Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issues Removing AdChoices - tried to follow the Prep Guide but were unable to ru


  • This topic is locked This topic is locked
13 replies to this topic

#1 mttcsd

mttcsd

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 02 March 2015 - 03:42 AM

- tried to follow the Prep Guide but were unable to get DDS to run
 
 
Logfile of random's system information tool 1.10 (written by random/random)
Run by user at 2015-03-02 08:34:56
Microsoft Windows 7 Ultimate  Service Pack 1
System drive C: has 137 GB (72%) free of 191 GB
Total RAM: 3062 MB (54% free)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:35:59, on 02/03/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal
 
Running processes:
C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\SAMSUNG\Kies\Kies.exe
C:\Windows\system32\conhost.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\PDFCreator\PDFCreator.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\user\Downloads\RSIT.exe
C:\Program Files\trend micro\user.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Soda PDF 7 Helper - {1D31AA81-4D4B-4BFB-B3AF-B6DDD6DF43B1} - C:\Program Files\Soda PDF 7\creator-ie-helper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Soda PDF Online Toolbar - {6d300c09-bc15-4045-9d75-3f6d505cdf0e} - C:\Program Files\sodapdftb\sodapdfDx.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\coIEPlg.dll
O3 - Toolbar: Soda PDF 7 Toolbar - {7C68E87F-4487-4AE5-BBC2-C398C530DE9A} - C:\Program Files\Soda PDF 7\creator-ie-plugin.dll
O3 - Toolbar: Soda PDF Online Toolbar - {6d300c09-bc15-4045-9d75-3f6d505cdf0e} - C:\Program Files\sodapdftb\sodapdfDx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Prerun FlippingBook Publisher Trial Printer.lnk = C:\Program Files\FlippingBook\FlippingBook Publisher Trial\Utilities\prerunVp.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\N360.exe
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: SODA Manager - LULU Software Limited - C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe
O23 - Service: Soda PDF 7 - LULU SOFTWARE LIMITED - C:\Program Files\Soda PDF 7\ws.exe
O23 - Service: Soda PDF 7 CrashHandler - LULU SOFTWARE LIMITED - C:\Program Files\Soda PDF 7\crash-handler-ws.exe
O23 - Service: Soda PDF 7 Creator - LULU SOFTWARE LIMITED - C:\Program Files\Soda PDF 7\creator-ws.exe
 
--
End of file - 8061 bytes
 
======Scheduled tasks folder======
 
C:\Windows\tasks\APSnotifierPP1.job - C:\Program Files\AnyProtectEx\AnyProtect.exe  --notifier 3A 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe  /c 
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D31AA81-4D4B-4BFB-B3AF-B6DDD6DF43B1}]
Soda PDF 7 Helper - C:\Program Files\Soda PDF 7\creator-ie-helper.dll [2015-01-06 38712]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20 655200]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d300c09-bc15-4045-9d75-3f6d505cdf0e}]
Soda PDF Online Toolbar - C:\Program Files\sodapdftb\sodapdfDx.dll [2014-09-24 114016]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-26 392336]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-22 460712]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-22 172968]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20 655200]
{7C68E87F-4487-4AE5-BBC2-C398C530DE9A} - Soda PDF 7 Toolbar - C:\Program Files\Soda PDF 7\creator-ie-plugin.dll [2015-01-06 495416]
{6d300c09-bc15-4045-9d75-3f6d505cdf0e} - Soda PDF Online Toolbar - C:\Program Files\sodapdftb\sodapdfDx.dll [2014-09-24 114016]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-02 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-02 150552]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-10-25 212992]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2014-07-25 311616]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14 557768]
"Adobe Creative Cloud"=C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2015-01-07 2694320]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2014-07-25 1562264]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Prerun FlippingBook Publisher Trial Printer.lnk - C:\Program Files\FlippingBook\FlippingBook Publisher Trial\Utilities\prerunVp.bat
 
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:50 PM

Posted 02 March 2015 - 03:11 PM

Hello 

mttcsd

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:50 PM

Posted 04 March 2015 - 02:40 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 mttcsd

mttcsd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 06 March 2015 - 02:30 PM

Sorry about the delay and thank you for your help.

this is the log from running the AdwCleaner.

 

# AdwCleaner v4.107 - Report created 11/01/2015 at 22:38:24
# Updated 07/01/2015 by Xplode
# Database : 2015-01-11.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_4.107.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : WindowsMangerProtect
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\ProgramData\AVG Security Toolbar
[x] Not Deleted : C:\ProgramData\WindowsMangerProtect
[x] Not Deleted : C:\ProgramData\PicColorData
[x] Not Deleted : C:\ProgramData\de069f46d392413ba147ddfb6bead556
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
[x] Not Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\predm
Folder Deleted : C:\users\user\AppData\Local\globalUpdate
Folder Deleted : C:\users\user\AppData\Local\TVWizard
Folder Deleted : C:\users\user\AppData\Local\GAMESDESKTOP
Folder Deleted : C:\users\user\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\users\user\AppData\Roaming\omiga-plus
Folder Deleted : C:\users\user\AppData\Roaming\Super Optimizer
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
[x] Not Deleted : C:\END
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o96a7aov.default\user.js
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
[x] Not Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
[x] Not Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : APSnotifierPP1
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Wnkey
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\PicColor Utility
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [5801 octets] - [11/01/2015 22:30:20]
AdwCleaner[S0].txt - [6034 octets] - [11/01/2015 22:38:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6094 octets] ##########
# AdwCleaner v4.111 - Logfile created 06/03/2015 at 19:20:15
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\END
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
 
***** [ Scheduled tasks ] *****
 
Task Deleted : APSnotifierPP1
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20B9C05C-99C9-4BAB-B596-FB0C0E1C9F55}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v40.0.2214.115
 
 
*************************
 
AdwCleaner[R0].txt - [8664 bytes] - [11/01/2015 22:30:20]
AdwCleaner[S0].txt - [8955 bytes] - [11/01/2015 22:38:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9014  bytes] ##########


#5 mttcsd

mttcsd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 06 March 2015 - 02:37 PM

This is everything that came out of the step 2.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by user (administrator) on USER-PC on 06-03-2015 19:31:29
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available profiles: user)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\n360.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 7\creator-ws.exe
(Symantec Corporation) C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\n360.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(pdfforge  http://www.pdfforge.org/) C:\Program Files\Common Files\PDFCreator\PDFCreator.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
(Samsung) C:\Program Files\SAMSUNG\Kies\Kies.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [212992 2007-10-25] (Alps Electric Co., Ltd.)
HKU\S-1-5-21-3652356215-2452782348-2202991965-1000\...\Policies\Explorer: [NoSaveSettings] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Prerun FlippingBook Publisher Trial Printer.lnk
ShortcutTarget: Prerun FlippingBook Publisher Trial Printer.lnk -> C:\Program Files\FlippingBook\FlippingBook Publisher Trial\Utilities\prerunVp.bat ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3652356215-2452782348-2202991965-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Soda PDF 7 Helper -> {1D31AA81-4D4B-4BFB-B3AF-B6DDD6DF43B1} -> C:\Program Files\Soda PDF 7\creator-ie-helper.dll (LULU SOFTWARE LIMITED)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Soda PDF Online Toolbar -> {6d300c09-bc15-4045-9d75-3f6d505cdf0e} -> C:\Program Files\sodapdftb\sodapdfDx.dll ()
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by user at 2015-03-06 19:33:59
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.42.0.50 - Conexant)
Dropbox (HKU\S-1-5-21-3652356215-2452782348-2202991965-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
FlippingBook Publisher (Version: 2.6.25 - FlippingBook) Hidden
FlippingBook Publisher Trial (HKLM\...\FlippingBook Publisher Trial) (Version: 2.6.25 - FlippingBook)
Free PDF Tablet (HKLM\...\Free PDF Tablet) (Version: 0.1 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.4.0 - Google Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52213 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{c5237a45-d0a0-4c12-9269-f59919377de1}) (Version: 9.5.3.8 - Nitro)
Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sidekick Outlook plugin (HKLM\...\{A49A1500-C938-4A21-918A-7649AEC57C7D}) (Version: 1.2.4.1 - HubSpot, Inc.)
Soda Manager (Version: 7.0.0.1 - LULU Software Limited) Hidden
Soda PDF 7 (HKLM\...\Soda7) (Version: 7.1.6.21455 - LULU Software Limited)
Soda PDF 7 Asian Fonts Pack (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Convert Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Create Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Edit Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Forms Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Insert Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 OCR Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Review Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Secure Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 View Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF Online Toolbar (HKLM\...\sodapdftb) (Version: 1.0.0.11 - LULU Software Limited)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{14A3DC50-F12B-3B6A-BD57-D50B8687BCD9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{15303549-C162-3318-AC14-26E14EA6161F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{19FBE01E-E11F-3E28-997F-95C9513C19C4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{1CA7BAA5-DF28-3B35-9C2A-75E8652FBC43}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{2CA05391-B03F-3314-9D38-586C2B48180E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{2D463F12-E37A-3B99-B352-9BFBD58F00C8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{2EA6F080-90AF-3E10-851B-BE487B2A4692}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{344A8764-6D8A-317F-8C0F-EF436781A0DD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{34CCFD62-7132-39CA-B307-158F78A81A24}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{37008C0F-C702-39A1-9F6B-D6FDAD24CD4C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{426068EB-85A6-3F12-9BFF-876C0ED3507A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{4EBEC17D-6530-3401-BB4E-2A02BD9237E7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{4FF40AF6-A7C7-3B6F-8943-953E02C40C5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{69D17592-C341-33CF-83ED-58F11912A9E5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{6EF39099-8DFA-3844-90A3-DAA659BDC8B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{6F06A729-7741-37A8-98B0-FF9E5102DD58}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{735EA82F-5206-37FC-87CD-00484E463B50}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{7BB6FEBA-349F-3F37-BF00-82A681376022}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{81E44932-8F36-3C4F-936C-7442C6912D09}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{885F5D26-A57C-3BE7-8F80-F731B0188A7B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{8DD80B2E-148A-3BB2-89F5-E5FBA256D339}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{9601F788-32E0-4513-998A-4C5346228657}\InprocServer32 -> C:\Users\user\AppData\Roaming\Sidekick\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{A4904422-A88C-3E8A-887B-C6BFD606F1C0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{B2E427BD-1027-3887-A325-353E26C8A877}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{B4544CC7-E5D9-3D44-8600-D797FE5C409C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{CA05A6B4-1D0A-38AF-8CA8-729163496F53}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{D63778B5-5436-3235-9F8B-1E7E621C391C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{D643822B-E7D5-396C-82CB-779BCA087B9C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{E4E6A221-224B-386F-A4E4-C9D9A3A2D8F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{EFA3BE4E-0B15-3E2B-905E-A339FD63A35C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FD1AEFA0-03F9-350E-A63D-EF1C6C24D17D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FDEF5309-CB8D-36FC-B4B2-EACABEEF8470}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
13-02-2015 14:42:06 Installed Sidekick Outlook plugin
24-02-2015 17:20:57 Scheduled Checkpoint
26-02-2015 12:06:42 Windows Update
27-02-2015 15:27:30 Installed Sidekick Outlook plugin
02-03-2015 19:27:37 Norton 360 Registry Clean
06-03-2015 03:00:49 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:50 PM

Posted 09 March 2015 - 09:57 PM

Please post the addition.txt that was created when you ran FRST.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 mttcsd

mttcsd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 12 March 2015 - 01:23 AM

I thought this was it. Should I have something more?
Thank you so much for your help
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by user at 2015-03-06 19:33:59
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.42.0.50 - Conexant)
Dropbox (HKU\S-1-5-21-3652356215-2452782348-2202991965-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
FlippingBook Publisher (Version: 2.6.25 - FlippingBook) Hidden
FlippingBook Publisher Trial (HKLM\...\FlippingBook Publisher Trial) (Version: 2.6.25 - FlippingBook)
Free PDF Tablet (HKLM\...\Free PDF Tablet) (Version: 0.1 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.4.0 - Google Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52213 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{c5237a45-d0a0-4c12-9269-f59919377de1}) (Version: 9.5.3.8 - Nitro)
Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sidekick Outlook plugin (HKLM\...\{A49A1500-C938-4A21-918A-7649AEC57C7D}) (Version: 1.2.4.1 - HubSpot, Inc.)
Soda Manager (Version: 7.0.0.1 - LULU Software Limited) Hidden
Soda PDF 7 (HKLM\...\Soda7) (Version: 7.1.6.21455 - LULU Software Limited)
Soda PDF 7 Asian Fonts Pack (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Convert Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Create Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Edit Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Forms Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Insert Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 OCR Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Review Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Secure Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 View Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF Online Toolbar (HKLM\...\sodapdftb) (Version: 1.0.0.11 - LULU Software Limited)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{14A3DC50-F12B-3B6A-BD57-D50B8687BCD9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{15303549-C162-3318-AC14-26E14EA6161F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{19FBE01E-E11F-3E28-997F-95C9513C19C4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{1CA7BAA5-DF28-3B35-9C2A-75E8652FBC43}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{2CA05391-B03F-3314-9D38-586C2B48180E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{2D463F12-E37A-3B99-B352-9BFBD58F00C8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{2EA6F080-90AF-3E10-851B-BE487B2A4692}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{344A8764-6D8A-317F-8C0F-EF436781A0DD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{34CCFD62-7132-39CA-B307-158F78A81A24}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{37008C0F-C702-39A1-9F6B-D6FDAD24CD4C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{426068EB-85A6-3F12-9BFF-876C0ED3507A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{4EBEC17D-6530-3401-BB4E-2A02BD9237E7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{4FF40AF6-A7C7-3B6F-8943-953E02C40C5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{69D17592-C341-33CF-83ED-58F11912A9E5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{6EF39099-8DFA-3844-90A3-DAA659BDC8B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{6F06A729-7741-37A8-98B0-FF9E5102DD58}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{735EA82F-5206-37FC-87CD-00484E463B50}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{7BB6FEBA-349F-3F37-BF00-82A681376022}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{81E44932-8F36-3C4F-936C-7442C6912D09}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{885F5D26-A57C-3BE7-8F80-F731B0188A7B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{8DD80B2E-148A-3BB2-89F5-E5FBA256D339}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{9601F788-32E0-4513-998A-4C5346228657}\InprocServer32 -> C:\Users\user\AppData\Roaming\Sidekick\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{A4904422-A88C-3E8A-887B-C6BFD606F1C0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{B2E427BD-1027-3887-A325-353E26C8A877}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{B4544CC7-E5D9-3D44-8600-D797FE5C409C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{CA05A6B4-1D0A-38AF-8CA8-729163496F53}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{D63778B5-5436-3235-9F8B-1E7E621C391C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{D643822B-E7D5-396C-82CB-779BCA087B9C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{E4E6A221-224B-386F-A4E4-C9D9A3A2D8F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{EFA3BE4E-0B15-3E2B-905E-A339FD63A35C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FD1AEFA0-03F9-350E-A63D-EF1C6C24D17D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FDEF5309-CB8D-36FC-B4B2-EACABEEF8470}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
13-02-2015 14:42:06 Installed Sidekick Outlook plugin
24-02-2015 17:20:57 Scheduled Checkpoint
26-02-2015 12:06:42 Windows Update
27-02-2015 15:27:30 Installed Sidekick Outlook plugin
02-03-2015 19:27:37 Norton 360 Registry Clean
06-03-2015 03:00:49 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:50 PM

Posted 13 March 2015 - 10:33 AM

Please delete the copy of FRST you have and Download a new copy. Then run it and post the addition.txt it provides.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 mttcsd

mttcsd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 15 March 2015 - 04:21 PM

Is this the one?

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by user at 2015-03-15 21:17:27
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 (HKLM\...\{956F2B16-DE59-482E-A248-98F63657080B}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.42.0.50 - Conexant)
Dropbox (HKU\S-1-5-21-3652356215-2452782348-2202991965-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
FlippingBook Publisher (Version: 2.6.25 - FlippingBook) Hidden
FlippingBook Publisher Trial (HKLM\...\FlippingBook Publisher Trial) (Version: 2.6.25 - FlippingBook)
Free PDF Tablet (HKLM\...\Free PDF Tablet) (Version: 0.1 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.4.0 - Google Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52213 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{c5237a45-d0a0-4c12-9269-f59919377de1}) (Version: 9.5.3.8 - Nitro)
Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PathEdit (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3a3cfeb6}) (Version:  - PathEdit) <==== ATTENTION
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sidekick Outlook plugin (HKLM\...\{A49A1500-C938-4A21-918A-7649AEC57C7D}) (Version: 1.2.4.1 - HubSpot, Inc.)
Smart Photo Editor Trial (HKLM\...\SmartPhotoEditor1Trial_is1) (Version: 1.20 - Anthropics Technology Ltd.)
Soda Manager (Version: 7.0.0.1 - LULU Software Limited) Hidden
Soda PDF 7 (HKLM\...\Soda7) (Version: 7.1.6.21455 - LULU Software Limited)
Soda PDF 7 Asian Fonts Pack (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Convert Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Create Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Edit Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Forms Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Insert Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 OCR Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Review Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 Secure Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF 7 View Module (Version: 7.1.6.21314 - LULU Software Limited) Hidden
Soda PDF Online Toolbar (HKLM\...\sodapdftb) (Version: 1.0.0.11 - LULU Software Limited)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
youtubeadblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{14A3DC50-F12B-3B6A-BD57-D50B8687BCD9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{15303549-C162-3318-AC14-26E14EA6161F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{19FBE01E-E11F-3E28-997F-95C9513C19C4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{1CA7BAA5-DF28-3B35-9C2A-75E8652FBC43}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{2CA05391-B03F-3314-9D38-586C2B48180E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{2D463F12-E37A-3B99-B352-9BFBD58F00C8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{2EA6F080-90AF-3E10-851B-BE487B2A4692}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{344A8764-6D8A-317F-8C0F-EF436781A0DD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{34CCFD62-7132-39CA-B307-158F78A81A24}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{37008C0F-C702-39A1-9F6B-D6FDAD24CD4C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{426068EB-85A6-3F12-9BFF-876C0ED3507A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{4EBEC17D-6530-3401-BB4E-2A02BD9237E7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{4FF40AF6-A7C7-3B6F-8943-953E02C40C5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{69D17592-C341-33CF-83ED-58F11912A9E5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{6EF39099-8DFA-3844-90A3-DAA659BDC8B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{6F06A729-7741-37A8-98B0-FF9E5102DD58}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{735EA82F-5206-37FC-87CD-00484E463B50}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{7BB6FEBA-349F-3F37-BF00-82A681376022}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{81E44932-8F36-3C4F-936C-7442C6912D09}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{885F5D26-A57C-3BE7-8F80-F731B0188A7B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{8DD80B2E-148A-3BB2-89F5-E5FBA256D339}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{9601F788-32E0-4513-998A-4C5346228657}\InprocServer32 -> C:\Users\user\AppData\Roaming\Sidekick\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{A4904422-A88C-3E8A-887B-C6BFD606F1C0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{B2E427BD-1027-3887-A325-353E26C8A877}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{B4544CC7-E5D9-3D44-8600-D797FE5C409C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{CA05A6B4-1D0A-38AF-8CA8-729163496F53}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{D63778B5-5436-3235-9F8B-1E7E621C391C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{D643822B-E7D5-396C-82CB-779BCA087B9C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{E4E6A221-224B-386F-A4E4-C9D9A3A2D8F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{EFA3BE4E-0B15-3E2B-905E-A339FD63A35C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FD1AEFA0-03F9-350E-A63D-EF1C6C24D17D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652356215-2452782348-2202991965-1000_Classes\CLSID\{FDEF5309-CB8D-36FC-B4B2-EACABEEF8470}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
06-03-2015 03:00:49 Windows Update
07-03-2015 16:16:40 Windows Update
07-03-2015 17:50:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
07-03-2015 17:51:26 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
07-03-2015 18:10:54 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
11-03-2015 22:06:30 Windows Update
12-03-2015 03:01:05 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1604D554-31F5-463B-9C03-5CCDD684DF9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-28] (Google Inc.)
Task: {3A9F1DBD-5842-4038-8B9D-0B245DE285BC} - System32\Tasks\{CC6B0CF7-6846-4D61-A09C-146F57D50DB3} => pcalua.exe -a C:\Users\user\Desktop\kn\setup.exe -d C:\Users\user\Desktop\kn
Task: {5E2CA903-CFED-4D72-8C3B-1BDBA4880D22} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7BB4B70C-552B-4265-AA4C-C3BAD096079E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-28] (Google Inc.)
Task: {89D88D47-EF35-4899-9E7E-A96F31324185} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {913798DF-B109-409B-AF58-A0C551930B74} - System32\Tasks\AdobeAAMUpdater-1.0-user-PC-user => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {96F08088-9234-42E6-A030-E0FECF719600} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {E8ED66A8-BBF4-4224-9D97-471C748C0955} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-24 21:24 - 2001-10-28 16:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-08-01 14:21 - 2014-08-01 14:21 - 00392712 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-02-11 15:12 - 2015-02-11 15:12 - 00908960 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2014-11-21 16:20 - 2014-11-21 16:20 - 00528384 _____ () C:\Users\user\AppData\Roaming\Sidekick\adxloader.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-01-24 21:24 - 2010-09-17 09:00 - 12832768 _____ () C:\Program Files\Common Files\PDFCreator\GS9.00\gs9.00\Bin\gsdll32.dll
2015-02-02 19:37 - 2015-02-02 19:37 - 00183296 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\6df49e2b5164c222b6fe1bb07cd5480f\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-02-02 19:38 - 2015-02-02 19:38 - 14992384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ba430ada39a63670ecdebc26d4b942b9\Kies.Theme.ni.dll
2015-02-02 19:36 - 2015-02-02 19:36 - 01834496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\31b3d623c179cbec77dcdbd0fb61fd06\Kies.UI.ni.dll
2015-02-02 19:36 - 2015-02-02 19:36 - 00077824 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\7d34f9eb44bf74290e09744536c3c2b7\Kies.MVVM.ni.dll
2015-02-02 19:37 - 2015-02-02 19:37 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\f15ccb9626ba643bafded1f47f4cf2da\ASF_cSharpAPI.ni.dll
2015-02-10 21:00 - 2015-02-10 21:00 - 00750080 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-12 06:24 - 2015-03-12 06:24 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6yg_st.dll
2015-02-10 21:00 - 2015-02-10 21:00 - 00047616 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 21:00 - 2015-02-10 21:00 - 00865280 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 21:00 - 2015-02-10 21:00 - 00200704 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-15 14:58 - 2015-02-15 14:58 - 36730032 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-02-11 15:12 - 2015-02-11 15:12 - 05739680 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-02-15 14:58 - 2015-02-15 14:58 - 00746160 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-02-15 14:58 - 2015-02-15 14:58 - 00136368 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2015-02-19 19:58 - 2015-02-17 22:44 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 19:58 - 2015-02-17 22:44 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 19:58 - 2015-02-17 22:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-19 19:58 - 2015-02-17 22:44 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3652356215-2452782348-2202991965-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 194.168.4.100 - 194.168.8.100
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3652356215-2452782348-2202991965-500 - Administrator - Disabled)
Guest (S-1-5-21-3652356215-2452782348-2202991965-501 - Limited - Disabled)
user (S-1-5-21-3652356215-2452782348-2202991965-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/12/2015 04:30:27 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/12/2015 03:57:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/12/2015 03:54:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/12/2015 03:04:33 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (03/11/2015 09:40:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Creative Cloud.exe, version: 2.9.1.474, time stamp: 0x54e121cd
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0002ddcc
Faulting process id: 0xf40
Faulting application start time: 0xCreative Cloud.exe0
Faulting application path: Creative Cloud.exe1
Faulting module path: Creative Cloud.exe2
Report Id: Creative Cloud.exe3
 
Error: (03/09/2015 09:01:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/09/2015 05:58:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2015 04:21:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2015 03:56:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2015 02:27:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/14/2015 00:58:28 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :20" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.
 
Error: (03/14/2015 00:58:28 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.
 
Error: (03/14/2015 00:58:28 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DE10002C-C0AA-4371-B348-3841576B146E} because another computer on the network has the same name.  The server could not start.
 
Error: (03/13/2015 01:12:43 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.
 
Error: (03/13/2015 01:12:43 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :20" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.
 
Error: (03/13/2015 01:12:43 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DE10002C-C0AA-4371-B348-3841576B146E} because another computer on the network has the same name.  The server could not start.
 
Error: (03/12/2015 05:16:20 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (03/12/2015 03:56:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SODA Manager service failed to start due to the following error: 
%%1053
 
Error: (03/12/2015 03:56:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SODA Manager service to connect.
 
Error: (03/12/2015 03:54:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SODA Manager service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (03/08/2015 00:15:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 259 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (02/25/2015 04:09:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 70 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (02/25/2015 04:07:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 96208 seconds with 4320 seconds of active time.  This session ended with a crash.
 
Error: (02/17/2015 01:11:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 91535 seconds with 1560 seconds of active time.  This session ended with a crash.
 
Error: (02/03/2015 00:20:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1844 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error: (01/14/2015 00:41:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3134 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error: (01/14/2015 11:46:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 452 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error: (01/10/2015 11:31:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 49112 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (01/09/2015 09:52:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 106 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (01/09/2015 09:23:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1033 seconds with 120 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 67%
Total physical RAM: 3062.02 MB
Available physical RAM: 1000.54 MB
Total Pagefile: 6122.32 MB
Available Pagefile: 2746.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:186.21 GB) (Free:128.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: FAA8FAA8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=186.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:50 PM

Posted 15 March 2015 - 09:38 PM

Still getting the Ad choices?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 mttcsd

mttcsd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 16 March 2015 - 07:43 AM

I do actually. A little less aggressive but it still pops up. Especially on ebay and common sites.

But as I said, slightly less than before



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:50 PM

Posted 17 March 2015 - 07:42 PM

1.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:50 PM

Posted 22 March 2015 - 03:27 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:50 PM

Posted 23 March 2015 - 06:38 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users