27 19:10 - 2014-10-25 14:50 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-27 19:06 - 2014-10-25 14:50 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-27 19:06 - 2013-10-16 09:15 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 20:17 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-25 08:41 - 2015-01-24 20:22 - 00000216 _____ () C:\Users\Jack\Desktop\Video Glitch Win Forums.url
 
==================== Files in the root of some directories =======
 
2013-08-14 10:08 - 2013-08-14 10:08 - 0009007 _____ () C:\Users\Jack\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Jack\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-23 00:12
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2015
Ran by Jack at 2015-02-24 21:19:33
Running from D:\FELLER\Computer Stuff\Anti Spyware
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Across Lite (HKLM-x32\...\{975EA987-5D79-4A1C-AD71-D27B28347B48}) (Version: 2.0.5 - Literate Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 9.0.280.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11 - Innovative Solutions)
Amazon Kindle (HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
ArcSoft MediaImpression (HKLM-x32\...\{C9F0B814-4CBE-4DE2-83B2-C0D770CF9CA6}) (Version: 1.2.27.607 - ArcSoft)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.6.11 - Autodesk, Inc.)
Canon CanoScan 8800F User Registration (HKLM-x32\...\Canon CanoScan 8800F User Registration) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12005.2 - Cisco Consumer Products LLC)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
f.lux (HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Flux) (Version:  - )
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Free PDF Solutions PDF to Doc version 1.0 (HKLM-x32\...\Free PDF Solutions PDF to Doc_is1) (Version: 1.0 - )
Free PDF Solutions PDF to WORD version 1.0 (HKLM-x32\...\Free PDF Solutions PDF to WORD_is1) (Version: 1.0 - )
Free Video Compressor (HKLM-x32\...\{01554C33-4131-4BC7-9E6D-AF85E02BDF4F}_is1) (Version:  - freevideocompressor.com)
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Mega Codec Pack 9.6.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}) (Version: 1.0.13 - OLYMPUS IMAGING CORP.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SCRABBLE (HKLM-x32\...\SCRABBLE) (Version: 1.0.1.3 - GameHouse, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
thinkorswim from TD AMERITRADE (HKLM-x32\...\thinkorswim from TD AMERITRADE) (Version:  - TD AMERITRADE, Inc.)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Virtual Account Numbers (x32 Version: 1.0.1.0 - Citi) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\WinDirStat) (Version:  - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-166602834-1461326411-959800448-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-166602834-1461326411-959800448-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-166602834-1461326411-959800448-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-166602834-1461326411-959800448-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-166602834-1461326411-959800448-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-166602834-1461326411-959800448-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
12-02-2015 23:00:24 Windows Backup
13-02-2015 14:20:14 Restore Operation
13-02-2015 14:40:33 Windows Backup
13-02-2015 14:42:32 Windows Update
13-02-2015 17:07:54 Microsoft Antimalware Checkpoint
13-02-2015 23:00:20 Windows Backup
14-02-2015 23:00:22 Windows Backup
15-02-2015 23:00:25 Windows Backup
16-02-2015 23:00:23 Windows Backup
17-02-2015 08:17:48 Windows Update
17-02-2015 23:00:22 Windows Backup
18-02-2015 23:00:22 Windows Backup
19-02-2015 23:00:22 Windows Backup
20-02-2015 23:00:23 Windows Backup
21-02-2015 08:17:16 Windows Update
21-02-2015 23:00:23 Windows Backup
22-02-2015 23:00:08 Windows Backup
23-02-2015 23:00:21 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-02-13 16:36 - 00004747 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.2 pagead2.googlesyndication.com
127.0.0.2 googleadservices.com
127.0.0.2 www.googleadservices.com
127.0.0.2 pagead2.googleadservices.com
127.0.0.2 partner.googleadservices.com
127.0.0.2 doubleclick.net
127.0.0.2 g.doubleclick.net
127.0.0.2 googleads.g.doubleclick.net
127.0.0.2 googleads2.g.doubleclick.net
127.0.0.2 securepubads.g.doubleclick.net
127.0.0.2 pagead46.l.doubleclick.net
127.0.0.2 partnerad.l.doubleclick.net
127.0.0.2 pubads.g.doubleclick.net
127.0.0.2 adclick.g.doubleclick.net
127.0.0.2 stats.g.doubleclick.net
127.0.0.2 fls.doubleclick.net
127.0.0.2 ad-emea.doubleclick.net
127.0.0.2 ad-apac.doubleclick.net
127.0.0.2 googletagservices.com
127.0.0.2 s3.buysellads.com
127.0.0.2 stats.buysellads.com
127.0.0.2 cdn.buysellads.com
127.0.0.2 ads.buysellads.com
127.0.0.2 srv.buysellads.com
127.0.0.2 l.yimg.com
127.0.0.2 ads.yahoo.com
127.0.0.2 adserver.yahoo.com
127.0.0.2 us.adserver.yahoo.com
127.0.0.2 cdn.media.net
 
There are 91 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08F4CBE4-8CD9-4C5D-B45A-345C7C00BD0E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000Core => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {09D53192-D1DA-4889-B57C-E4E28A33E888} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {36ACAFFE-B3CA-4B83-AE6B-45D8B0B041E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000UA => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {3BAA824E-A3D1-493C-9B3C-950E561B8B2D} - System32\Tasks\AdobeAAMUpdater-1.0-Jack-DELL-Jack => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {3FCD8915-C10F-4237-94C0-0B0FD1606DFB} - System32\Tasks\{E8ECA530-F5F1-4707-97E8-69D18CC5E6F3} => pcalua.exe -a "C:\Users\Jack\My Programs\KillBox\KillBox.exe" -d "C:\Users\Jack\My Programs\KillBox"
Task: {45CECDE5-45FD-49C2-85B9-74E1FF597BDD} - System32\Tasks\{22EA8FC3-98FF-4909-8B40-597684F9A226} => pcalua.exe -a E:\monsetup.exe -d E:\
Task: {59AA7623-913E-4A85-BEC0-945233B3519D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: {63440745-91DE-4CA3-BC75-23B4C0B42FDD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7ECC9C9D-01C5-40C3-9567-B0286F6C6CFD} - System32\Tasks\{792B4B1D-4F8F-4726-8E08-16F83824E770} => pcalua.exe -a K:\rk14_free.exe -d K:\
Task: {9640085A-58CB-4BE2-A81F-579915D258E0} - System32\Tasks\{D73A0395-8988-47C4-AD1A-CEDBAD629212} => pcalua.exe -a "C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XDE91XP\8800fosmwin110us.exe" -d C:\Users\Jack\Desktop
Task: {9F44C932-F953-4784-9438-BF4834F63808} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {A6E03348-66B8-4125-A94F-53E89425E3B1} - System32\Tasks\{C1B812DC-E3C1-474A-BDA3-73786DB9B81B} => pcalua.exe -a "C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNQOT5Q3\stickies_setup_7.1e (1).exe" -d C:\Users\Jack\Desktop
Task: {C6172905-1F20-42B9-B23A-7257ADFB6173} - System32\Tasks\{D9EB6973-1869-4122-80DB-F5EEC149489B} => pcalua.exe -a C:\Users\Jack\AppData\Local\Temp\Temp2_Canon_Svu_v20.zip\OmniPage\setup.exe
Task: {D7C6EEF0-4A77-4BA0-B8BD-A1819A2B3419} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E86DA7AF-BA5D-4177-B8DC-3843E52C4AE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: {F091F808-92E4-4BAC-826F-26C6EED24FDF} - System32\Tasks\{7D63171F-97A9-46CD-962A-4BF32F3E0A7F} => pcalua.exe -a E:\Setup.exe -d E:\
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000Core.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000UA.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-05-21 16:17 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2013-05-21 16:17 - 2006-10-30 16:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2014-11-17 17:47 - 2014-10-14 22:35 - 06281024 _____ () C:\Users\Jack\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-24 18:41 - 2014-04-27 16:32 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-20 13:22 - 2015-02-17 15:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 13:22 - 2015-02-17 15:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 13:22 - 2015-02-17 15:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-166602834-1461326411-959800448-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 68.105.28.11 - 68.105.29.11
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-166602834-1461326411-959800448-500 - Administrator - Disabled)
Guest (S-1-5-21-166602834-1461326411-959800448-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-166602834-1461326411-959800448-1002 - Limited - Enabled)
Jack (S-1-5-21-166602834-1461326411-959800448-1000 - Administrator - Enabled) => C:\Users\Jack
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/22/2015 10:59:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/22/2015 10:40:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1170 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14fc
 
Start Time: 01d04f2b1e86afb3
 
Termination Time: 16
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id: 77c047e0-bb1e-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:26:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1158 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9bc
 
Start Time: 01d04f27b4917289
 
Termination Time: 16
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id: 5e969d5a-bb1c-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:15:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1158 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2c0
 
Start Time: 01d04f27811a11fc
 
Termination Time: 0
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id: ee7c517b-bb1a-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:13:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1158 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d8c
 
Start Time: 01d04f26de0e3098
 
Termination Time: 15
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id: b351fd8c-bb1a-11e4-b13a-0021705abd9d
 
Error: (02/17/2015 11:10:02 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The operation failed due to a device error encountered with either the source or the destination. If the source or destination volume is on a disk, run CHKDSK /R on the source or destination volume, and then retry the operation. (0x8078012D).
 
Error: (02/17/2015 11:09:59 PM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT AUTHORITY)
Description: The backup operation that started at '2015-02-18T06:00:22.872654300Z' has failed with following error code '2155348269' (%%2155348269). Please review the event details for a solution, and then rerun the backup operation once the issue is resolved.
 
Error: (02/16/2015 11:10:14 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The operation failed due to a device error encountered with either the source or the destination. If the source or destination volume is on a disk, run CHKDSK /R on the source or destination volume, and then retry the operation. (0x8078012D).
 
Error: (02/16/2015 11:10:12 PM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT AUTHORITY)
Description: The backup operation that started at '2015-02-17T06:00:23.593164500Z' has failed with following error code '2155348269' (%%2155348269). Please review the event details for a solution, and then rerun the backup operation once the issue is resolved.
 
Error: (02/15/2015 11:10:05 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The operation failed due to a device error encountered with either the source or the destination. If the source or destination volume is on a disk, run CHKDSK /R on the source or destination volume, and then retry the operation. (0x8078012D).
 
 
System errors:
=============
Error: (02/24/2015 06:17:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/24/2015 04:23:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/24/2015 04:17:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/24/2015 04:15:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/24/2015 03:31:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/24/2015 01:37:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/24/2015 01:37:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/24/2015 11:04:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/24/2015 10:06:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/24/2015 09:51:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
 
Microsoft Office Sessions:
=========================
Error: (02/22/2015 10:59:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/22/2015 10:40:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SUPERAntiSpyware.exe6.0.0.117014fc01d04f2b1e86afb316C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe77c047e0-bb1e-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:26:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SUPERAntiSpyware.exe6.0.0.11589bc01d04f27b491728916C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe5e969d5a-bb1c-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:15:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SUPERAntiSpyware.exe6.0.0.11582c001d04f27811a11fc0C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeee7c517b-bb1a-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:13:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SUPERAntiSpyware.exe6.0.0.11581d8c01d04f26de0e309815C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeb351fd8c-bb1a-11e4-b13a-0021705abd9d
 
Error: (02/17/2015 11:10:02 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The operation failed due to a device error encountered with either the source or the destination. If the source or destination volume is on a disk, run CHKDSK /R on the source or destination volume, and then retry the operation. (0x8078012D)
 
Error: (02/17/2015 11:09:59 PM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT AUTHORITY)
Description: 2015-02-18T06:00:22.872654300Z2155348269%%2155348269
 
Error: (02/16/2015 11:10:14 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The operation failed due to a device error encountered with either the source or the destination. If the source or destination volume is on a disk, run CHKDSK /R on the source or destination volume, and then retry the operation. (0x8078012D)
 
Error: (02/16/2015 11:10:12 PM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT AUTHORITY)
Description: 2015-02-17T06:00:23.593164500Z2155348269%%2155348269
 
Error: (02/15/2015 11:10:05 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The operation failed due to a device error encountered with either the source or the destination. If the source or destination volume is on a disk, run CHKDSK /R on the source or destination volume, and then retry the operation. (0x8078012D)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 6143.18 MB
Available physical RAM: 4254.17 MB
Total Pagefile: 12284.54 MB
Available Pagefile: 10151.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:372.61 GB) (Free:304.09 GB) NTFS
Drive d: () (Fixed) (Total:465.6 GB) (Free:370.88 GB) NTFS
Drive j: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:213.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 90000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 372.6 GB) (Disk ID: 071D1C2F)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 01 March 2015 - 11:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568240 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 02 March 2015 - 09:23 AM

I do have my Windows disc. Here is my new log. Addition attached. The problem is still the same as previously described. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Jack (administrator) on JACK-DELL on 02-03-2015 07:10:59
Running from D:\FELLER\Computer Stuff\Anti Spyware\Farbar
Loaded Profiles: Jack (Available profiles: Jack)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
() C:\Users\Jack\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Flux Software LLC) C:\Users\Jack\AppData\Local\FluxSoftware\Flux\flux.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [944104 2013-02-25] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1244136 2013-02-25] (Dell Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [KONICA MINOLTA magicolor 2400W STD] => C:\Windows\system32\MSTMON_S.EXE STARTUP
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [Google Update] => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-07] (Google Inc.)
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-02] (Adobe Systems Incorporated)
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [Amazon Music] => C:\Users\Jack\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [f.lux] => C:\Users\Jack\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-166602834-1461326411-959800448-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
AppInit_DLLs-x32: OGPDFLoader.dll => "OGPDFLoader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jack\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: @talk.google.com/O1DPlugin -> C:\Users\Jack\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-166602834-1461326411-959800448-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Jack\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jack\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://duckduckgo.com/"
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-13]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-13]
CHR Extension: (Google Sheets) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2015-02-04] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 09:35 - 2015-02-25 09:35 - 00000170 _____ () C:\Users\Jack\Desktop\Yahoo Glitch.url
2015-02-24 21:18 - 2015-03-02 07:11 - 00000000 ____D () C:\FRST
2015-02-24 12:46 - 2015-02-24 12:46 - 00880208 _____ (Google Inc.) C:\Users\Jack\Documents\GoogleEarthSetup.exe
2015-02-22 22:39 - 2015-03-02 07:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-22 22:39 - 2015-02-22 22:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\SUPERAntiSpyware.com
2015-02-22 22:39 - 2015-02-22 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-22 22:32 - 2015-02-22 22:32 - 21037696 _____ (SUPERAntiSpyware) C:\Users\Jack\Documents\SUPERAntiSpyware.exe
2015-02-20 07:54 - 2015-02-20 07:55 - 00000152 _____ () C:\Users\Jack\Desktop\Yahoo Mail.url
2015-02-17 16:57 - 2015-02-17 16:57 - 00000151 _____ () C:\Users\Jack\Desktop\Lawyers.com.url
2015-02-16 10:58 - 2015-02-16 10:58 - 00000000 ____D () C:\Program Files\WinPcap
2015-02-14 23:50 - 2015-02-14 23:50 - 00000114 _____ () C:\Users\Jack\Desktop\OK Cupid.url
2015-02-13 16:35 - 2015-02-13 16:35 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2015-02-13 16:34 - 2015-02-13 16:34 - 00000000 ____D () C:\Users\Jack\Documents\UniversalAdBlocker
2015-02-13 15:56 - 2015-02-20 13:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-13 15:56 - 2015-02-13 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-13 15:44 - 2015-02-13 15:44 - 00000085 _____ () C:\Windows\wininit.ini
2015-02-13 15:44 - 2015-02-13 15:44 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-12 10:38 - 2015-02-12 16:20 - 00000257 _____ () C:\Users\Jack\Desktop\IE Issues.url
2015-02-04 11:11 - 2015-02-22 22:58 - 00005634 _____ () C:\Windows\PFRO.log
2015-02-04 11:05 - 2015-02-04 11:05 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-04 11:05 - 2015-02-04 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-04 11:05 - 2015-02-04 11:05 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-04 11:05 - 2015-02-04 11:05 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-04 11:05 - 2015-02-04 11:05 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-02-04 11:05 - 2015-02-04 11:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-02-04 11:05 - 2015-02-04 11:05 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-04 11:05 - 2015-02-04 11:05 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-04 11:05 - 2015-02-04 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-02-04 11:05 - 2015-02-04 11:05 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-02-04 11:05 - 2015-02-04 11:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-02-04 11:05 - 2015-02-04 11:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-04 11:05 - 2015-02-04 11:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-04 11:03 - 2015-02-07 16:34 - 00014304 _____ () C:\Windows\IE11_main.log
2015-02-02 19:52 - 2015-02-02 19:53 - 00000223 _____ () C:\Users\Jack\Desktop\Fords 52-59 Facebook.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 07:11 - 2014-05-01 17:45 - 1527316508 _____ () C:\lm.log
2015-03-02 07:04 - 2014-06-14 09:37 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000UA.job
2015-03-02 07:03 - 2015-01-29 14:18 - 00019320 _____ () C:\Windows\setupact.log
2015-03-02 06:21 - 2012-07-11 07:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 02:00 - 2012-07-10 09:41 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe
2015-03-02 01:01 - 2012-06-17 18:05 - 02095169 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 20:47 - 2012-07-09 18:52 - 00000000 ____D () C:\Users\Jack\Documents\Outlook Files
2015-03-01 12:04 - 2014-06-14 09:37 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000Core.job
2015-03-01 11:21 - 2012-07-11 07:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 09:30 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 23:13 - 2009-07-13 21:45 - 00031888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 23:13 - 2009-07-13 21:45 - 00031888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 23:00 - 2012-06-17 20:27 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-22 23:00 - 2012-06-17 20:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-22 22:59 - 2013-08-14 15:45 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\stickies
2015-02-22 22:58 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 22:40 - 2012-07-14 11:54 - 00000000 ____D () C:\Users\Jack\Desktop\Spyware Shortcuts
2015-02-22 21:57 - 2014-11-15 16:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 11:09 - 2013-05-06 07:55 - 00000000 ____D () C:\Users\Jack\Documents\Freemake
2015-02-16 11:07 - 2013-05-06 07:55 - 00000000 ____D () C:\ProgramData\Freemake
2015-02-16 10:58 - 2013-05-06 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-02-16 10:58 - 2013-05-06 07:55 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-02-15 08:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Speech
2015-02-13 15:56 - 2012-07-11 07:39 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google
2015-02-13 15:56 - 2012-07-11 07:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-13 15:55 - 2012-10-29 11:48 - 00000000 ____D () C:\Users\Jack\AppData\Local\Deployment
2015-02-13 15:46 - 2014-11-15 16:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-13 14:30 - 2012-06-17 17:09 - 00000000 ____D () C:\Users\Jack
2015-02-13 14:29 - 2012-06-17 22:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 14:28 - 2014-12-20 09:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 14:28 - 2014-05-01 17:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 14:28 - 2012-06-17 22:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-13 14:28 - 2012-06-17 20:27 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-13 14:28 - 2012-06-17 20:27 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-13 14:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-13 14:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 14:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-13 14:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-13 14:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-02-13 14:22 - 2012-06-17 18:25 - 00000000 __RHD () C:\MSOCache
2015-02-12 09:19 - 2013-08-16 22:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 09:00 - 2013-12-14 19:37 - 00000219 _____ () C:\Users\Jack\Desktop\CV of AZ Facebook.url
2015-02-12 08:56 - 2012-06-17 18:59 - 00000000 ____D () C:\Windows\Panther
2015-02-07 08:14 - 2014-11-07 22:47 - 00000191 _____ () C:\Users\Jack\Desktop\Viper Owners Assoc Forums.url
2015-02-06 07:55 - 2012-07-10 16:23 - 00000000 ____D () C:\Users\Jack\AppData\Temp
2015-02-05 11:59 - 2014-06-14 09:37 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000UA
2015-02-05 11:59 - 2014-06-14 09:37 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166602834-1461326411-959800448-1000Core
2015-02-04 12:34 - 2014-12-05 13:51 - 00000000 ____D () C:\Users\Jack\AppData\Local\AdFender
2015-02-04 11:16 - 2012-07-11 07:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 11:16 - 2012-07-11 07:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 11:13 - 2015-01-22 12:37 - 00001413 _____ () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
 
==================== Files in the root of some directories =======
 
2013-08-14 10:08 - 2013-08-14 10:08 - 0009007 _____ () C:\Users\Jack\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Jack\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-23 00:12
 
==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 02 March 2015 - 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

AppInit_DLLs-x32: OGPDFLoader.dll => "OGPDFLoader.dll" File Not Found
HKU\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "https://duckduckgo.com/"

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is the computer running now?

#5 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 02 March 2015 - 02:58 PM

 

How is the computer running now?

 

 

Same thing with Yahoo still happening as at the beginning of my post. It comes up that way with IE and Chrome. There are three links at the top of the Yahoo page that do that: News, Sports, Finance. All of the other links work OK.

 

Here are the logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by Jack at 2015-03-02 12:15:23 Run:1
Running from D:\FELLER\Computer Stuff\Anti Spyware\Farbar
Loaded Profiles: Jack (Available profiles: Jack)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
AppInit_DLLs-x32: OGPDFLoader.dll => "OGPDFLoader.dll" File Not Found
HKU\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "https://duckduckgo.com/"
 
End
*****************
 
Processes closed successfully.
"OGPDFLoader.dll" => Value Data removed successfully.
HKU\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:15:23 ====
 
# AdwCleaner v4.111 - Logfile created 02/03/2015 at 12:32:05
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jack - JACK-DELL
# Running from : D:\FELLER\Computer Stuff\Anti Spyware\AdwCleaner\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Jack\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Jack\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Jack\AppData\Roaming\dvdvideosoftiehelpers
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v40.0.2214.115
 
 
*************************
 
AdwCleaner[R0].txt - [1165 bytes] - [02/03/2015 12:28:15]
AdwCleaner[S0].txt - [1104 bytes] - [02/03/2015 12:32:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1163  bytes] ##########


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 03 March 2015 - 07:54 AM

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

Edited by nasdaq, 03 March 2015 - 07:54 AM.


#7 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 03 March 2015 - 05:38 PM



 

How is the computer running now?

 

 

 

No change. Still has the Yahoo glitch in both IE and Chrome.

 

Here are the reports:

 

RogueKiller V10.5.0.0 (x64) [Mar  2 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jack [Administrator]
Mode : Delete -- Date : 03/03/2015  15:26:13
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] Amazon Music Helper.exe(3276) -- C:\Users\Jack\AppData\Local\Amazon Music\Amazon Music Helper.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 26 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Run | Amazon Music : "C:\Users\Jack\AppData\Local\Amazon Music\Amazon Music Helper.exe" [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Run | Amazon Music : "C:\Users\Jack\AppData\Local\Amazon Music\Amazon Music Helper.exe"  -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://duckduckgo.com/  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://duckduckgo.com/  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9BC658-D754-4648-9D86-E72762749A3E} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FA9BC658-D754-4648-9D86-E72762749A3E} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FA9BC658-D754-4648-9D86-E72762749A3E} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] d4403b3aae9a7d5cf6170fc2ab4d5898
[BSP] fdfad5fee28fbdbc55fd97c029abe308 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 333824 | Size: 476776 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST3400620AS ATA Device +++++
--- User ---
[MBR] d7f4a94acc9cca39418adbfabf144415
[BSP] 952571bcbe2a2ab30bd7431211146571 : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 381552 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_03032015_152522.log
 
_____________________________________________________________________________________
 
 

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SlimCleaner     
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader XI  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
_____________________________________________________________________________


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 04 March 2015 - 08:55 AM



Run the RogueKiller tool and fix these entries.

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://duckduckgo.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-166602834-1461326411-959800448-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://duckduckgo.com/ -> Not selected


Restart the computer normally.

===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How is it now?

#9 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 04 March 2015 - 09:56 AM

 

How is it now?

 

 

No change. Yahoo problem continues.

 

I deleted the duckduckgo items but you should know that I've been using that as my search engine on IE for a long time with no problems.

 

Here's the MiniToolBox Report:

 

 

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Jack (administrator) on 04-03-2015 at 07:50:02
Running from "D:\FELLER\Computer Stuff\Anti Spyware\MiniToolBox"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
127.0.0.2 pagead2.googlesyndication.com
127.0.0.2 googleadservices.com
127.0.0.2 www.googleadservices.com
127.0.0.2 pagead2.googleadservices.com
127.0.0.2 partner.googleadservices.com
127.0.0.2 doubleclick.net
127.0.0.2 g.doubleclick.net
127.0.0.2 googleads.g.doubleclick.net
127.0.0.2 googleads2.g.doubleclick.net
127.0.0.2 securepubads.g.doubleclick.net
127.0.0.2 pagead46.l.doubleclick.net
127.0.0.2 partnerad.l.doubleclick.net
 
127.0.0.2 pubads.g.doubleclick.net
127.0.0.2 adclick.g.doubleclick.net
127.0.0.2 stats.g.doubleclick.net
127.0.0.2 fls.doubleclick.net
127.0.0.2 ad-emea.doubleclick.net
127.0.0.2 ad-apac.doubleclick.net
127.0.0.2 googletagservices.com
127.0.0.2 s3.buysellads.com
127.0.0.2 stats.buysellads.com
127.0.0.2 cdn.buysellads.com
127.0.0.2 ads.buysellads.com
127.0.0.2 srv.buysellads.com
127.0.0.2 l.yimg.com
127.0.0.2 ads.yahoo.com
127.0.0.2 adserver.yahoo.com
127.0.0.2 us.adserver.yahoo.com
127.0.0.2 cdn.media.net
127.0.0.2 mycdn.media.net
127.0.0.2 contextual.media.net
127.0.0.2 a.collective-media.net
127.0.0.2 k.collective-media.net
127.0.0.2 ads.adbrite.com
127.0.0.2 cdn.bidvertiser.com
127.0.0.2 bdv.bidvertiser.com
127.0.0.2 ads.clicksor.com
127.0.0.2 resources.infolinks.com
127.0.0.2 cdn.technoratimedia.com
127.0.0.2 d.adroll.com
127.0.0.2 a.adroll.com
127.0.0.2 s.adroll.com
127.0.0.2 re.adroll.com
127.0.0.2 c.adroll.com
127.0.0.2 ads.pubmatic.com
127.0.0.2 showads.pubmatic.com
127.0.0.2 track.pubmatic.com
127.0.0.2 aktrack.pubmatic.com
127.0.0.2 cdn.adnxs.com
127.0.0.2 ib.adnxs.com
127.0.0.2 nym1.ib.adnxs.com
127.0.0.2 lax1.ib.adnxs.com
127.0.0.2 scripts.chitika.net
127.0.0.2 cdn.chitika.net
127.0.0.2 s.skimresources.com
127.0.0.2 pub.DynamicOxygen.com
127.0.0.2 kona.kontera.com
127.0.0.2 cdn5.tribalfusion.com
127.0.0.2 a.tribalfusion.com
127.0.0.2 cdnx.tribalfusion.com
127.0.0.2 ads.tribalfusion.com
127.0.0.2 adversalservers.com
127.0.0.2 go.adversal.com
127.0.0.2 ads1.qadabra.com
127.0.0.2 g.adspeed.net
127.0.0.2 syndication.exoclick.com
127.0.0.2 ads.exoclick.com
127.0.0.2 main.exoclick.com
127.0.0.2 stats.exoclick.com
127.0.0.2 custom.exoclick.com
127.0.0.2 ads.rubiconproject.com
127.0.0.2 optimized-by.rubiconproject.com
127.0.0.2 beacon.rubiconproject.com
127.0.0.2 tap.rubiconproject.com
127.0.0.2 tap-cdn.rubiconproject.com
127.0.0.2 tap2-cdn.rubiconproject.com
127.0.0.2 adserver.juicyads.com
127.0.0.2 ads.juicyads.com
127.0.0.2 ads.adxpansion.com
127.0.0.2 ad2.adxpansion.com
127.0.0.2 adspaces.ero-advertising.com
127.0.0.2 ads.ero-advertising.com
127.0.0.2 popads.ero-advertising.com
127.0.0.2 pops.ero-advertising.com
127.0.0.2 banners.ero-advertising.com
127.0.0.2 ads.deliads.com
127.0.0.2 adserver.adtechus.com
127.0.0.2 adserver.adtech.de
127.0.0.2 ad.turn.com
127.0.0.2 cdn.turn.com
127.0.0.2 r.turn.com
127.0.0.2 solocpm.com
127.0.0.2 ad.download.cnet.com
127.0.0.2 adsyndication.msn.com
127.0.0.2 b2.amimg.net
127.0.0.2 c2.amimg.net
127.0.0.2 n.amimg.net
127.0.0.2 ads.planetactive.com
127.0.0.2 s1.affinitymatrix.com
127.0.0.2 cdn.atomex.net
127.0.0.2 ads.atomex.net
127.0.0.2 trk.atomex.net
127.0.0.2 click.linksynergy.com
127.0.0.2 ad.linksynergy.com
127.0.0.2 adnetwork.linksynergy.com
127.0.0.2 chicagotribune.us.intellitxt.com
127.0.0.2 cbstv.us.intellitxt.com
127.0.0.2 saratogian.us.intellitxt.com
127.0.0.2 macombdaily.us.intellitxt.com
127.0.0.2 gamedev.us.intellitxt.com
127.0.0.2 webreferences.us.intellitxt.com
127.0.0.2 softpedia.us.intellitxt.com
127.0.0.2 ampclicks.com
127.0.0.2 ad1.netshelter.net
127.0.0.2 ad.yieldmanager.com
127.0.0.2 ad.adserverplus.com
127.0.0.2 adserver.adreactor.com
127.0.0.2 cdn.adreactor.com
127.0.0.2 ads.lfstmedia.com
127.0.0.2 cdn.lfstmedia.com
127.0.0.2 adsyndication.msn.com
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Jack-DELL
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ph.cox.net
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : ph.cox.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-21-70-5A-BD-9D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd9c:babf:1eff:0:6c83:edd0:8614:3e3f(Preferred) 
   Temporary IPv6 Address. . . . . . : fd9c:babf:1eff:0:a154:2ac5:ac75:b1b8(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::6c83:edd0:8614:3e3f%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.124(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 04, 2015 7:46:03 AM
   Lease Expires . . . . . . . . . . : Thursday, March 05, 2015 7:46:03 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234889584
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-70-36-ED-00-21-70-5A-BD-9D
   DNS Servers . . . . . . . . . . . : 68.105.28.11
                                       68.105.29.11
                                       68.105.28.12
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.ph.cox.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ph.cox.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:8c:e44:bb18:ee76(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::8c:e44:bb18:ee76%12(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns1.cox.net
Address:  68.105.28.11
 
Name:    google.com
Addresses:  2607:f8b0:4007:802::1002
 216.58.216.14
 
 
Pinging google.com [216.58.217.206] with 32 bytes of data:
Reply from 216.58.217.206: bytes=32 time=37ms TTL=56
Reply from 216.58.217.206: bytes=32 time=35ms TTL=56
 
Ping statistics for 216.58.217.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 35ms, Maximum = 37ms, Average = 36ms
Server:  cdns1.cox.net
Address:  68.105.28.11
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=111ms TTL=53
Reply from 98.139.183.24: bytes=32 time=111ms TTL=53
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 111ms, Maximum = 111ms, Average = 111ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 21 70 5a bd 9d ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.124     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.124    266
    192.168.1.124  255.255.255.255         On-link     192.168.1.124    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.124    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.124    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.124    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6abd:8c:e44:bb18:ee76/128
                                    On-link
 11     18 fd9c:babf:1eff::/64      On-link
 11    266 fd9c:babf:1eff:0:6c83:edd0:8614:3e3f/128
                                    On-link
 11    266 fd9c:babf:1eff:0:a154:2ac5:ac75:b1b8/128
                                    On-link
 11    266 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::8c:e44:bb18:ee76/128
                                    On-link
 11    266 fe80::6c83:edd0:8614:3e3f/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/04/2015 07:47:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2015 11:00:07 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (03/02/2015 00:34:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/02/2015 00:18:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/22/2015 10:59:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/22/2015 10:40:34 PM) (Source: Application Hang) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1170 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14fc
 
Start Time: 01d04f2b1e86afb3
 
Termination Time: 16
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id: 77c047e0-bb1e-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:26:05 PM) (Source: Application Hang) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1158 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9bc
 
Start Time: 01d04f27b4917289
 
Termination Time: 16
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id: 5e969d5a-bb1c-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:15:12 PM) (Source: Application Hang) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1158 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2c0
 
Start Time: 01d04f27811a11fc
 
Termination Time: 0
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id: ee7c517b-bb1a-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:13:46 PM) (Source: Application Hang) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1158 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d8c
 
Start Time: 01d04f26de0e3098
 
Termination Time: 15
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id: b351fd8c-bb1a-11e4-b13a-0021705abd9d
 
Error: (02/17/2015 11:10:02 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: The operation failed due to a device error encountered with either the source or the destination. If the source or destination volume is on a disk, run CHKDSK /R on the source or destination volume, and then retry the operation. (0x8078012D).
 
 
System errors:
=============
Error: (03/03/2015 02:54:57 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (03/03/2015 08:09:53 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (03/02/2015 08:36:53 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (03/02/2015 07:02:04 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (03/02/2015 06:01:35 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (03/02/2015 06:01:15 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (03/02/2015 05:57:46 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (03/02/2015 03:52:15 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (03/02/2015 00:15:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/02/2015 00:15:23 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/04/2015 07:47:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2015 11:00:07 PM) (Source: Windows Backup)(User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (03/02/2015 00:34:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/02/2015 00:18:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/22/2015 10:59:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/22/2015 10:40:34 PM) (Source: Application Hang)(User: )
Description: SUPERAntiSpyware.exe6.0.0.117014fc01d04f2b1e86afb316C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe77c047e0-bb1e-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:26:05 PM) (Source: Application Hang)(User: )
Description: SUPERAntiSpyware.exe6.0.0.11589bc01d04f27b491728916C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe5e969d5a-bb1c-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:15:12 PM) (Source: Application Hang)(User: )
Description: SUPERAntiSpyware.exe6.0.0.11582c001d04f27811a11fc0C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeee7c517b-bb1a-11e4-b13a-0021705abd9d
 
Error: (02/22/2015 10:13:46 PM) (Source: Application Hang)(User: )
Description: SUPERAntiSpyware.exe6.0.0.11581d8c01d04f26de0e309815C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeb351fd8c-bb1a-11e4-b13a-0021705abd9d
 
Error: (02/17/2015 11:10:02 PM) (Source: Windows Backup)(User: )
Description: The operation failed due to a device error encountered with either the source or the destination. If the source or destination volume is on a disk, run CHKDSK /R on the source or destination volume, and then retry the operation. (0x8078012D)
 
 
**** End of log ****


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 04 March 2015 - 02:19 PM

Some comments as I do not see any malware prgrams.

Clean Your Temporaty Internet Files

Delete all the cookies associated with Yahoo!

Error: (02/22/2015 10:13:46 PM) (Source: Application Hang) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1158 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Disable the SUPERAntiSpyware.exe process in with the Task Manager.

Your hosts file is blocking some adds on Yahoo!, not sure if it's the cause.

127.0.0.2 ads.yahoo.com
127.0.0.2 adserver.yahoo.com
127.0.0.2 us.adserver.yahoo.com


p.s.
You can restore these start page.
https://duckduckgo.com/

Keep me posted

#11 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 04 March 2015 - 06:58 PM

Still no good.

 

I uninstalled and reinstalled IE 11 just in case. No change. Still getting those funny looking yahoo pages.

 

Also uninstalled Chrome. I just don't like it.

 

What's next?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 05 March 2015 - 09:10 AM

No change. Still getting those funny looking yahoo pages.


Try these fixes.

Clear your browser cache and cookies
https://help.yahoo.com/kb/index?page=content&id=SLN4525&actp=search&viewlocale=en_US&searchid=1425564359305&locale=en_US&y=PROD_MSNG_MSNG115

If that fails to solve the issue.

In IE
Click the Tools icon | select Manage Add-ons.
Select the add-on you want to disable. < disable them all.
Click Disable.
Click Close.
Restart Internet Explorer.

Quoted from this page.
https://help.yahoo.com/kb/messenger-11.5/SLN3016.html?impressions=true

If that clears the issue then one add-on is the culprit.

#13 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 05 March 2015 - 03:31 PM

I cleared the browser cache and cookies. No help.

I disabled all the add-ons. No help.

 

I went to google images and googled "yahoo pages not displaying properly" and saw many other instances with the same problem with as many solution suggestions as there were people making the suggestions.

 

You'll see numerous examples of pages that look like or close to the pages that I'm having problems with.

 

https://www.google.com/search?site=&tbm=isch&source=hp&biw=991&bih=586&q=yahoo+pages+not+displaying+properly&oq=yahoo+pages+&gs_l=img.1.1.0i24l5.3627.7222.0.12020.12.11.0.1.1.0.87.859.11.11.0.msedr...0...1ac.1.62.img..0.12.863.vPnkBMGJEak

 

Some people were able to solve the problem with some of the suggestions. Others not. Appears to have been happening with all three major browsers at some point.

 

Please take a look at them and see if there's something that might make sense to try here.

 

PS: I just installed Firefox and the same thing happens. Bye Bye Firefox.


Edited by heavydude, 05 March 2015 - 04:43 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 06 March 2015 - 08:42 AM

Lets concentrate on Internet Explorer first.

Try these fixes.

http://answers.microsoft.com/en-us/ie/forum/ie11-windows_7/websites-does-not-display-properly-in-internet/73de8a05-3c59-4d31-a5d5-8a04f376f0e7

#15 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 06 March 2015 - 01:48 PM

I tried each fix with no change.

 

Then I got to the thing about ALT-V y n.

 

When I did that on a good page I was able to reproduce the problem.

 

Then I read the following:

 

"That means that you are not getting some important CSS usually or not processing it.  My guess would be the former. You can check which of those two cases you have by using the Developer Tools, Network capture tool.  F12, Ctrl-4, F5.  Then switch to the tab and do Ctrl-F5.  Once the rendering has settled down switch back to the Developer Tools and find out in the Network capture what has happened to the CSS."

 

I figured out that I had to bring up the bad page and click on the link to yahoo finance in order to get the network capture for that link.

 

The results are beyond me but I found the export button and exported the results to a file. The file was too big to upload so I divided it in two. First half is attached to this note. Apparently I can't create a new post in reply to my own post so I guess I have to wait for your reply to reply to you with the second half.

 

Meantime, see if you can make any sense out of the first half.

Attached Files


Edited by heavydude, 06 March 2015 - 01:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users